portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Sean Taylor (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Created: (JS2-789) Login without posting all credentials via HTTP request
Date Mon, 15 Oct 2007 21:08:50 GMT
Login without posting all credentials via HTTP request
------------------------------------------------------

                 Key: JS2-789
                 URL: https://issues.apache.org/jira/browse/JS2-789
             Project: Jetspeed 2
          Issue Type: Improvement
          Components: Security
    Affects Versions: 2.1.3
            Reporter: David Sean Taylor
            Assignee: David Sean Taylor
             Fix For: 2.1.3


There are environments where posting both the username and password from the same page is
not allowed.
This enhancement allows us to still use the LoginProxyServlet and active authentication, but
to optional turn off getting credentials from the HTTP request
and instead get them from the session (from previous interaction). The default setting is
as it was before, using the request parameters

  <servlet-name>LoginProxyServlet</servlet-name>
    <servlet-class>org.apache.jetspeed.login.LoginProxyServlet</servlet-class>
	<init-param>
		<param-name>credentialsFromRequest</param-name>
		<param-value>true</param-value>
	</init-param>    
  </servlet>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message