Hi, Trying to get the backoffice on HTTPS and the blog on HTTP - but I cant get it to work.
If I set: securelogin.enabled=true schemeenforcement.enabled=true Then I get stuck in a Login-redirect loop For example: I am trying to access a page in Backoffice that is not specified in schemeenforcement.https.urls. But in security.xml the page is set to only be viewed by admin or editor. So I have to login. I login and redirected to the page on HTTP (since it is not specified in schemeenforcement.https.urls). I loose my jsessionid and security.xml reqiures me to be logged in - so I have to login. Is this still under development? In found in web.xml: <!-- Scheme enforcement. Only here until we get Acegi scheme enforcement working --> When will Acegi scheme enforcement be implemented? If I would make a fix for this before it is corrected. Is it a good idea to create a filter that matches patterns instead of ulrs? For exaple: /roller-ui/** Is all backoffice pages located below /roller-ui/ ? Or is there any pages that are located somwhere else? Thank you /Susanne
