[ https://issues.apache.org/jira/browse/OFBIZ-1906?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-1906. ---------------------------------- Resolution: Fixed Fix Version/s: SVN trunk Thanks Guy and Luke, Your patch is in trunk revision: 736660 . I will put the PDF in the Wiki soon... > Allow use of HttpServletRequest.getRemoteUser() for 3rd party authentication > ---------------------------------------------------------------------------- > > Key: OFBIZ-1906 > URL: https://issues.apache.org/jira/browse/OFBIZ-1906 > Project: OFBiz > Issue Type: Improvement > Components: framework > Affects Versions: SVN trunk > Reporter: Guy Gershoni > Assignee: Jacques Le Roux > Priority: Minor > Fix For: SVN trunk > > Attachments: ArlSettingUpCasOnOfbiz5.pdf, > security-remoteuser_login.diff, security-remoteuser_login_v2.diff > > Original Estimate: 4h > Remaining Estimate: 4h > > Am using CAS (http://www.ja-sig.org/products/cas/) to do authentication > which, with the standard CAS Java client, populates the > HttpServletRequest.getRemoteUser() with the user it has authenticated > (http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml... > bottom of page).. > Have noticed in framework/security/config/security.properties on line 73 > there is the following: > # -- HTTP header based ID (for integrations; uncomment to enable) > #security.login.http.header=REMOTE_USER > which is then processed by > framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java around line > 611 on: > So would like to add the following to security.properties: > # -- HttpServletRequest getRemoteUser() based ID (for integrations; uncomment > to enable) > #security.login.http.servlet.getremoteuser.allow=true > and in LoginWorker.java add some code to check property and suck in remote > user from request if O.K. > Am developing patch. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.