View Issue Details

IDProjectCategoryView StatusLast Update
0004119SymmetricDSNew Featurepublic2019-10-24 12:00
ReporterelongAssigned Toelong 
Prioritynormal 
Status resolvedResolutionfixed 
Product Version3.11.0 
Target Version3.11.0Fixed in Version3.11.0 
Summary0004119: Security token in header and session authentication
DescriptionFor authentication, move the security token from a URL request parameter to the header. This prevents accidentally logging the security token with the URL. Reduce the number of times a node is authenticated and passes its security token by creating a session based on a cookie. Allow a setting that expires the session after a period of time to re-authenticate.

# When authenticating a client node, create a session on the server and give a cookie to the client
# that can be sent with subsequent requests. This avoids authenticating every request and limits
# how often the security token is sent.
http.use.session.auth=true

# How long in seconds an authenticated node can keep a session before it expires and the node must be
# authenticated again. A value of zero or less means never expire.
http.session.expire.seconds=14400

# When authenticating to a server node, send the security token in the request header instead
# of using a URL parameter. Using the request header avoids accidentally logging the
# security token. The transport uses the remote node's version to determine if it should use header or parameter.
# Set this to false to force usage of the older parameter style of authentication.
http.use.header.security.token=true
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Related Changesets

SymmetricDS: 3.11 96f739ef

2019-10-23 13:47:25

admin

Details Diff
0004119: Security token in header and session authentication
0004119
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/common/ParameterConstants.java Diff File
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/service/impl/AbstractOfflineDetectorService.java Diff File
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/service/impl/BandwidthService.java Diff File
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/AuthenticationException.java Diff File
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/http/HttpIncomingTransport.java Diff File
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/http/HttpOutgoingTransport.java Diff File
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/http/HttpTransportManager.java Diff File
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/web/WebConstants.java Diff File
mod - symmetric-core/src/main/resources/symmetric-default.properties Diff File
mod - symmetric-server/src/main/java/org/jumpmind/symmetric/SymmetricLauncher.java Diff File
mod - symmetric-server/src/main/java/org/jumpmind/symmetric/SymmetricWebServer.java Diff File
mod - symmetric-server/src/main/java/org/jumpmind/symmetric/web/AuthenticationInterceptor.java Diff File
mod - symmetric-server/src/main/java/org/jumpmind/symmetric/web/ServerSymmetricEngine.java Diff File

SymmetricDS: 3.11 6edb0bc7

2019-10-24 11:02:04

admin

Details Diff
0004119: Security token in header and session authentication
0004119
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/SymmetricPushClient.java Diff File
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/http/HttpIncomingTransport.java Diff File
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/http/HttpOutgoingTransport.java Diff File
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/http/HttpTransportManager.java Diff File
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/web/WebConstants.java Diff File
mod - symmetric-core/src/main/resources/symmetric-default.properties Diff File
mod - symmetric-server/src/main/java/org/jumpmind/symmetric/web/AuthenticationInterceptor.java Diff File
add - symmetric-server/src/main/java/org/jumpmind/symmetric/web/AuthenticationSession.java Diff File
mod - symmetric-server/src/main/java/org/jumpmind/symmetric/web/ServerSymmetricEngine.java Diff File

Issue History

Date Modified Username Field Change
2019-10-23 13:45 elong New Issue
2019-10-23 13:45 elong Status new => assigned
2019-10-23 13:45 elong Assigned To => elong
2019-10-23 13:48 elong Status assigned => resolved
2019-10-23 13:48 elong Resolution open => fixed
2019-10-23 13:48 elong Fixed in Version => 3.11.0
2019-10-23 14:00 admin Changeset attached => SymmetricDS 3.11 96f739ef
2019-10-24 12:00 admin Changeset attached => SymmetricDS 3.11 6edb0bc7