-
Type:
New Feature
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Won't Fix
-
Affects Version/s: 5.4.2
-
Fix Version/s: None
-
Component/s: Ergonomy & UX, Seam / JSF UI
-
Tags:
The aim of this feature is to stay connected, even if the user closes her browser: a checkbox "Stay connected/Remember me" will be added on the login page
This contribution contains:
- a class ImaFormAuthenticator that extends FormAuthenticator and implements NuxeoAuthenticationPluginLogoutExtension
- a configuration file /OSGI-INF/auth-contrib.xml (with a dependency on org.nuxeo.ecm.platform.ui.web.auth.defaultConfig)
- a custom login page nuxeo.war/login.jsp based on the standard login.jsp and add a checkbox "Remember me" (need to fill messages_XX.properties for each language)
The declaration of ImaFormAuthenticator in /OSGI-INF/auth-contrib.xml uses the parameters from FormAuthenticator, LoginPage, UsernameKey, PasswordKey, and adds some new ones:
- RemembermeKey: name of the checkbox "Remember me" in the login page
- AuthCookieName: name of the cookie
- AuthCookieDuration: cookie duration
- AuthCookieDurationRefresh:
- true to extend cookie duration every time a page is loaded
- false otherwise, in that case the cookie will expire if there is no reconnection
Caution:
- username and password are encoded (not crypted) in the cookie (encoding of UserIdentificationInfo object with org.nuxeo.common.utils.Base64)
- the cookie is independant of the IP address of the client (the user will stay connected even if she changes of wireless network with her notebook, but this mechanism exposes itself to cookie theft)
