Hey everyone,
I'd like to make a change to org.jasig.portal.LoginServlet -- the piece
of code that orchestrates a login in uPortal. I'd like to make this
change in rel-2-5-patches and in trunk.
I'd like to change line 194 from...
String parmValue = request.getParameter(parmName);
To instead be...
String parmValue = request.getAttribute(parmName) != null ? (String)
request.getAttribute(parmName) : request.getParameter(parmName);
My motivation is that, as it stands, authentication in uPortal can only
accept information from request parameters. Per the Servlet API,
request parameters are read-only. Therefore anything I want to examine
in a SecurityContext implementation (viz. in the authenticate() method)
*must* come across from the user's browser as a URL parameter or a form
field.
By contrast I can set request _attributes_ in a servlet filter. The
change I propose, therefore, would allow servlet filters to communicate
with SecutiryContext implementations, and opens the door to a host of
new, flexible approaches to authentication in the portal.
For example, imagine I wanted to allow users to type in friendly-looking
usernames like 'awills' or 'apetro'. But behind the scenes the
authentication mechanism prescribed by my institution requires an
employee_id instead. This change would allow me to translate 'awills'
into an employee_id in a servlet filter (via db lookup perhaps?), then
pass employee_id to a standard SecurityContext implementation as a
request attribute.
I also suspect this change will make integrations with technologies like
CAS less invasive. In fact the task that has me thinking about this
change is basically uPortal integration with a home-grown CAS alternative.
Please share your thoughts.
drew wills
--
Andrew Wills
UNICON, Inc.
Office: (480) 558-2476
http://code.google.com/p/cernunnos/
--
Join your friends and colleagues at JA-SIG with Altitude: June 24-27, 2007 in
Denver, CO USA.
Featuring keynotes by: Phil Windley, Matt Raible, Matt Asay
Sessions on topics including: CAS, uPortal, Portlets, Sakai, Identity
Management, and Open Source
For more information & registration visit:
http://www.ja-sig.org/conferences/07summer/index.html
---
You are currently subscribed to [email protected] as: [EMAIL
PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
