Hi David, I tried this out and it seems to do what I want, so thanks very much. Sorry to take so long to actually use a feature that I requested!
One question though: In the LoginProxyServlet, you redirect to: "/login/redirector?token=" + token.getToken() where the token value is the username-timestamp. Is this token request parameter used later on in the chain? It doesn't seem to affect the behavior of the authentication mechanism or the security valve. The reason I ask is if it is informational only, I'd suggest removing it. In my case, it stays visible for a second or two while our dashboard loads and it just seems weird to see the username in the URL. Anyhow, obviously not a big deal provided it isn't a security issue (and I'm pretty sure it is not since I tried doing some basic URL manipulation). Anyhow, thanks again. I'll also post this comments on the JIRA issue in case you miss this thread... -aaron On Tue, Sep 23, 2008 at 6:01 PM, David Sean Taylor <[EMAIL PROTECTED]> wrote: > On Sep 23, 2008, at 10:59 AM, Aaron Evans wrote: > >> Does anyone know how to configure this feature? >> >> https://issues.apache.org/jira/browse/JS2-712 >> >> Basically, it makes it so that if a client browser re-posts to the >> login URI with some different credentials, the old session is turfed >> and a new one created... >> >> thanks in advance, >> aaron >> > > JS2-712 has been available since 2.1.2. > Its configured in administration.xml, see constructor argument 0, defaulted > to false. You will need to set it to true > > <bean > id='org.apache.jetspeed.administration.PortalAuthenticationConfiguration' > > > class='org.apache.jetspeed.administration.PortalAuthenticationConfigurationImpl'> > > <!-- create new session upon authentication --> > <constructor-arg index='0'> > <value>false</value> > </constructor-arg> > <!-- hard session timeout limit in seconds, regardless of (in)activity, > setting to 0 turns off this feature > note:this feature should be used with 'create new session > upon authentication' feature > --> > <constructor-arg index='1'> > <value>0</value> > </constructor-arg> > <!-- redirect location for hard session expiration --> > <constructor-arg index='2'> > <value>/login/logout</value> > </constructor-arg> > </bean> > > Give it a try and let me know if that is what you need. I didn't seem to > close the issue upon completing it > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
