[
https://issues.apache.org/jira/browse/ROL-2100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16776046#comment-16776046
]
David Johnson commented on ROL-2100:
------------------------------------
regarding "secure.login," this is only an issue for sites that want to run
everything with HTTP, and only the login page with HTTPS. The work-around for
this bug is to run your whole site as HTTPS.
Regarding "schemaenforement.https.urls" this is only necessary if you are
running on infrastructure without SSL redirection. The work-around is to
configure SSL redirection in your infrastructure, e.g. Tomcat, Load Balancer,
Kubernetes Ingress, etc.
These features should be removed and the documentation adjuested accordingly.
I think the secure login and schema enforcement
> secure.login and schemaenforement.https.urls broken
> ---------------------------------------------------
>
> Key: ROL-2100
> URL: https://issues.apache.org/jira/browse/ROL-2100
> Project: Apache Roller
> Issue Type: Bug
> Components: Authentication, Roles and Access Controls
> Affects Versions: 5.1.2
> Reporter: David Johnson
> Assignee: Roller Unassigned
> Priority: Major
>
> The two Roller configuration properties mentioned in the summary no longer
> work in Roller. Apparently they were broken when we upgraded to some newer
> version of Spring Security.
> The relevant code is in RollerContext. initializeSecurityFeatures().
> As a work-around, one may be able to configure secure login behavior by
> modifying the Spring Security configuration file (security.xml) directly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
