Olaf Kock schrieb:
Simon Kitching schrieb:
By the way, I don't see cookies as a lot more secure. The cookie text is
also sent in plain text in both the request and response bodies. There
aren't many cases where someone can intercept the url but not the
cookies. But thanks for the
Just for the record (in case someone else wants to do this), enabling
url rewriting support seems to be fairly easy. I have:
* added a servlet filter which stores the HttpServletResponse in a
thread-local
* implemented a custom URLConstructor (subclassing
DefaultURLConstructor) which overrides
Simon --
I've been gently tweaking Janne from time to time about externalizing
the URL constructors in a similar manner to what you describe,
although the use I had in mind wasn't related to session IDs.
Something like http://tuckey.org/urlrewrite/ would do nicely, and
would certainly
Hi,
I am using container managed authentication (using NTLM) but
still set up a database just for saving users' full names. The problem
is that JDBCUserDatabase.save(...) generates an exception
when executing the following statement:
if (