#104 LoginSelectorAction doesn't heed properties

[vargo]

LoginSelectorAction doesn't properly listen to SSOWebConfiguration, and is missing other obvious configurability. For example, SSOWebConfiguration#isRememeberMeEnabled() is not verified before checking for RememberMe token. Likewise, StrongAuth is disabled if the user doesn't provide a certificate -- in cases where strongAuth is the only authentication scheme, the login should immediately terminate at this point and redirect to error page, not go on to force-try BasicAuth anyway.

Something like:

[LoginSelectorAction ~line 99]
+ if (ssoWebConfiguration.isRememberMeEnabled()) {
String remembermeCookieName = JOSSO_REMEMBERME_TOKEN + "_" + SSOContext.getCurrent().getSecurityDomain().getName();

and something like:
[LoginSelectorAction ~line 69]
SSOWebConfiguration ssoWebConfiguration = SSOContext.getCurrent().getSecurityDomain().getSSOWebConfiguration();

// Strong Authentication
/*
boolean clientAuth =
(request.getAttribute("javax.servlet.request.X509Certificate") != null);
*/
ActionForward af = mapping.findForward("strong-authentication");

if (af != null) { //clientAuth) {

would be a crude work-around.