roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Johnson (JIRA)" <>
Subject [jira] [Commented] (ROL-2100) secure.login and schemaenforement.https.urls broken
Date Sat, 23 Feb 2019 22:30:00 GMT


David Johnson commented on ROL-2100:

regarding "secure.login," this is only an issue for sites that want to run everything with
HTTP, and only the login page with HTTPS. The work-around for this bug is to run your whole
site as HTTPS.

Regarding "schemaenforement.https.urls" this is only necessary if you are running on infrastructure
without SSL redirection. The work-around is to configure SSL redirection in your infrastructure,
e.g. Tomcat, Load Balancer, Kubernetes Ingress, etc.

These features should be removed and the documentation adjuested accordingly.

I think the secure login and schema enforcement 

> secure.login and schemaenforement.https.urls broken
> ---------------------------------------------------
>                 Key: ROL-2100
>                 URL:
>             Project: Apache Roller
>          Issue Type: Bug
>          Components: Authentication, Roles and Access Controls
>    Affects Versions: 5.1.2
>            Reporter: David Johnson
>            Assignee: Roller Unassigned
>            Priority: Major
> The two Roller configuration properties mentioned in the summary no longer work in Roller.
Apparently they were broken when we upgraded to some newer version of Spring Security.  
> The relevant code is in RollerContext. initializeSecurityFeatures().
> As a work-around, one may be able to configure secure login behavior by modifying the
Spring Security configuration file (security.xml) directly.

This message was sent by Atlassian JIRA

View raw message