community-equity
  1. community-equity
  2. COMMUNITY_EQUITY-267

Skip Authentication filter when using secured (peer-to-peer) web services

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: Milestone 1.3
    • Component/s: None
    • Labels:
      None
    • Environment:

      All

      Description

      Currently, all CeQ web services are protected by an Authentication filter, which is responsible for determining whether the incoming request is valid based on the user's credentials stored in session and/or cookie data.

      For secured services (those that I created for use by web venue plugins such as Web Space Server / Liferay), these services do not rely on cookie/sso-based authentication, since it is presumed that the system is configured so that these services can only be used by authorized clients (e.g. using SSL). These services should not be protected by the Authentication servlet.

      It is not possible to filter URLs using the simplified <url-pattern> JEE web.xml construct, as it is very limiting. Instead, introduce a filter configuration variable that allows the definition of a regular expression, which, when not matched, will skip the Authentication filter.

        Activity

        Hide
        cygnusecks1 added a comment -
        Show
        cygnusecks1 added a comment - Fixed as described in revision 232. http://kenai.com/projects/community-equity/sources/svn/revision/232
        Hide
        PRE added a comment -

        closed all ticket for Milestone Release 1.3

        Show
        PRE added a comment - closed all ticket for Milestone Release 1.3

          People

          • Assignee:
            PRE
            Reporter:
            cygnusecks1
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: