You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "David Sean Taylor (JIRA)" <je...@portals.apache.org> on 2007/10/15 23:08:50 UTC
[jira] Created: (JS2-789) Login without posting all credentials via
HTTP request
Login without posting all credentials via HTTP request
------------------------------------------------------
Key: JS2-789
URL: https://issues.apache.org/jira/browse/JS2-789
Project: Jetspeed 2
Issue Type: Improvement
Components: Security
Affects Versions: 2.1.3
Reporter: David Sean Taylor
Assignee: David Sean Taylor
Fix For: 2.1.3
There are environments where posting both the username and password from the same page is not allowed.
This enhancement allows us to still use the LoginProxyServlet and active authentication, but to optional turn off getting credentials from the HTTP request
and instead get them from the session (from previous interaction). The default setting is as it was before, using the request parameters
<servlet-name>LoginProxyServlet</servlet-name>
<servlet-class>org.apache.jetspeed.login.LoginProxyServlet</servlet-class>
<init-param>
<param-name>credentialsFromRequest</param-name>
<param-value>true</param-value>
</init-param>
</servlet>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Resolved: (JS2-789) Login without posting all credentials
via HTTP request
Posted by "David Sean Taylor (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-789?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Sean Taylor resolved JS2-789.
-----------------------------------
Resolution: Fixed
implemented and tested
> Login without posting all credentials via HTTP request
> ------------------------------------------------------
>
> Key: JS2-789
> URL: https://issues.apache.org/jira/browse/JS2-789
> Project: Jetspeed 2
> Issue Type: Improvement
> Components: Security
> Affects Versions: 2.1.3
> Reporter: David Sean Taylor
> Assignee: David Sean Taylor
> Fix For: 2.1.3
>
>
> There are environments where posting both the username and password from the same page is not allowed.
> This enhancement allows us to still use the LoginProxyServlet and active authentication, but to optional turn off getting credentials from the HTTP request
> and instead get them from the session (from previous interaction). The default setting is as it was before, using the request parameters
> <servlet-name>LoginProxyServlet</servlet-name>
> <servlet-class>org.apache.jetspeed.login.LoginProxyServlet</servlet-class>
> <init-param>
> <param-name>credentialsFromRequest</param-name>
> <param-value>true</param-value>
> </init-param>
> </servlet>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org