On Mon, Nov 22, 2010 at 5:31 PM, Woonsan Ko <woon_...@yahoo.com> wrote:
> Hi Srini,
>
> It is not possible to read username/password form data in a valve because the
> login form submission is handled by a dedicated JAAS form login servlet
> (/login/login) configured in /jetspeed/WEB-INF/web.xml.
> The j2-admin login portlet submits the login form to /login/proxy servlet,
> which redirects to /login/redirector servlet to trigger security check of the
> servlet container as configured for JAAS Form-based authentication in
> web.xml. These login related servlets are independent from Jetspeed
> pipelines/valves.
> The login related servlets (o.a.j.login.LoginServlet, LoginRedirectorServlet,
> ...) communicates with the browser multiple times and so those store the
> login form data in session temporarily. Of course, after login process, the
> temporary data is removed.
> So, one simple solution could be override the default Jetspeed login
> servlet(s) to catch the form data for other uses. However, it could be
> dangerous, it's up to you to do that with careful security
You can also bypass active authentication following these steps:
1. Login Filter
Configure the WEB-INF/web.xml to use the PortalFilter for logging in
by uncommented the PortalFilter and its mapping:
<filter>
<filter-name>PortalFilter</filter-name>
<filter-class>org.apache.jetspeed.login.filter.PortalFilter</filter-class>
</filter>
...
<filter-mapping>
<filter-name>PortalFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2.Portal Login Portlet
Edit the default-page.psml, changing the login portlet to the
filter-based login portlet as shown below. Make sure to also change
the fragment id. Change:
<fragment id="dp-12" type="portlet" name="j2-admin::LoginPortlet">
...
to ..
<fragment id="dp-12a" type="portlet" name="j2-admin::PortalLoginPortlet">
...
Consider writing your own Portal Filter, and putting your custom code there:
public class MyPortalFilter extends PortalFilter implements Filter
Recommend creating a simple maven jar project with this dependency:
<dependency>
<groupId>org.apache.portals.jetspeed-2</groupId>
<artifactId>jetspeed-api</artifactId>
<version>${jetspeed-2.version}</version>
<scope>provided</scope>
</dependency>
and then building a jar to hold MyPortalFilter, and dropping that jar
into the Jetspeed deployment
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-user-h...@portals.apache.org
