Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-135

Give LoginUrlStrategy access to the current HttpServletRequest

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • 0.38.3
    • None
    • true

      LoginUrlStrategy is a good idea, but implementations are limited to evaluating the SecurityConfig. If implementations had access to the HttpServletRequest, a wider range of strategies could be implemented.

      For this particular usecase (probably handled/addressed with Crowd) we need Jira/Confluence to allow logins via our institutions' single sign on (Siteminder) and the local Jira database. Allowing LoginUrlStrategy access to the HttpServletRequest gives us the ability to redirect users to the correct login/logout links, and allows access to two different login servlets (the SecurityFilter grants access to the login servlet if the requested URL matches the login url).

      Patch attached, unit tests pass.

        1. SiteminderLoginUrlStrategyTest.java
          4 kB
        2. SiteminderLoginUrlStrategy.java
          3 kB
        3. SiteminderLoginUrlStrategy.java
          4 kB
        4. seraph-config.xml
          2 kB
        5. LoginStrategy.patch
          19 kB

            Unassigned Unassigned
            f17c49c9bf6b Elliot Metsger
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              9 years, 8 weeks, 4 days ago