Up to Documents in Testing General
Currently Being Moderated

test - webAuth Plugin

VERSION 2

Created on: Aug 26, 2007 11:12 AM by LG - Last Modified:  Aug 26, 2007 12:17 PM by LG

I'm using this document for some things ... to decide what to put in 'Plugin Documents' and what to put in the readme.html file of the plugin ... and why webMUC is not yet ready.

So everything you find here may be wrong and not yet available as code.

Feedback is wanted, even if this is only a test.

 

Releases

or Current Release --> see changelog.html

 

Installation

--> see readme.html

 

State

alpha/beta/stable --> see readme.html

 

Developers

Matt Tucker, Derek DeMoro, ...

 

Open Issues

?? link to JIRA ?? do get developers JIRA access ??

 

Source Code

?? link to SVN ?? do get developers SVN access ??

 

Feedback and Discussion

commplugins

 

Description

This plugin allows users to authenticate with a browser using a simple HTML form without the need for AJAX or Javascript. It supports HTTP and HTTPS GET and POST while HTTPS POST is the preferred way. It will set a cookie on the client which allows other plugins like webMUC and webVCard to get the user information. It has nothing to do with HTTP binding and is thus a very simple plugin, also for clients.

 

It comes with an AccessLog module which allows all web* plugins to write a user defined log file (CLF, NCSA, ...). Even the Openfire admin console and core components (like XMPP authentication) can use it.

 

Usage

Define the property plugin.webauth.templatedirectory=/foo/bar/ while in /foo/bar you need to put the index.html file which is used for authentication and should contain a form like:


<html>
<frommethod="POST" action="https://yourdomain/plugins/webAuth/login.jsp">
<input name="JID" type="text" size="30" maxlength="3070">
<input name="pass" type="password" size="10" maxlength="32">
</form>
</html>

 

If the webMUC plugin needs to authenticate the user it will send a redirect to "https://yourdomain/plugins/webAuth/login.jsp?location=https://yourdomain/plugins /webMUC/" to the browser, so after successful authentication the webAuth plugin will send a redirect to the value of 'location'.

 

Roadmap

Add some Javascript to convert the user input to UTF-8 before transferring it.

Add logout.jsp to allow the user to logout.

Add client-side Javascript based public key encryption so one can use it safely over HTTP.

Count the login attempts to avoid password hacking using various techniques like adding Captchas to the login page if the first login did fail or block IP addresses.

Allow to run this as an XML based Webservice.

Average User Rating
(0 ratings)




Comments (0)

There are no comments on this document

More Like This

  • Retrieving data ...

Incoming Links

More by LG

View LG's profile