portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Woonsan Ko <woon_...@yahoo.com>
Subject Re: Secure a Portlet
Date Thu, 09 Sep 2010 18:04:58 GMT
Hi Murali,

Here are two more things you could keep in mind:
(1) The login form in the JSP page could have an additional parameter named 'org.apache.jetspeed.login.destination'.
So, you could provide this parameter to redirect back to http://.. url.
(2) In /jetspeed/WEB-INF/assembly/administration.xml, there's a bean, id='org.apache.jetspeed.administration.PortalAuthenticationConfiguration',
the first constructor-arg of which forces session invalidation when authenticated. So, if
you meet any problem with session invalidation, you could change this in your testing.

By the way, I've created an issue to improve this:
https://issues.apache.org/jira/browse/JS2-1212

Regards,

Woonsan


--- On Thu, 9/9/10, Woonsan Ko <woon_san@yahoo.com> wrote:

> From: Woonsan Ko <woon_san@yahoo.com>
> Subject: Re: Secure a Portlet
> To: "Jetspeed Developers List" <jetspeed-dev@portals.apache.org>
> Date: Thursday, September 9, 2010, 6:08 PM
> Hi Murali,
> 
> I haven't tried it yet, but the basic idea is to establish
> session via http and submit the login form to https later to
> share the same session between http/https requests.
> In j2-admin, you can find the login page JSP page (e.g.,
> /WEB-INF/security/login/login.jsp). There you can also find
> a html form tag like the following:
> 
> <form method="POST" action='<c:url
> context="${portalContextPathInUrlTag}"
> value="${destLogin}"/>'>
> 
> I think you can give a try by making the action attribute
> an absolute url with https.
> 
> Regards,
> 
> Woonsan
> 
> --- On Thu, 9/9/10, Murali.M <murali.m@excelacom.in>
> wrote:
> 
> > From: Murali.M <murali.m@excelacom.in>
> > Subject: Secure a Portlet
> > To: jetspeed-dev@portals.apache.org
> > Date: Thursday, September 9, 2010, 9:37 AM
> > 
> > Hi all,
> > I'm trying to make the Login Portlet in the j2-admin
> secure
> > i.e. when I
> > traverse to the page containing the Login Portlet I
> want to
> > use https
> > instead of http. Please help me achieving this.
> > 
> > 
> > Thanks and Regards,
> > Murali Meriga.
> > -- 
> > View this message in context: http://old.nabble.com/Secure-a-Portlet-tp29647374p29647374.html
> > Sent from the Jetspeed - Dev mailing list archive at
> > Nabble.com.
> > 
> > 
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> > 
> > 
> 
> 
>       
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> 
> 


      

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message