You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2009/01/22 15:59:59 UTC

[jira] Closed: (OFBIZ-1906) Allow use of HttpServletRequest.getRemoteUser() for 3rd party authentication

     [ https://issues.apache.org/jira/browse/OFBIZ-1906?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-1906.
----------------------------------

       Resolution: Fixed
    Fix Version/s: SVN trunk

Thanks Guy and Luke,

Your patch is in trunk revision: 736660 . I will put the PDF in the Wiki soon...


> Allow use of HttpServletRequest.getRemoteUser() for 3rd party authentication
> ----------------------------------------------------------------------------
>
>                 Key: OFBIZ-1906
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1906
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: framework
>    Affects Versions: SVN trunk
>            Reporter: Guy Gershoni
>            Assignee: Jacques Le Roux
>            Priority: Minor
>             Fix For: SVN trunk
>
>         Attachments: ArlSettingUpCasOnOfbiz5.pdf, security-remoteuser_login.diff, security-remoteuser_login_v2.diff
>
>   Original Estimate: 4h
>  Remaining Estimate: 4h
>
> Am using CAS (http://www.ja-sig.org/products/cas/) to do authentication which, with the standard CAS Java client, populates the HttpServletRequest.getRemoteUser() with the user it has authenticated (http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml... bottom of page)..
> Have noticed in framework/security/config/security.properties on line 73 there is the following:
> # -- HTTP header based ID (for integrations; uncomment to enable)
> #security.login.http.header=REMOTE_USER
> which is then processed by framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java around line 611 on:
> So would like to add the following to security.properties:
> # -- HttpServletRequest getRemoteUser() based ID (for integrations; uncomment to enable)
> #security.login.http.servlet.getremoteuser.allow=true
> and in LoginWorker.java add some code to check property and suck in remote user from request if O.K.
> Am developing patch.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.