All,
I modified security.xml as following:
---------------------------------------------------
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/roller_j_security_check=REQUIRES_SECURE_CHANNEL
/roller-ui/login-redirect.jsp=REQUIRES_SECURE_CHANNEL
/roller-ui/login.rol=REQUIRES_SECURE_CHANNEL
/roller-ui/register.rol=REQUIRES_SECURE_CHANNEL
/roller-ui/register!save.rol=REQUIRES_SECURE_CHANNEL
</value>
</property>
-----------------------------------------------------
I also modified roller-custom.properties
---------------------------------------------------
# Enables HTTPS for login page only
securelogin.enabled=true
# Enable scheme enforcement?
# Scheme enforcement ensures that specific URLs are viewed only via HTTPS
schemeenforcement.enabled=true
---------------------------------------------------
I tried
https://localhost:9443/blog/roller-ui/login-redirect.rol and
https://localhost:9443/blog/roller-ui/register.rolIt still doesn't work. Any idea?
Thank you very much.
David
--- On Thu, 6/11/09, (David) Ming Xia <
david.ming.xia@...> wrote:
From: (David) Ming Xia <
david.ming.xia@...>
Subject: Problem in switching to HTTPS channel
To: "Mailing List Apache Roller User" <
user@...>, "Mailing List Apache Roller Developer" <
dev@...>
Date: Thursday, June 11, 2009, 11:05 AM
Hi, Everyone.
I could not set up switching to HTTPS channel for login. I added couple of line into security.xml as illustrated in the following sample code. I started the application and tried to login at
https://localhost:9443/blog/roller-ui/login.rol. The login page was not load up.
I would appreciate if some one could give some advices. Do I need to something in addition to change security.xml?
Thank you for your help.
David
<!-- ===================== SSL SWITCHING ==================== -->
<bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager" ref="channelDecisionManager"/>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/roller_j_security_check=REQUIRES_SECURE_CHANNEL
/roller-ui/login.rol=REQUIRES_SECURE_CHANNEL
/roller-ui/login-redirect.rol=REQUIRES_SECURE_CHANNEL
/**=REQUIRES_INSECURE_CHANNEL
</value>
</property>
</bean>
<bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<bean class="org.acegisecurity.securechannel.SecureChannelProcessor"/>
<bean class="org.acegisecurity.securechannel.InsecureChannelProcessor"/>
</list>
</property>
</bean>
