[
https://issues.apache.org/jira/browse/ROL-1777?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Glen Mazza closed ROL-1777.
---------------------------
Resolution: Cannot Reproduce
Issue from 2009. Our SSL implementation on Roller trunk (which my blog uses)
seems to work fine, the issue you describe is not occurring for me.
> https SchemeEnforcementFilter and spring security
> -------------------------------------------------
>
> Key: ROL-1777
> URL: https://issues.apache.org/jira/browse/ROL-1777
> Project: Apache Roller
> Issue Type: Bug
> Components: Installation & Configuration
> Affects Versions: 5.0
> Environment: fedora
> Reporter: Greg Huber
> Assignee: Roller Unassigned
> Priority: Minor
>
> I have noticed that when configured with https (SchemeEnforcementFilter) the
> login page does not seem to work correctly. It always wants to back to the
> login page when https is enabled. It seems to set alwas the security to
> Granted Authorities: ROLE_ANONYMOUS rather than the correct value.
> I found this entry which seems to address this issue:
> http://jira.springframework.org/browse/SEC-767
> ie in the security.xml this line:
> <http auto-config="false" lowercase-comparisons="true"
> access-decision-manager-ref="accessDecisionManager">
> needs to be:
> <http auto-config="false" lowercase-comparisons="true"
> access-decision-manager-ref="accessDecisionManager"
> session-fixation-protection="none">
> Cheers Greg
--
This message was sent by Atlassian JIRA
(v6.2#6252)
