HTTP Login Adapter

The login-service-adapter org.clazzes.login.adapter.http listens for providers of the DomainPasswordLoginService interface and exports them adapted as a HttpLoginService (see

It is provided as an OSGi bundle, which may be activated by

obr:deploy http-login-adapter

The maven artifact is:


URL of exported DomainPasswordLoginService/http-login/<login.mechanism>/login
<login.mechanism> beeing i.e. org.clazzes.login.jaas for org.clazzes.login.jaasorg.clazzes.login.ldap from org.clazzes.login.ldaporg.clazzes.login.http from org.clazzes.login.http.
Older implementations may have not used the org.clazzes.login. part, i.e. jaas instead of org.clazzes.login.jaas and so on.

Starting with version 1.2.0 of http-login-adapter, the timezone of the user logging in is determined via javascript and propagated to the server as the login time zone, when the configuration parameter doTimeZoneDetection=true is set. The login timezone may be queried using HttpLoginServer.getTimeZone() or ThreadLocalManager.getLoginTimeZone() when using HttpCheckLoginInterceptor of http-aop-util-1.2.0 or later

URL scheme and parameters

The login time zone and/or login local may be overwritten using URL parameters to the login service like in the following examples:

login URLremarks
login with the browser's default locale and Los Angeles time zone
login with a timezone with fixed offset and a french locale.
login with a french canadian locale.


There is a small testpad application to play with this adapter.

It is provided as an OSGi bundle, which may be activated by

obr:deploy http-login-testpad

The maven artifact is:



The following configuration overview is valid as of version 1.3.0, which will be released around 2013-10-28.

doTimeZoneDetectionSet to true for multi-time-zone applications. Defaults to false.
failureTimeoutDelay penalty after bad login attempts, in ms. Default to 500.
secureCookieWether to flag the session cookie as secure. Defaults to false.
Set to true for https-only operations, which is highly recommended.
sessionCookieName of session cookie. Defaults to LOGIN_SESSION_ID.
sessionTimeoutSession timeout in minutes. Defaults to 180 (=3 hours).


Mail address of the sender of mails for two-factor authentication containing an ephemeral token.


SMS sender number of SMSes for two-factor authentication containing an ephemeral token.


The lifetime of ephemeral tokens in seconds.