use POST rather than GET for login to prevent password being in http logs

git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1324830 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/archiva-modules/archiva-web/archiva-webapp-js/src/main/webapp/js/redback/user.js b/archiva-modules/archiva-web/archiva-webapp-js/src/main/webapp/js/redback/user.js
index 8960766277f8ad9c96b7c0afdb7a7a8a84ab172e..c41da3c53904ca45956d3ebdfb876f6d1912f448 100644 (file)
--- a/archiva-modules/archiva-web/archiva-webapp-js/src/main/webapp/js/redback/user.js
+++ b/archiva-modules/archiva-web/archiva-webapp-js/src/main/webapp/js/redback/user.js
@@ -496,9 +496,6 @@ define("redback.user",["jquery","order!utils","i18n","jquery.validate","order!kn
     //#modal-login-footer
     $('#modal-login-footer').append(smallSpinnerImg());
 
-    var url = 'restServices/redbackServices/loginService/logIn?userName='+$("#user-login-form-username").val();
-    url += "&password="+$("#user-login-form-password").val();
-
     loginCall($("#user-login-form-username").val(),$("#user-login-form-password").val()
         ,successLoginCallbackFn,errorLoginCallbackFn,completeLoginCallbackFn);
 
@@ -513,11 +510,14 @@ define("redback.user",["jquery","order!utils","i18n","jquery.validate","order!kn
    * @param completeCallbackFn
    */
   loginCall=function(username,password,successCallbackFn, errorCallbackFn, completeCallbackFn) {
-    var url = 'restServices/redbackServices/loginService/logIn?userName='+username;
-    url += "&password="+password;
+    var url = 'restServices/redbackServices/loginService/logIn';//?userName='+username;
+    //url += "&password="+password;
 
     $.ajax({
       url: url,
+      type: 'POST',
+      contentType: 'application/json',
+      data: JSON.stringify({username:username,password:password}),
       success: successCallbackFn,
       error: errorCallbackFn,
       complete: completeCallbackFn