Uploaded image for project: '[Read Only] - Hippo Site Toolkit 2'
  1. [Read Only] - Hippo Site Toolkit 2
  2. HSTTWO-2991

java.security.auth.login.config System property is always overriden by HST container regardless of its existence in system

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • 2.26.11, 2.28.03
    • 2.28.04
    • None
    • None

    Description

      When using an external JAAS module, 'java.security.auth.login.config' can be set as Java system property in the command line (See an example with JOSSO in [1]).

      However, HST container always overrides the system property configuration given in the command line by its default configuration, classpath:org/hippoecm/hst/security/impl/login.conf, resulting in a severe failure to disallow an external JAAS configuration.

      [1] http://www.josso.org/confluence/display/JOSSO1/Tomcat+6.0

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. CMS-7997 Simple SSO Integration Support

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              jsheriff Junaidh Kadhar Sheriff
              wko Woonsan Ko (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: