incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexey Kakunin <akaku...@emdev.ru>
Subject Re: login via url parameters
Date Mon, 25 May 2009 14:23:52 GMT
One of the implementation for SSO is donewith storing some security token in
cookies.

Like:
1. Login is done in System1, System1 generated some security token and
placed it into cookies
2. User navigated to System2 (JspWiki in our case) - security filter in
System2 analized security token in cookies, and perform (if it is possible)
login with using information in this security token

Spring-Security (for example) has algorithms for SSO implemented.

I'm afraid JspWiki has no SSO implemented out-of-box - but, I may be wrong

2009/5/25 Kinicky <kinicky@gmail.com>

> yes i know about this security issue.
>
> i'm trying to implement SSO with another system and this other system asks
> for the parameters. i can use post to do the SSO but i didnt succeed so i'm
> just trying the GET method now because is more clear and easy to test.
>
> On Mon, May 25, 2009 at 10:24 AM, Andrew Jaquith <
> andrew.r.jaquith@gmail.com
> > wrote:
>
> > This is a very bad idea. Among other things, the GET is likely to be
> > logged, which means the user's password will be exposed and recorded.
> >
> > What are you trying to do?
> >
> > Andrew
> >
> >
> > On May 25, 2009, at 9:19, Kinicky <kinicky@gmail.com> wrote:
> >
> >  hi everyone,
> >>
> >> is it possible to login in JSPWiki by passing the parameters in URL?
> >>
> >> i'm tried this: http://
> >> <server>/JSPWiki/Login.jsp?j_username=<username>&j_password=<password>
> >>
> >> tks!
> >>
> >
>



-- 
With Best Regards,
Alexey Kakunin, EmDev Limited

Professional Software Development:
http://www.emdev.ru

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message