You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Luke Prentice (JIRA)" <ji...@apache.org> on 2008/12/23 00:05:45 UTC

[jira] Commented: (OFBIZ-1906) Allow use of HttpServletRequest.getRemoteUser() for 3rd party authentication

    [ https://issues.apache.org/jira/browse/OFBIZ-1906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12658708#action_12658708 ] 

Luke Prentice commented on OFBIZ-1906:
--------------------------------------

please can someone apply this patch and check it in to the trunk.

that will allow us to proceed with smoother CAS integration with this method on the trunk.

thanks.

> Allow use of HttpServletRequest.getRemoteUser() for 3rd party authentication
> ----------------------------------------------------------------------------
>
>                 Key: OFBIZ-1906
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1906
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: framework
>    Affects Versions: SVN trunk
>            Reporter: Guy Gershoni
>            Priority: Minor
>         Attachments: security-remoteuser_login.diff
>
>   Original Estimate: 4h
>  Remaining Estimate: 4h
>
> Am using CAS (http://www.ja-sig.org/products/cas/) to do authentication which, with the standard CAS Java client, populates the HttpServletRequest.getRemoteUser() with the user it has authenticated (http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml... bottom of page)..
> Have noticed in framework/security/config/security.properties on line 73 there is the following:
> # -- HTTP header based ID (for integrations; uncomment to enable)
> #security.login.http.header=REMOTE_USER
> which is then processed by framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java around line 611 on:
> So would like to add the following to security.properties:
> # -- HttpServletRequest getRemoteUser() based ID (for integrations; uncomment to enable)
> #security.login.http.servlet.getremoteuser.allow=true
> and in LoginWorker.java add some code to check property and suck in remote user from request if O.K.
> Am developing patch.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.