Yes, I ran into that bug when we first started using Acegi and that's
why we still have the scheme enforcement filter in Roller.
This is what I have in my roller-custom.properties to configure this ...
securelogin.enabled=true
securelogin.http.port=80
securelogin.https.port=443
schemeenforcement.enabled=true
We are using 80/443 but this is still necessary because we are using
virtual ips and the real tomcat instance runs on 8080, however you can
put in any port combination you want. The Roller scheme enforcement
filter uses the http and https ports above to do the scheme switching.
-- Allen
[EMAIL PROTECTED] wrote:
Hi
I'm running roller 2.3 on Tomcat 5.0 without any front end web server, so regular traffic comes in on 8080 and HTTPS is on 8443.
I'm trying to get the secure login working properly, but at present I get switched to SSL/8443 for login (good!) but after login I get switched incorrectly to
http://xxx:8443/roller/editor/yourWebsites.do?method=edit&rmik=tabbedmenu.user.websites <http://xxx:8443/roller/editor/yourWebsites.do?method=edit&rmik=tabbedmenu.user.websites>
i.e. back to HTTP but with the wrong port. As a result the page loads but none of the page assets (images, CSS) work so it looks crap.
I found the thread http://www.nabble.com/new-Acegi-port-switching-code-tf982807s12275.html#a2545282 <http://www.nabble.com/new-Acegi-port-switching-code-tf982807s12275.html#a2545282>
discussing problems with SSL but there was no conclusion, plus my behaviour is a little different ?
Can anybody tell me if I should be using the Roller scheme enforcement filter instead, or how to correctly configure security.xml for acegi ?
cheers
Tim
