Provide a "Stay connected / Remember me" feature on login page
--------------------------------------------------------------
Key: NXP-7235
URL: https://jira.nuxeo.com/browse/NXP-7235
Project: Nuxeo Enterprise Platform
Issue Type: New Feature
Affects Versions: 5.4.2
Reporter: Bilbo Ima
The aim of this feature is to stay connected, even if the user closes her
browser: a checkbox "Stay connected/Remember me" will be added on the login page
This contribution contains:
* a class {{ImaFormAuthenticator}} that extends {{FormAuthenticator}} and
implements NuxeoAuthenticationPluginLogoutExtension
* a configuration file {{/OSGI-INF/auth-contrib.xml}} (with a dependency on
org.nuxeo.ecm.platform.ui.web.auth.defaultConfig)
* a custom login page {{nuxeo.war/login.jsp}} based on the standard
{{login.jsp}} and add a checkbox "Remember me" (need to fill
messages_XX.properties for each language)
The declaration of {{ImaFormAuthenticator}} in {{/OSGI-INF/auth-contrib.xml}}
uses the parameters from {{FormAuthenticator}}, LoginPage, UsernameKey,
PasswordKey, and adds some new ones:
- RemembermeKey: name of the checkbox "Remember me" in the login page
- AuthCookieName: name of the cookie
- AuthCookieDuration: cookie duration
- AuthCookieDurationRefresh:
** true to extend cookie duration every time a page is loaded
** false otherwise, in that case the cookie will expire if there is no
reconnection
Caution:
* username and password are encoded (not crypted) in the cookie (encoding of
{{UserIdentificationInfo}} object with {{org.nuxeo.common.utils.Base64}})
* the cookie is independant of the IP address of the client (the user will stay
connected even if she changes of wireless network with her notebook, but this
mechanism exposes itself to cookie theft)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
