> From: Greg Weinger [mailto:[EMAIL PROTECTED]]
>
> <snip/>
>
> > > But the servlet spec doesn't allow a servlet to set the user
> > > credentials in the container.
> >
> > It will be set for you by the container.
> >
> > Servlet spec 2.3, SRV.12.5.3 Form Based Authentication:
> > 4. The container attempts to authenticate the user
> > using the information from the form.
> >
> > If you want to do this by yourself, then yes, it is not specified in
> > the spec how to do this.
>
> I always handle this by myself, because of design requirements. What
> are other people's experiences?
Design requirements??? The form is 100% under your control.
> > But spec implementations usually provide you with
> > the (non-statndard) way to handle this correctly (i.e. it will
> > propagate
> > Principal you provided into the container). I remember some examples
> > from the Bea WebLogic server.
> >
>
> And IHMO this sucks, because it's container-specific. I would like an
> abstraction for it within Cocoon as well, or at least a standard way
of
> handling it.
Any Cocoon level abstraction will be unportable and non-cooperative in
terms of integration with servlet, EJB containers and J2EE platform as a
whole.
> > Not good; This would not be propagated to the other environments,
say,
> > into an EJB. Not to say that this is against any standards Java has.
> > And, same could be done using session:
> >
> > public Principal getUserPrincipal() {
> > if (session.getAttribute("userPrincipal") == null) {
> > return request.userPrincipal;
> > } else {
> > return session.getAttribute("userPrincipal");
> > }
> > }
>
> That's what I was thinking; I like the idea of having "reserved"
Session
> or Request attributes that hold that the user information.
You are free to use this. Just put together couple of lines as a Cocoon
action or XSP or etc. But take into account point above: it won't work
with EJBs/other servlets/etc.
Vadim
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
