Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-135

Give LoginUrlStrategy access to the current HttpServletRequest

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • 0.38.3
    • None
    • true

      LoginUrlStrategy is a good idea, but implementations are limited to evaluating the SecurityConfig. If implementations had access to the HttpServletRequest, a wider range of strategies could be implemented.

      For this particular usecase (probably handled/addressed with Crowd) we need Jira/Confluence to allow logins via our institutions' single sign on (Siteminder) and the local Jira database. Allowing LoginUrlStrategy access to the HttpServletRequest gives us the ability to redirect users to the correct login/logout links, and allows access to two different login servlets (the SecurityFilter grants access to the login servlet if the requested URL matches the login url).

      Patch attached, unit tests pass.

        1. LoginStrategy.patch
          19 kB
          Elliot Metsger
        2. seraph-config.xml
          2 kB
          Elliot Metsger
        3. SiteminderLoginUrlStrategy.java
          4 kB
          Elliot Metsger
        4. SiteminderLoginUrlStrategy.java
          3 kB
          Elliot Metsger
        5. SiteminderLoginUrlStrategyTest.java
          4 kB
          Elliot Metsger

              Unassigned Unassigned
              f17c49c9bf6b Elliot Metsger
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                9 years, 33 weeks, 6 days ago