Author: jleroux Date: Wed Feb 7 14:17:51 2018 New Revision: 1823467 URL: http://svn.apache.org/viewvc?rev=1823467&view=rev Log: Completed:: Security issue in Token Based Authentication (OFBIZ-10206)
No functional change. Updates the security.properties content related to JWT Refers to the last up to date external-server-test-example.patch at OFBIZ-10206 Makes demo-trunk.ofbiz.apache.org default external-server-name so that anybody can try the feature from own machine. The use-external-server=Y was already set Modified: ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties Modified: ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties?rev=1823467&r1=1823466&r2=1823467&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties (original) +++ ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties Wed Feb 7 14:17:51 2018 @@ -132,12 +132,11 @@ default.error.response.view=view:viewBlo # -- If false, then no externalLoginKey parameters will be added to cross-webapp urls security.login.externalLoginKey.enabled=true -### To have this working, an example of the change needed on the source server is available in OFBIZ-9833-external-server-test-example.patch -### With this example, the external-server-query must be /catalog/control/ +### To have this working, an example of the change needed on the source server is available in OFBIZ-10206-external-server-test-example.patch # -- If true, then it's possible to connect to another webapp on another server w/o signing in # -- This needs to be changed on both the source server and the target server use-external-server=Y # -- Name of the external server (DNS) ex: demo-trunk.ofbiz.apache.org where the port is not needed, or localhost:8443 (default) for local tests (not using the same webapp) -external-server-name=localhost:8443 +external-server-name=demo-trunk.ofbiz.apache.org # -- Time To Live of the token send to the external server in seconds external-server-token-duration=30