Security access control options in reverse proxy portlet components.
--------------------------------------------------------------------
Key: APA-42
URL: https://issues.apache.org/jira/browse/APA-42
Project: Portals Apps
Issue Type: Bug
Components: apa-webcontent
Affects Versions: apa-webcontent-1.1
Reporter: Woonsan Ko
Assignee: Woonsan Ko
Fix For: apa-webcontent-1.2
The default examples of the reverse proxy servlet and reverse proxy iframe
portlet have the following problems:
- Many URLs could be accidentally being indexed
- Some proxied urls could prompts for credentials, over HTTP, which brings
security issues.
I think the followings could be provided:
- The default proxy target url examples should be from the local application
for a demo. (Not from an external target site.)
- Add a security authentication/authorization checking option for each proxy
site.
- Add a portlet driven reverse proxy servlet which extends the default reverse
proxy servlet
and add a portlet integrated security authentication/authorization checking
option.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
