Skip to Content

org.clazzes.login.adapter.http

Version 13.1 by christoph_lechleitner@iteg_at on 2013-10-27 11.06:53

HTTP Login Adapter

The login-service-adapter org.clazzes.login.adapter.http listens for providers of the DomainPasswordLoginService interface and exports them adapted as a HttpLoginService (see https://svn.clazzes.org/svn/util/trunk/http-util/src/main/java/org/clazzes/util/http/sec/HttpLoginService.java).

It is provided as an OSGi bundle, which may be activated by

obr:addurl http://maven.clazzes.org/repository.xml
obr:deploy http-login-adapter

The maven artifact is:

<groupId>org.clazzes.login</groupId>
<artifactId>http-login-adapter</artifactId>

URL of exported DomainPasswordLoginService/http-login/<login.mechanism>/login
<login.mechanism> beeing i.e. jaas from org.clazzes.login.jaasldap from org.clazzes.login.ldaphttp from org.clazzes.login.http.

Starting with version 1.2.0 of http-login-adapter, the timezone of the user logging in is determined via javascript and propagated to the server as the login time zone, when the configuration parameter doTimeZoneDetection=true is set. The login timezone may be queried using HttpLoginServer.getTimeZone() or ThreadLocalManager.getLoginTimeZone() when using HttpCheckLoginInterceptor of http-aop-util-1.2.0 or later

URL scheme and parameters

The login time zone and/or login local may be overwritten using URL parameters to the login service like in the following examples:

login URL

remarks

/http-login/<login.mechanism>/login?tz=America/Los_Angeles

login with the browser's default locale and Los Angeles time zone

/http-login/<login.mechanism>/login?tz=GMT+01:00&locale=fr

login with a timezone with fixed offset and a french locale.

/http-login/<login.mechanism>/login?locale=fr-CA

login with a french canadian locale.

Testpad

There is a small testpad application to play with this adapter.

It is provided as an OSGi bundle, which may be activated by

obr:addurl http://maven.clazzes.org/repository.xml
obr:deploy http-login-testpad

The maven artifact is:

<groupId>org.clazzes.login</groupId>
<artifactId>http-login-testpad</artifactId>

Configuration

The following configuration overview is valid as of version 1.3.0, which will be released around 2013-10-28.

Name

Description

doTimeZoneDetection

Set to true for multi-time-zone applications. Defaults to false.

failureTimeout

Delay penalty after bad login attempts, in ms. Default to 500.

secureCookie

Wether to flag the session cookie as secure. Defaults to false.
Set to true for https-only operations, which is highly recommended.

sessionCookie

Name of session cookie. Defaults to LOGIN_SESSION_ID.

sessionTimeout

Session timeout in minutes. Defaults to 180 (=3 hours).