Issue Details (XML | Word | Printable)

Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: PRE
Reporter: cygnusecks1
Votes: 0
Watchers: 0

If you were logged in you would be able to see more operations.

Skip Authentication filter when using secured (peer-to-peer) web services

Created: 11/Sep/09 04:22 PM   Updated: 15/Feb/10 10:25 AM   Resolved: 11/Sep/09 04:24 PM
Component/s: None
Affects Version/s: None
Fix Version/s: Milestone 1.3

Time Tracking:
Not Specified




 Description  « Hide

Currently, all CeQ web services are protected by an Authentication filter, which is responsible for determining whether the incoming request is valid based on the user's credentials stored in session and/or cookie data.

For secured services (those that I created for use by web venue plugins such as Web Space Server / Liferay), these services do not rely on cookie/sso-based authentication, since it is presumed that the system is configured so that these services can only be used by authorized clients (e.g. using SSL). These services should not be protected by the Authentication servlet.

It is not possible to filter URLs using the simplified <url-pattern> JEE web.xml construct, as it is very limiting. Instead, introduce a filter configuration variable that allows the definition of a regular expression, which, when not matched, will skip the Authentication filter.

cygnusecks1 added a comment - 11/Sep/09 04:24 PM

PRE added a comment - 15/Feb/10 10:25 AM

closed all ticket for Milestone Release 1.3