roller 2.3 - acegi port mapping problem

[ti...@bt.com]

Hi
 
I'm running roller 2.3 on Tomcat 5.0 without any front end web server, so regular traffic comes in on 8080 and HTTPS is on 8443.
 
I'm trying to get the secure login working properly, but at present I get switched to SSL/8443 for login (good!) but after login I get switched incorrectly to  
 
http://xxx:8443/roller/editor/yourWebsites.do?method=edit&rmik=tabbedmenu.user.websites <http://xxx:8443/roller/editor/yourWebsites.do?method=edit&rmik=tabbedmenu.user.websites> 
 
i.e. back to HTTP but with the wrong port. As a result the page loads but none of the page assets (images, CSS) work so it looks crap.
 
I found the thread http://www.nabble.com/new-Acegi-port-switching-code-tf982807s12275.html#a2545282 <http://www.nabble.com/new-Acegi-port-switching-code-tf982807s12275.html#a2545282> 
discussing problems with SSL but there was no conclusion, plus my behaviour is a little different ?
 
Can anybody tell me if I should be using the Roller scheme enforcement filter instead, or how to correctly configure security.xml for acegi ?
 
 
cheers
 
 
Tim

RE: roller 2.3 - acegi port mapping problem

[ti...@bt.com]

Ok, I'm close but still not entirely working.
 
So I have the following in my roller-custom.properties -

# Enables HTTPS for login page only

securelogin.enabled=true

# Enable scheme enforcement?

# Scheme enforcement ensures that specific URLs are viewed only via HTTPS

schemeenforcement.enabled=true

# URL patterns that require HTTPS

schemeenforcement.https.urls=/j_security_check,/login-redirect.jsp,/login.jsp,\

/user.do,/editor/yourProfile.do,/admin/user.do,/editor/userdata

securelogin.http.port=8080

securelogin.https.port=8443

And I have in security.xml    forceHttps="false" as a property of authenticationProcessingFilterEntryPoint (ie the default file)

Everything works fine in Firefox, but in IE6 /login-redirect.jsp fails completely. I get a browser warning about my SSL cert (its self signed) but then I get redirected to https://xxx:8080/roller/login.jsp <https://xxx:8080/roller/login.jsp>  which fails.

This seems to be exactly the issue mentioned in Acegi regarding bugs in IE6 (see javadoc of PortResolverImpl ) so should I be using Acegi in conjunction with SchemeEnforcementFilter ? If so can you post me an example security.xml (off the list if you prefer)

cheers

 

Tim

 

 
 


________________________________

From: Allen.T.Gilliland@sun.com on behalf of Allen Gilliland
Sent: Wed 28/02/2007 16:53
To: roller-user@incubator.apache.org
Subject: Re: roller 2.3 - acegi port mapping problem



Yes, I ran into that bug when we first started using Acegi and that's
why we still have the scheme enforcement filter in Roller.

This is what I have in my roller-custom.properties to configure this ...

securelogin.enabled=true
securelogin.http.port=80
securelogin.https.port=443
schemeenforcement.enabled=true

We are using 80/443 but this is still necessary because we are using
virtual ips and the real tomcat instance runs on 8080, however you can
put in any port combination you want.  The Roller scheme enforcement
filter uses the http and https ports above to do the scheme switching.

-- Allen


tim.fulcher@bt.com wrote:
> Hi
> 
> I'm running roller 2.3 on Tomcat 5.0 without any front end web server, so regular traffic comes in on 8080 and HTTPS is on 8443.
> 
> I'm trying to get the secure login working properly, but at present I get switched to SSL/8443 for login (good!) but after login I get switched incorrectly to 
> 
> http://xxx:8443/roller/editor/yourWebsites.do?method=edit&rmik=tabbedmenu.user.websites <http://xxx:8443/roller/editor/yourWebsites.do?method=edit&rmik=tabbedmenu.user.websites>
> 
> i.e. back to HTTP but with the wrong port. As a result the page loads but none of the page assets (images, CSS) work so it looks crap.
> 
> I found the thread http://www.nabble.com/new-Acegi-port-switching-code-tf982807s12275.html#a2545282 <http://www.nabble.com/new-Acegi-port-switching-code-tf982807s12275.html#a2545282>
> discussing problems with SSL but there was no conclusion, plus my behaviour is a little different ?
> 
> Can anybody tell me if I should be using the Roller scheme enforcement filter instead, or how to correctly configure security.xml for acegi ?
> 
> 
> cheers
> 
> 
> Tim

Re: roller 2.3 - acegi port mapping problem

[Allen Gilliland <al...@sun.com>]

Yes, I ran into that bug when we first started using Acegi and that's 
why we still have the scheme enforcement filter in Roller.

This is what I have in my roller-custom.properties to configure this ...

securelogin.enabled=true
securelogin.http.port=80
securelogin.https.port=443
schemeenforcement.enabled=true

We are using 80/443 but this is still necessary because we are using 
virtual ips and the real tomcat instance runs on 8080, however you can 
put in any port combination you want.  The Roller scheme enforcement 
filter uses the http and https ports above to do the scheme switching.

-- Allen


tim.fulcher@bt.com wrote:
> Hi
>  
> I'm running roller 2.3 on Tomcat 5.0 without any front end web server, so regular traffic comes in on 8080 and HTTPS is on 8443.
>  
> I'm trying to get the secure login working properly, but at present I get switched to SSL/8443 for login (good!) but after login I get switched incorrectly to  
>  
> http://xxx:8443/roller/editor/yourWebsites.do?method=edit&rmik=tabbedmenu.user.websites <http://xxx:8443/roller/editor/yourWebsites.do?method=edit&rmik=tabbedmenu.user.websites> 
>  
> i.e. back to HTTP but with the wrong port. As a result the page loads but none of the page assets (images, CSS) work so it looks crap.
>  
> I found the thread http://www.nabble.com/new-Acegi-port-switching-code-tf982807s12275.html#a2545282 <http://www.nabble.com/new-Acegi-port-switching-code-tf982807s12275.html#a2545282> 
> discussing problems with SSL but there was no conclusion, plus my behaviour is a little different ?
>  
> Can anybody tell me if I should be using the Roller scheme enforcement filter instead, or how to correctly configure security.xml for acegi ?
>  
>  
> cheers
>  
>  
> Tim