All, I modified security.xml as following:
--------------------------------------------------- <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /roller_j_security_check=REQUIRES_SECURE_CHANNEL /roller-ui/login-redirect.jsp=REQUIRES_SECURE_CHANNEL /roller-ui/login.rol=REQUIRES_SECURE_CHANNEL /roller-ui/register.rol=REQUIRES_SECURE_CHANNEL /roller-ui/register!save.rol=REQUIRES_SECURE_CHANNEL </value> </property> ----------------------------------------------------- I also modified roller-custom.properties --------------------------------------------------- # Enables HTTPS for login page only securelogin.enabled=true # Enable scheme enforcement? # Scheme enforcement ensures that specific URLs are viewed only via HTTPS schemeenforcement.enabled=true --------------------------------------------------- I tried https://localhost:9443/blog/roller-ui/login-redirect.rol and https://localhost:9443/blog/roller-ui/register.rol It still doesn't work. Any idea? Thank you very much. David --- On Thu, 6/11/09, (David) Ming Xia <[email protected]> wrote: From: (David) Ming Xia <[email protected]> Subject: Problem in switching to HTTPS channel To: "Mailing List Apache Roller User" <[email protected]>, "Mailing List Apache Roller Developer" <[email protected]> Date: Thursday, June 11, 2009, 11:05 AM Hi, Everyone. I could not set up switching to HTTPS channel for login. I added couple of line into security.xml as illustrated in the following sample code. I started the application and tried to login at https://localhost:9443/blog/roller-ui/login.rol. The login page was not load up. I would appreciate if some one could give some advices. Do I need to something in addition to change security.xml? Thank you for your help. David <!-- ===================== SSL SWITCHING ==================== --> <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter"> <property name="channelDecisionManager" ref="channelDecisionManager"/> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /roller_j_security_check=REQUIRES_SECURE_CHANNEL /roller-ui/login.rol=REQUIRES_SECURE_CHANNEL /roller-ui/login-redirect.rol=REQUIRES_SECURE_CHANNEL /**=REQUIRES_INSECURE_CHANNEL </value> </property> </bean> <bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl"> <property name="channelProcessors"> <list> <bean class="org.acegisecurity.securechannel.SecureChannelProcessor"/> <bean class="org.acegisecurity.securechannel.InsecureChannelProcessor"/> </list> </property> </bean>
