You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@roller.apache.org by ti...@bt.com on 2007/03/01 14:11:23 UTC
RE: roller 2.3 - acegi port mapping problem
Ok, I'm close but still not entirely working.
So I have the following in my roller-custom.properties -
# Enables HTTPS for login page only
securelogin.enabled=true
# Enable scheme enforcement?
# Scheme enforcement ensures that specific URLs are viewed only via HTTPS
schemeenforcement.enabled=true
# URL patterns that require HTTPS
schemeenforcement.https.urls=/j_security_check,/login-redirect.jsp,/login.jsp,\
/user.do,/editor/yourProfile.do,/admin/user.do,/editor/userdata
securelogin.http.port=8080
securelogin.https.port=8443
And I have in security.xml forceHttps="false" as a property of authenticationProcessingFilterEntryPoint (ie the default file)
Everything works fine in Firefox, but in IE6 /login-redirect.jsp fails completely. I get a browser warning about my SSL cert (its self signed) but then I get redirected to https://xxx:8080/roller/login.jsp <https://xxx:8080/roller/login.jsp> which fails.
This seems to be exactly the issue mentioned in Acegi regarding bugs in IE6 (see javadoc of PortResolverImpl ) so should I be using Acegi in conjunction with SchemeEnforcementFilter ? If so can you post me an example security.xml (off the list if you prefer)
cheers
Tim
________________________________
From: Allen.T.Gilliland@sun.com on behalf of Allen Gilliland
Sent: Wed 28/02/2007 16:53
To: roller-user@incubator.apache.org
Subject: Re: roller 2.3 - acegi port mapping problem
Yes, I ran into that bug when we first started using Acegi and that's
why we still have the scheme enforcement filter in Roller.
This is what I have in my roller-custom.properties to configure this ...
securelogin.enabled=true
securelogin.http.port=80
securelogin.https.port=443
schemeenforcement.enabled=true
We are using 80/443 but this is still necessary because we are using
virtual ips and the real tomcat instance runs on 8080, however you can
put in any port combination you want. The Roller scheme enforcement
filter uses the http and https ports above to do the scheme switching.
-- Allen
tim.fulcher@bt.com wrote:
> Hi
>
> I'm running roller 2.3 on Tomcat 5.0 without any front end web server, so regular traffic comes in on 8080 and HTTPS is on 8443.
>
> I'm trying to get the secure login working properly, but at present I get switched to SSL/8443 for login (good!) but after login I get switched incorrectly to
>
> http://xxx:8443/roller/editor/yourWebsites.do?method=edit&rmik=tabbedmenu.user.websites <http://xxx:8443/roller/editor/yourWebsites.do?method=edit&rmik=tabbedmenu.user.websites>
>
> i.e. back to HTTP but with the wrong port. As a result the page loads but none of the page assets (images, CSS) work so it looks crap.
>
> I found the thread http://www.nabble.com/new-Acegi-port-switching-code-tf982807s12275.html#a2545282 <http://www.nabble.com/new-Acegi-port-switching-code-tf982807s12275.html#a2545282>
> discussing problems with SSL but there was no conclusion, plus my behaviour is a little different ?
>
> Can anybody tell me if I should be using the Roller scheme enforcement filter instead, or how to correctly configure security.xml for acegi ?
>
>
> cheers
>
>
> Tim