Allow use of HttpServletRequest.getRemoteUser() for 3rd party authentication
----------------------------------------------------------------------------
Key: OFBIZ-1906
URL: https://issues.apache.org/jira/browse/OFBIZ-1906
Project: OFBiz
Issue Type: Improvement
Components: framework
Affects Versions: SVN trunk
Reporter: Guy Gershoni
Priority: Minor
Am using CAS (http://www.ja-sig.org/products/cas/) to do authentication which,
with the standard CAS Java client, populates the
HttpServletRequest.getRemoteUser() with the user it has authenticated
(http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml...
bottom of page)..
Have noticed in framework/security/config/security.properties on line 73 there
is the following:
# -- HTTP header based ID (for integrations; uncomment to enable)
#security.login.http.header=REMOTE_USER
which is then processed by
framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java around line 611
on:
So would like to add the following to security.properties:
# -- HttpServletRequest getRemoteUser() based ID (for integrations; uncomment
to enable)
#security.login.http.servlet.getremoteuser.allow=true
and in LoginWorker.java add some code to check property and suck in remote user
from request if O.K.
Am developing patch.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
