Ok. Makes sense. Thanks -Vincent > -----Original Message----- > From: Kazuhito SUGURI [mailto:[EMAIL PROTECTED] > Sent: 27 February 2004 18:07 > To: [EMAIL PROTECTED] > Subject: Re: FormAuthentication (bug #17933) > > Thank you Vincent. > > In article <[EMAIL PROTECTED]>, > Fri, 27 Feb 2004 10:24:00 +0100, > "Vincent Massol" <[EMAIL PROTECTED]> wrote: > vmassol> Note: For my own understanding, could you tell me briefly why it > is > vmassol> sometimes required to call setExpected(Pre)AuthResponse to set an > vmassol> expected response different than 302? I thought it was standard? > > Yes, I think it is the defact standard. > However, the implementation of the authentication sequence > can be changed due to application level constraints. > > For example, some borwser implemented for STBs does not follow > redirect response like 302. > IF an application needs such browser (STB) and still requires > the form authentication, the mechanism may be changed to something like: > C->S: request to the restricted resource of the server > S: store the request information in the session scope > S->C: return a login-form page with the response code 200 > C->S: send credentials > S->C: return the resource requested at first, > if the authentication succeeded > > As I understand, the form authentication mechanism can be customized > to perform such kinds of sequence. > This is why I added the accessors to the FormAuthentication. > > Regards, > ---- > Kazuhito SUGURI > E-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
