Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-135

Give LoginUrlStrategy access to the current HttpServletRequest

    XMLWordPrintable

Details

    • Improvement
    • Status: Open
    • Medium
    • Resolution: Unresolved
    • 0.38.3
    • None
    • None
    • true

    Description

      LoginUrlStrategy is a good idea, but implementations are limited to evaluating the SecurityConfig. If implementations had access to the HttpServletRequest, a wider range of strategies could be implemented.

      For this particular usecase (probably handled/addressed with Crowd) we need Jira/Confluence to allow logins via our institutions' single sign on (Siteminder) and the local Jira database. Allowing LoginUrlStrategy access to the HttpServletRequest gives us the ability to redirect users to the correct login/logout links, and allows access to two different login servlets (the SecurityFilter grants access to the login servlet if the requested URL matches the login url).

      Patch attached, unit tests pass.

      Attachments

        1. LoginStrategy.patch
          19 kB
          Elliot Metsger
        2. seraph-config.xml
          2 kB
          Elliot Metsger
        3. SiteminderLoginUrlStrategy.java
          4 kB
          Elliot Metsger
        4. SiteminderLoginUrlStrategy.java
          3 kB
          Elliot Metsger
        5. SiteminderLoginUrlStrategyTest.java
          4 kB
          Elliot Metsger

        Activity

          People

            Unassigned Unassigned
            f17c49c9bf6b Elliot Metsger
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              7 years, 21 weeks, 6 days ago