Skip to Content

org.clazzes.login.adapter.http

Version 15.3 by Christoph Lechleitner on 2026-03-26 06.51:27

HTTP Login Adapter

The login-service-adapter org.clazzes.login.adapter.http listens for providers of the DomainPasswordLoginService interface and exports them adapted as a HttpLoginService (see https://svn.clazzes.org/svn/util/trunk/http-util/src/main/java/org/clazzes/util/http/sec/HttpLoginService.java).

It is provided as an OSGi bundle, which may be activated by

obr:addurl http://maven.clazzes.org/repository.xml
obr:deploy http-login-adapter

The maven artifact is:

<groupId>org.clazzes.login</groupId>
<artifactId>http-login-adapter</artifactId>

URL of exported DomainPasswordLoginService/http-login/<login.mechanism>/login
<login.mechanism> beeing i.e. org.clazzes.login.jaas for org.clazzes.login.jaasorg.clazzes.login.ldap from org.clazzes.login.ldaporg.clazzes.login.http from org.clazzes.login.http.
Older implementations may have not used the org.clazzes.login. part, i.e. jaas instead of org.clazzes.login.jaas and so on.

Starting with version 1.2.0 of http-login-adapter, the timezone of the user logging in is determined via javascript and propagated to the server as the login time zone, when the configuration parameter doTimeZoneDetection=true is set. The login timezone may be queried using HttpLoginServer.getTimeZone() or ThreadLocalManager.getLoginTimeZone() when using HttpCheckLoginInterceptor of http-aop-util-1.2.0 or later

URL scheme and parameters

The login time zone and/or login local may be overwritten using URL parameters to the login service like in the following examples:

login URL

remarks

/http-login/<login.mechanism>/login?tz=America/Los_Angeles

login with the browser's default locale and Los Angeles time zone

/http-login/<login.mechanism>/login?tz=GMT+01:00&locale=fr

login with a timezone with fixed offset and a french locale.

/http-login/<login.mechanism>/login?locale=fr-CA

login with a french canadian locale.

Testpad

There is a small testpad application to play with this adapter.

It is provided as an OSGi bundle, which may be activated by

obr:addurl http://maven.clazzes.org/repository.xml
obr:deploy http-login-testpad

The maven artifact is:

<groupId>org.clazzes.login</groupId>
<artifactId>http-login-testpad</artifactId>

Configuration

The following configuration overview is valid as of version 1.3.0, which will be released around 2013-10-28.

Name

Description

doTimeZoneDetection

Set to true for multi-time-zone applications. Defaults to false.

ephemeralOtpSeconds

The lifetime of ephemeral tokens in seconds.

failureTimeout

Delay penalty after bad login attempts, in ms. Default to 500.

mailSender

Mail address of the sender of mails for two-factor authentication containing an ephemeral token.

sameSitePolicy:
Set to Lax to lig
secureCookie

Wether to flag the session cookie as secure. Defaults to false.
Set to true for https-only operations, which is highly recommended.

sessionCookie

Name of session cookie. Defaults to LOGIN_SESSION_ID.

sessionTimeout

Session timeout in minutes. Defaults to 180 (=3 hours).

  
smsSender

SMS sender number of SMSes for two-factor authentication containing an ephemeral token.