portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 18632] New: - BASICAuthIFramePortlet contribution
Date Wed, 02 Apr 2003 23:16:35 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18632>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18632

BASICAuthIFramePortlet contribution

           Summary: BASICAuthIFramePortlet contribution
           Product: Jetspeed
           Version: 1.4b4-dev /CVS
          Platform: All
        OS/Version: Other
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: Portlets
        AssignedTo: jetspeed-dev@jakarta.apache.org
        ReportedBy: hoju@visi.com


The zip file I am about to attach contains an Apache licensed portlet + example
config usage.  What it does is  provide for automatic BASIC Authentication to
apps running within the IFrame.  The username and password of the currently
logged in user in a Jetspeed portal is automatically sent via the src attribute
in the IFrame.  The this is done is this....

For instance, here is the applicable part of the portlet configuration...

<classname>org.apache.jetspeed.portal.portlets.BASICAuthIFramePortlet</classname>
<parameter name="source"
        value="https://www.myprotectedsite.com/"
        hidden="false" cachedOnName="true" cachedOnValue="true"/>

Let's say the user "cool" logged in with password "guy".  The resulting value of
the src attribute would look like...

<iframe src="https://cool:guy@www.myprotectedsite.com/">

Obviously this puts the username/password combo right out there for people to
see (but BASIC Auth does that anyway, so...) so I recommend this only be done
when using SSL which is how BASIC Auth should be done anyway.

Anway, I have seen interest in this on the jetspeed-user list in the past, so I
figured I'd post this code.  Hopefully it gets into the Jetspeed core.  If not,
I hope it is at least useful to someone out there.

Jake

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message