Hi J2-Users, to integrate J2 as a "SingleSignOn"-Client, I analyze the login process in detail. I think that the redirect to the login.jsp from the LoginJSPViewValveImpl in the LoginPipeline is not secure. The username and password will be send to the client in plain text! The javascript in the body tag will post the data to the servlet container with the javascript call onload. ... <body onLoad='document.forms["login"].submit();'> ... What is about the browser cache?
mg
