Uploaded image for project: 'Jetspeed 2'
  1. Jetspeed 2
  2. JS2-789

Login without posting all credentials via HTTP request

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.3
    • Fix Version/s: 2.1.3
    • Component/s: Security
    • Labels:
      None

      Description

      There are environments where posting both the username and password from the same page is not allowed.
      This enhancement allows us to still use the LoginProxyServlet and active authentication, but to optional turn off getting credentials from the HTTP request
      and instead get them from the session (from previous interaction). The default setting is as it was before, using the request parameters

      <servlet-name>LoginProxyServlet</servlet-name>
      <servlet-class>org.apache.jetspeed.login.LoginProxyServlet</servlet-class>
      <init-param>
      <param-name>credentialsFromRequest</param-name>
      <param-value>true</param-value>
      </init-param>
      </servlet>

        Activity

        Hide
        taylor David Sean Taylor added a comment -

        implemented and tested

        Show
        taylor David Sean Taylor added a comment - implemented and tested

          People

          • Assignee:
            taylor David Sean Taylor
            Reporter:
            taylor David Sean Taylor
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development