0004119: Security token in header and session authentication - SymmetricDS

ID	Project	Category	View Status	Date Submitted	Last Update

0004119	SymmetricDS	New Feature	public	2019-10-23 17:45	2019-11-15 14:04

Reporter	elong	Assigned To	elong
Priority	normal
Status	closed	Resolution	fixed
Product Version	3.11.0
Target Version	3.11.0	Fixed in Version	3.11.0

Summary	0004119: Security token in header and session authentication
Description	For authentication, move the security token from a URL request parameter to the header. This prevents accidentally logging the security token with the URL. Reduce the number of times a node is authenticated and passes its security token by creating a session based on a cookie. Allow a setting that expires the session after a period of time to re-authenticate. # When authenticating a client node, create a session on the server and give a cookie to the client # that can be sent with subsequent requests. This avoids authenticating every request and limits # how often the security token is sent. http.use.session.auth=true # How long in seconds an authenticated node can keep a session before it expires and the node must be # authenticated again. A value of zero or less means never expire. http.session.expire.seconds=14400 # When authenticating to a server node, send the security token in the request header instead # of using a URL parameter. Using the request header avoids accidentally logging the # security token. The transport uses the remote node's version to determine if it should use header or parameter. # Set this to false to force usage of the older parameter style of authentication. http.use.header.security.token=true
Tags	No tags attached.

SymmetricDS: 3.11 96f739ef 2019-10-23 13:47:25 admin Details Diff	0004119: Security token in header and session authentication	Affected Issues 0004119
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/common/ParameterConstants.java	Diff File
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/service/impl/AbstractOfflineDetectorService.java	Diff File
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/service/impl/BandwidthService.java	Diff File
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/AuthenticationException.java	Diff File
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/http/HttpIncomingTransport.java	Diff File
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/http/HttpOutgoingTransport.java	Diff File
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/http/HttpTransportManager.java	Diff File
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/web/WebConstants.java	Diff File
	mod - symmetric-core/src/main/resources/symmetric-default.properties	Diff File
	mod - symmetric-server/src/main/java/org/jumpmind/symmetric/SymmetricLauncher.java	Diff File
	mod - symmetric-server/src/main/java/org/jumpmind/symmetric/SymmetricWebServer.java	Diff File
	mod - symmetric-server/src/main/java/org/jumpmind/symmetric/web/AuthenticationInterceptor.java	Diff File
	mod - symmetric-server/src/main/java/org/jumpmind/symmetric/web/ServerSymmetricEngine.java	Diff File
SymmetricDS: 3.11 6edb0bc7 2019-10-24 11:02:04 admin Details Diff	0004119: Security token in header and session authentication	Affected Issues 0004119
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/SymmetricPushClient.java	Diff File
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/http/HttpIncomingTransport.java	Diff File
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/http/HttpOutgoingTransport.java	Diff File
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/http/HttpTransportManager.java	Diff File
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/web/WebConstants.java	Diff File
	mod - symmetric-core/src/main/resources/symmetric-default.properties	Diff File
	mod - symmetric-server/src/main/java/org/jumpmind/symmetric/web/AuthenticationInterceptor.java	Diff File
	add - symmetric-server/src/main/java/org/jumpmind/symmetric/web/AuthenticationSession.java	Diff File
	mod - symmetric-server/src/main/java/org/jumpmind/symmetric/web/ServerSymmetricEngine.java	Diff File

Date Modified	Username	Field	Change
2019-10-23 17:45	elong	New Issue
2019-10-23 17:45	elong	Status	new => assigned
2019-10-23 17:45	elong	Assigned To	=> elong
2019-10-23 17:48	elong	Status	assigned => resolved
2019-10-23 17:48	elong	Resolution	open => fixed
2019-10-23 17:48	elong	Fixed in Version	=> 3.11.0
2019-10-23 18:00	admin	Changeset attached	=> SymmetricDS 3.11 96f739ef
2019-10-24 16:00	admin	Changeset attached	=> SymmetricDS 3.11 6edb0bc7
2019-11-15 14:04	admin	Status	resolved => closed

View Issue Details

Activities

Related Changesets

Issue History