Ok, I'm close but still not entirely working. So I have the following in my roller-custom.properties -
# Enables HTTPS for login page only securelogin.enabled=true # Enable scheme enforcement? # Scheme enforcement ensures that specific URLs are viewed only via HTTPS schemeenforcement.enabled=true # URL patterns that require HTTPS schemeenforcement.https.urls=/j_security_check,/login-redirect.jsp,/login.jsp,\ /user.do,/editor/yourProfile.do,/admin/user.do,/editor/userdata securelogin.http.port=8080 securelogin.https.port=8443 And I have in security.xml forceHttps="false" as a property of authenticationProcessingFilterEntryPoint (ie the default file) Everything works fine in Firefox, but in IE6 /login-redirect.jsp fails completely. I get a browser warning about my SSL cert (its self signed) but then I get redirected to https://xxx:8080/roller/login.jsp <https://xxx:8080/roller/login.jsp> which fails. This seems to be exactly the issue mentioned in Acegi regarding bugs in IE6 (see javadoc of PortResolverImpl ) so should I be using Acegi in conjunction with SchemeEnforcementFilter ? If so can you post me an example security.xml (off the list if you prefer) cheers Tim ________________________________ From: [EMAIL PROTECTED] on behalf of Allen Gilliland Sent: Wed 28/02/2007 16:53 To: [email protected] Subject: Re: roller 2.3 - acegi port mapping problem Yes, I ran into that bug when we first started using Acegi and that's why we still have the scheme enforcement filter in Roller. This is what I have in my roller-custom.properties to configure this ... securelogin.enabled=true securelogin.http.port=80 securelogin.https.port=443 schemeenforcement.enabled=true We are using 80/443 but this is still necessary because we are using virtual ips and the real tomcat instance runs on 8080, however you can put in any port combination you want. The Roller scheme enforcement filter uses the http and https ports above to do the scheme switching. -- Allen [EMAIL PROTECTED] wrote: > Hi > > I'm running roller 2.3 on Tomcat 5.0 without any front end web server, so > regular traffic comes in on 8080 and HTTPS is on 8443. > > I'm trying to get the secure login working properly, but at present I get > switched to SSL/8443 for login (good!) but after login I get switched > incorrectly to > > http://xxx:8443/roller/editor/yourWebsites.do?method=edit&rmik=tabbedmenu.user.websites > > <http://xxx:8443/roller/editor/yourWebsites.do?method=edit&rmik=tabbedmenu.user.websites> > > i.e. back to HTTP but with the wrong port. As a result the page loads but > none of the page assets (images, CSS) work so it looks crap. > > I found the thread > http://www.nabble.com/new-Acegi-port-switching-code-tf982807s12275.html#a2545282 > > <http://www.nabble.com/new-Acegi-port-switching-code-tf982807s12275.html#a2545282> > discussing problems with SSL but there was no conclusion, plus my behaviour > is a little different ? > > Can anybody tell me if I should be using the Roller scheme enforcement filter > instead, or how to correctly configure security.xml for acegi ? > > > cheers > > > Tim
