Skip to Content
Last modified by Christoph Lechleitner on 2026-03-26 06.53:36
From version 16.1
edited by Christoph Lechleitner
on 2026-03-26 06.53:36
Change comment: Docuemented sameSitePolicy, reordered configuration options table
To version 13.1
edited by christoph_lechleitner@iteg_at
on 2013-10-27 11.06:53
Change comment: Chapter on config, as of upcoming 1.3.0

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.cl
1 +XWiki.christoph_lechleitner@iteg_at
Content
... ... @@ -1,6 +1,6 @@
1 1  === {{id name="org.clazzes.login.adapter.http-HTTPLoginAdapter"/}}HTTP Login Adapter ===
2 2  
3 -The login-service-adapter {{code language="none"}}org.clazzes.login.adapter.http{{/code}} listens for providers of the ##[[DomainPasswordLoginService>>doc:LOGIN.DomainPasswordLoginService implementations and backends.WebHome]]## interface and exports them adapted as a ##[[HttpLoginService>>doc:GWTBASICS.GWT implementations of http-util HttpLoginService.HTTP login service.WebHome]]## (see [[https:~~/~~/svn.clazzes.org/svn/util/trunk/http-util/src/main/java/org/clazzes/util/http/sec/HttpLoginService.java>>url:https://svn.clazzes.org/svn/util/trunk/http-util/src/main/java/org/clazzes/util/http/sec/HttpLoginService.java||shape="rect"]]).
3 +The login-service-adapter {{code language="none"}}org.clazzes.login.adapter.http{{/code}} listens for providers of the ##[[DomainPasswordLoginService>>doc:LOGIN.DomainPasswordLoginService implementations and backends.WebHome]]## interface and exports them adapted as a ##[[HttpLoginService>>doc:GWTBASICS.GWT implementations of http-util HttpLoginService.HTTP login service.WebHome]]## (see [[https:~~/~~/svn.clazzes.org/svn/util/trunk/http-util/src/main/java/org/clazzes/util/http/sec/HttpLoginService.java>>url:https://svn.clazzes.org/svn/util/trunk/http-util/src/main/java/org/clazzes/util/http/sec/HttpLoginService.java||shape="rect"]]).
4 4  
5 5  It is provided as an OSGi bundle, which may be activated by
6 6  
... ... @@ -19,8 +19,7 @@
19 19  )))
20 20  
21 21  URL of exported {{code language="none"}}DomainPasswordLoginService{{/code}}: {{code language="none"}}/http-login/<login.mechanism>/login{{/code}}
22 -{{code language="none"}}<login.mechanism>{{/code}} beeing i.e. {{code language="none"}}org.clazzes.login.jaas{{/code}} for [[doc:LOGIN.DomainPasswordLoginService implementations and backends.org\.clazzes\.login\.jaas.WebHome]], ##o{{code language="none"}}rg.clazzes.login.l{{/code}}dap## from [[doc:LOGIN.DomainPasswordLoginService implementations and backends.org\.clazzes\.login\.ldap.WebHome]], ##o{{code language="none"}}rg.clazzes.login.h{{/code}}ttp## from [[doc:LOGIN.DomainPasswordLoginService implementations and backends.org\.clazzes\.login\.http.WebHome]].
23 -Older implementations may have not used the {{code language="none"}}org.clazzes.login.{{/code}} part, i.e. {{code language="none"}}jaas{{/code}} instead of {{code language="none"}}org.clazzes.login.jaas{{/code}} and so on.
22 +<login.mechanism> beeing i.e. {{code language="none"}}jaas{{/code}} from [[doc:LOGIN.DomainPasswordLoginService implementations and backends.org\.clazzes\.login\.jaas.WebHome]], {{code language="none"}}ldap{{/code}} from [[doc:LOGIN.DomainPasswordLoginService implementations and backends.org\.clazzes\.login\.ldap.WebHome]], {{code language="none"}}http{{/code}} from [[doc:LOGIN.DomainPasswordLoginService implementations and backends.org\.clazzes\.login\.http.WebHome]].
24 24  
25 25  Starting with version 1.2.0 of http-login-adapter, the timezone of the user logging in is determined via javascript and propagated to the server as the login time zone, when the configuration parameter {{code language="none"}}doTimeZoneDetection=true{{/code}} is set. The login timezone may be queried using HttpLoginServer.getTimeZone() or ThreadLocalManager.getLoginTimeZone() when using HttpCheckLoginInterceptor of http-aop-util-1.2.0 or later
26 26  
... ... @@ -28,7 +28,6 @@
28 28  
29 29  The login time zone and/or login local may be overwritten using URL parameters to the login service like in the following examples:
30 30  
31 -(% class="wrapped" %)
32 32  |=(((
33 33  login URL
34 34  )))|=(((
... ... @@ -59,7 +59,7 @@
59 59  login with a french canadian locale.
60 60  )))
61 61  
62 -=== {{id name="org.clazzes.login.adapter.http-Testpad"/}}(% style="color:#000000; font-size:16.0px; line-height:1.5625" %)Testpad(%%) ===
60 +=== {{id name="org.clazzes.login.adapter.http-Testpad"/}}(% style="color: rgb(0,0,0);font-size: 16.0px;line-height: 1.5625;" %)Testpad(%%) ===
63 63  
64 64  There is a small testpad application to play with this adapter.
65 65  
... ... @@ -83,7 +83,6 @@
83 83  
84 84  The following configuration overview is valid as of version 1.3.0, which will be released around 2013-10-28.
85 85  
86 -(% class="wrapped" %)
87 87  |=(((
88 88  Name
89 89  )))|=(((
... ... @@ -90,51 +90,28 @@
90 90  Description
91 91  )))
92 92  |(((
93 -{{{doTimeZoneDetection}}}
90 +doTimeZoneDetection
94 94  )))|(((
95 95  Set to {{code language="none"}}true{{/code}} for multi-time-zone applications. Defaults to {{code language="none"}}false{{/code}}.
96 96  )))
97 97  |(((
98 -(% class="p1" %)
99 -{{{ephemeralOtpSeconds}}}
95 +failureTimeout
100 100  )))|(((
101 -The lifetime of ephemeral tokens in seconds.
102 -)))
103 -|(((
104 -{{{failureTimeout}}}
105 -)))|(((
106 106  Delay penalty after bad login attempts, in {{code language="none"}}ms{{/code}}. Default to 500.
107 107  )))
108 108  |(((
109 -(% class="p1" %)
110 -{{{mailSender}}}
100 +secureCookie
111 111  )))|(((
112 -Mail address of the sender of mails for two-factor authentication containing an ephemeral token.
113 -)))
114 -|(((
115 -{{{sameSitePolicy}}}
116 -)))|Set to {{code language="none"}}Lax{{/code}} to light the cross-site strictness a bit, useful for deep links in Wikis. Defauts to {{code language="none"}}Strict{{/code}}.
117 -|(((
118 -{{{secureCookie}}}
119 -)))|(((
120 120  Wether to flag the session cookie as secure. Defaults to {{code language="none"}}false{{/code}}.
121 121  Set to {{code language="none"}}true{{/code}} for {{code language="none"}}https{{/code}}-only operations, which is highly recommended.
122 122  )))
123 123  |(((
124 -{{{sessionCookie}}}
106 +sessionCookie
125 125  )))|(((
126 126  Name of session cookie. Defaults to {{code language="none"}}LOGIN_SESSION_ID{{/code}}.
127 127  )))
128 128  |(((
129 -{{{sessionTimeout}}}
111 +sessionTimeout
130 130  )))|(((
131 131  Session timeout in minutes. Defaults to {{code language="none"}}180{{/code}} (=3 hours).
132 132  )))
133 -| |
134 -|(((
135 -(% class="p1" %)
136 -{{{smsSender}}}
137 -)))|(((
138 -SMS sender number of SMSes for two-factor authentication containing an ephemeral token.
139 -)))
140 -| |
Confluence.Code.ConfluencePageClass[0]
Id
... ... @@ -1,1 +1,1 @@
1 -688650
1 +688759
URL
... ... @@ -1,1 +1,1 @@
1 -https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688650/org.clazzes.login.adapter.http
1 +https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688759/org.clazzes.login.adapter.http