You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2009/01/22 15:59:59 UTC
[jira] Closed: (OFBIZ-1906) Allow use of
HttpServletRequest.getRemoteUser() for 3rd party authentication
[ https://issues.apache.org/jira/browse/OFBIZ-1906?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-1906.
----------------------------------
Resolution: Fixed
Fix Version/s: SVN trunk
Thanks Guy and Luke,
Your patch is in trunk revision: 736660 . I will put the PDF in the Wiki soon...
> Allow use of HttpServletRequest.getRemoteUser() for 3rd party authentication
> ----------------------------------------------------------------------------
>
> Key: OFBIZ-1906
> URL: https://issues.apache.org/jira/browse/OFBIZ-1906
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Guy Gershoni
> Assignee: Jacques Le Roux
> Priority: Minor
> Fix For: SVN trunk
>
> Attachments: ArlSettingUpCasOnOfbiz5.pdf, security-remoteuser_login.diff, security-remoteuser_login_v2.diff
>
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> Am using CAS (http://www.ja-sig.org/products/cas/) to do authentication which, with the standard CAS Java client, populates the HttpServletRequest.getRemoteUser() with the user it has authenticated (http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml... bottom of page)..
> Have noticed in framework/security/config/security.properties on line 73 there is the following:
> # -- HTTP header based ID (for integrations; uncomment to enable)
> #security.login.http.header=REMOTE_USER
> which is then processed by framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java around line 611 on:
> So would like to add the following to security.properties:
> # -- HttpServletRequest getRemoteUser() based ID (for integrations; uncomment to enable)
> #security.login.http.servlet.getremoteuser.allow=true
> and in LoginWorker.java add some code to check property and suck in remote user from request if O.K.
> Am developing patch.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.