History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES       CREATE NEW ISSUE   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: AMATH-648
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Stefan Winterstein
Reporter: Stefan Winterstein
Votes: 0
Watchers: 0
Operations

Link this issue to another issue
If you were logged in you would be able to see more operations.
ActiveMath

Security module must die, die, die...

Created: 2005-09-28 15:09   Updated: 2006-11-10 15:11
Component/s: ThirdParty Modules, Webapp: Framework, Base, General
Affects Version/s: None
Fix Version/s: 1.0

Time Tracking:
Not Specified


 Description  « Hide
The security module in thirdParty is causing major pains in the a**. I suspect it to be the cause of some of the login problems that surfaced at the IOE test.

We should scratch it completely:

  • session cookie handling should be done by Tomcat and our AppSession
  • the ticket code in there should move up into the application

 All   Comments   Work Log   Change History   Version Control   FishEye   Crucible   Related Builds      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Stefan Winterstein - 2005-09-28 15:09
Related and possibly affected are:

AMATH-539 Stay logged on this computer
AMATH-316 AutoLogin does not work


[ Permlink | « Hide ]
Stefan Winterstein - 2006-03-31 15:03
I think is currently is only needed for the identities of the demo users, so we should be able to drop it entirely sometime...

[ Permlink | « Hide ]
Stefan Winterstein - 2006-09-21 09:09
Removal of security.jar is also needed for licensing reasons for 1.0.

[ Permlink | « Hide ]
Stefan Winterstein - 2006-09-21 11:09
Okay, here are the dependencies we still have on security.jar:
  • Authentication of demo users relies on checking the hashed password (from PermanentIndenticator.isIdentificationCorrect()
  • old classes that still use the module directly:
  • TOCEditServlet
  • ProxyServlet
  • HistoryServlet
  • AMRequest (used by ServletLoader, LUIOMegaProxy, GenericConsoleProxy)

All other dependencies are relatively easy to get rid off, but these need special care.


[ Permlink | « Hide ]
Stefan Winterstein - 2006-11-07 15:11
To summarize: I think we need to drop support for the old proxy exercises, along with the old TocEdit servlet, in order to get rid of security.jar.

Paul?


[ Permlink | « Hide ]
Stefan Winterstein - 2006-11-10 15:11
Okay, security.jar and everything connected to it is buried:
  • proxy exercises
  • session manager
  • various old servlets
  • genEntropy, passwdConvert

Good riddance...
Powered by a free Atlassian JIRA open source license for ActiveMath . Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.12.2-#300) - Bug/feature request - Atlassian news - Contact Administrators