[MAGNOLIA-1166] SecurityFilter should use protected static final properties and protected authenticate method Created: 27/Oct/06  Updated: 23/Jan/13  Resolved: 27/Oct/06

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 3.0 RC3
Fix Version/s: 3.0 RC4

Type: New Feature Priority: Major
Reporter: Anthony Ogier Assignee: Magnolia International
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: 1m
Time Spent: Not Specified
Original Estimate: 1m

Attachments: Text File SecurityFilter_protected.patch    
Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

I'm currently writing a module to add the CAS Filter [1] functionalities to Magnolia.
The interest of CAS is that the client application (Magnolia here) will never see the login / password which is directly sent to the CAS server by SSL tunnel, and then the client application checks if the user has been logged in to the CAS server (with a "ticket" system).

In Magnolia, the SecurityFilter is the only one to know which URL must be protected, reading the conf from JCR. It uses the JAAS LoginModule system to authenticate the user, BUT when calling the JAAS LoginModule, it's allready too late, the login page has been sent to the user by the SecurityFilter, and login & password sent to Magnolia.
I've written the CAS Module using a class which extends the SecurityFilter (in order to beneficiate of the JCR URL path resolution), BUT I've been forced to put the static final properties and the authenticate method in protected visibility.

I think, it should be protected, in order to extend the filter in the way I've extended it.
Thanks,
Anthony



 Comments   
Comment by Anthony Ogier [ 27/Oct/06 ]

The patch

Comment by Magnolia International [ 27/Oct/06 ]

Patch applied - looking forward for adding CAS to our feature list

Generated at Mon Feb 12 03:24:18 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.