[jboss-jira] [JBoss JIRA] Resolved: (JBAS-4804) GenericHeaderAuthenticator injection of ssoid, sessioncookie name

Stefan Guilhen (JIRA) jira-events at lists.jboss.org
Thu Oct 25 14:46:01 EDT 2007 

     [ http://jira.jboss.com/jira/browse/JBAS-4804?page=all ]

Stefan Guilhen resolved JBAS-4804.
----------------------------------

    Fix Version/s:  JBossAS-5.0.0.Beta3
       Resolution: Rejected

The ssoid and session cookie name can now be injected by the httpHeaderForSSOAuth and sessionCookieForSSOAuth attributes of GenericHeaderAuthenticator. A web application can now perform the whole generic header auth configuration on it's own WEB-INF/context.xml file. No changes to the container config files are needed. 

This is how the WEB-INF/context.xml should look like now when using the GenericHeaderAuthenticator:

<Context>
  <Valve className="org.jboss.web.tomcat.security.GenericHeaderAuthenticator" httpHeaderForSSOAuth="sm_ssoid,ct-remote-user,HTTP_OBLIX_UID"
         sessionCookieForSSOAuth="SMSESSION,CTSESSION,ObSSOCookie"/>
</Context>

A test case named GenericHeaderAuthUnitTestCase has been developed to test this behaviour. The wiki has also been updated.

> GenericHeaderAuthenticator injection of ssoid, sessioncookie name
> -----------------------------------------------------------------
>
>                 Key: JBAS-4804
>                 URL: http://jira.jboss.com/jira/browse/JBAS-4804
>             Project: JBoss Application Server
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Web (Tomcat) service
>    Affects Versions: JBossAS-4.2.1.GA
>            Reporter: Anil Saldhana
>         Assigned To: Stefan Guilhen
>             Fix For:  JBossAS-5.0.0.Beta3, JBossAS-4.2.3.GA
>
>
> http://wiki.jboss.org/wiki/Wiki.jsp?page=GenericHeaderBasedAuthentication
> Currently the two inputs - HttpHeaderForSSOAuth and SessionCookieForSSOAuth are read from the tomcat service (via JMX).  We need to support the easier way of injecting these via WEB-INF/context.xml. This should be in addition.
> Create a test case called as GenericHeaderAuthenticationUnitTestCase (that is separate from the other earlier test case).  This new test case should use a web application that has context.xml in the WEB-INF. The test case should not require a special server configuration (like the other test case).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list