Thank you Vincent.
In article <[EMAIL PROTECTED]>,
Fri, 27 Feb 2004 10:24:00 +0100,
"Vincent Massol" <[EMAIL PROTECTED]> wrote:
vmassol> Note: For my own understanding, could you tell me briefly why it is
vmassol> sometimes required to call setExpected(Pre)AuthResponse to set an
vmassol> expected response different than 302? I thought it was standard?
Yes, I think it is the defact standard.
However, the implementation of the authentication sequence
can be changed due to application level constraints.
For example, some borwser implemented for STBs does not follow
redirect response like 302.
IF an application needs such browser (STB) and still requires
the form authentication, the mechanism may be changed to something like:
C->S: request to the restricted resource of the server
S: store the request information in the session scope
S->C: return a login-form page with the response code 200
C->S: send credentials
S->C: return the resource requested at first,
if the authentication succeeded
As I understand, the form authentication mechanism can be customized
to perform such kinds of sequence.
This is why I added the accessors to the FormAuthentication.
Regards,
----
Kazuhito SUGURI
E-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
