http://opensource.atlassian.com/projects/spring/browse/SEC-63
Type: Posts; User: ospector; Keyword(s):
Submitted to JIRA, including fix
http://opensource.atlassian.com/projects/spring/browse/SEC-63
Lets take this further
In AuthenticationProcessingFilterEntryPoint you use an absolute URL regardless of the forceHttps flag.
I think a better implementation would be to use an absolute URL iff you change protocol during...
absolute redirection in ACEGI code base problematic
When re-directing a non-authenticated user, class AuthenticationProcessingFilterEntryPoint builds an absolute URL.
This leads to problems in a customer environment where our server (Weblogic,...