Details
-
Bug
-
Status: Resolved
-
Resolution: Fixed
-
1.4b4-dev / CVS
-
None
-
None
-
Operating System: Other
Platform: All
-
18632
Description
The zip file I am about to attach contains an Apache licensed portlet + example
config usage. What it does is provide for automatic BASIC Authentication to
apps running within the IFrame. The username and password of the currently
logged in user in a Jetspeed portal is automatically sent via the src attribute
in the IFrame. The this is done is this....
For instance, here is the applicable part of the portlet configuration...
<classname>org.apache.jetspeed.portal.portlets.BASICAuthIFramePortlet</classname>
<parameter name="source"
value="https://www.myprotectedsite.com/"
hidden="false" cachedOnName="true" cachedOnValue="true"/>
Let's say the user "cool" logged in with password "guy". The resulting value of
the src attribute would look like...
<iframe src="https://cool:guy@www.myprotectedsite.com/">
Obviously this puts the username/password combo right out there for people to
see (but BASIC Auth does that anyway, so...) so I recommend this only be done
when using SSL which is how BASIC Auth should be done anyway.
Anway, I have seen interest in this on the jetspeed-user list in the past, so I
figured I'd post this code. Hopefully it gets into the Jetspeed core. If not,
I hope it is at least useful to someone out there.
Jake