https SchemeEnforcementFilter and spring security
-------------------------------------------------
Key: ROL-1777
URL: https://issues.apache.org/roller/browse/ROL-1777
Project: Roller
Issue Type: Bug
Components: Configuration & Settings
Affects Versions: 4.1
Environment: fedora
Reporter: Greg Huber
Assignee: Roller Unassigned
Priority: Minor
I have noticed that when configured with https (SchemeEnforcementFilter) the
login page does not seem to work correctly. It always wants to back to the
login page when https is enabled. It seems to set alwas the security to
Granted Authorities: ROLE_ANONYMOUS rather than the correct value.
I found this entry which seems to address this issue:
http://jira.springframework.org/browse/SEC-767
ie in the security.xml this line:
<http auto-config="false" lowercase-comparisons="true"
access-decision-manager-ref="accessDecisionManager">
needs to be:
<http auto-config="false" lowercase-comparisons="true"
access-decision-manager-ref="accessDecisionManager"
session-fixation-protection="none">
Cheers Greg
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
