[
https://issues.apache.org/jira/browse/ROL-2100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Johnson updated ROL-2100:
-------------------------------
Summary: HTTPS Scheme Enforcement feature removed (was: Schema Enforcement
feature removed)
> HTTPS Scheme Enforcement feature removed
> ----------------------------------------
>
> Key: ROL-2100
> URL: https://issues.apache.org/jira/browse/ROL-2100
> Project: Apache Roller
> Issue Type: Bug
> Components: Authentication, Roles and Access Controls
> Affects Versions: 5.1.2
> Reporter: David Johnson
> Assignee: David Johnson
> Priority: Minor
> Fix For: 5.2.3
>
>
> Roller included a feature to force HTTPS to be used for login pages and HTTP
> for all other pages. This feature is removed in Roller 5.2.3. The best
> practice is to run everything on HTTPS and if you want something different,
> implement somewhere else, e.g. load balancer.
> Original text:
> The two Roller configuration properties mentioned in the summary no longer
> work in Roller. Apparently they were broken when we upgraded to some newer
> version of Spring Security.
> The relevant code is in RollerContext. initializeSecurityFeatures().
> As a work-around, one may be able to configure secure login behavior by
> modifying the Spring Security configuration file (security.xml) directly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
