Re: [Acegisecurity-developer] Support for HTTP request memento in Form Authenticator

Sun, 12 Jun 2005 13:54:15 -0700 

Hi,
I don't see how you can store a copy of the login parameters in the session and then retrieve them "in the event of session expiration". Won't an expired session be destroyed by the container, along with any attributes it contains? 


The tomcat code (saveRequest, restoreRequest methods) looks like it is 
being used for restoring an original secured request after successful 
form authentication.


Luke.


Curtis Light wrote:

Hello,

 
 I've been looking through the AuthenticationProcessingFilter source

in Acegi Security, and I haven't seen support for storing a memento of
the original HTTP request in the session, providing the ability to let
a user re-authenticate without losing the original HTTP post
parameters in the event of session expiration.  Is this available in
Acegi Security and I'm just not seeing its implementation?

 
 As a side note, Apache Tomcat 5.5.9 does provide this support in its

container managed authentication.  See the "authenticate" method.

 
 http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1.23&view=markup
 
 If this feature is not currently available in Acegi Security, is

there interest in adding (configurable) support for it to the
AuthenticationProcessingFilter?  I could see reasons for NOT wanting
to use this (e.g. session creation denial-of-service attacks), but in
other situations it can be useful.

 
 Thanks,
 
 Curtis





--
 Luke Taylor.                      Monkey Machine Ltd.
 PGP Key ID: 0x57E9523C            http://www.monkeymachine.ltd.uk



-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?

If you want to score the big prize, get to know the little guy.  
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20

_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer






















					Reply via email to