Uploaded image for project: 'Jetspeed 2'
  1. Jetspeed 2
  2. JS2-789

Login without posting all credentials via HTTP request

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.3
    • Fix Version/s: 2.1.3
    • Component/s: Security
    • Labels:
      None

      Description

      There are environments where posting both the username and password from the same page is not allowed.
      This enhancement allows us to still use the LoginProxyServlet and active authentication, but to optional turn off getting credentials from the HTTP request
      and instead get them from the session (from previous interaction). The default setting is as it was before, using the request parameters

      <servlet-name>LoginProxyServlet</servlet-name>
      <servlet-class>org.apache.jetspeed.login.LoginProxyServlet</servlet-class>
      <init-param>
      <param-name>credentialsFromRequest</param-name>
      <param-value>true</param-value>
      </init-param>
      </servlet>

        Attachments

          Activity

            People

            • Assignee:
              taylor David Sean Taylor
              Reporter:
              taylor David Sean Taylor
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: