Jetspeed 2
  1. Jetspeed 2
  2. JS2-789

Login without posting all credentials via HTTP request

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.3
    • Fix Version/s: 2.1.3
    • Component/s: Security
    • Labels:
      None

      Description

      There are environments where posting both the username and password from the same page is not allowed.
      This enhancement allows us to still use the LoginProxyServlet and active authentication, but to optional turn off getting credentials from the HTTP request
      and instead get them from the session (from previous interaction). The default setting is as it was before, using the request parameters

      <servlet-name>LoginProxyServlet</servlet-name>
      <servlet-class>org.apache.jetspeed.login.LoginProxyServlet</servlet-class>
      <init-param>
      <param-name>credentialsFromRequest</param-name>
      <param-value>true</param-value>
      </init-param>
      </servlet>

        Activity

        Hide
        David Sean Taylor added a comment -

        implemented and tested

        Show
        David Sean Taylor added a comment - implemented and tested

          People

          • Assignee:
            David Sean Taylor
            Reporter:
            David Sean Taylor
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development