<snip/>
> > But the servlet spec doesn't allow a servlet to set the user
> credentials
> > in the container.
>
> It will be set for you by the container.
>
> Servlet spec 2.3, SRV.12.5.3 Form Based Authentication:
> 4. The container attempts to authenticate the user
> using the information from the form.
>
> If you want to do this by yourself, then yes, it is not specified in
the
> spec how to do this.
I always handle this by myself, because of design requirements. What
are other people's experiences?
>But spec implementations usually provide you with
> the (non-statndard) way to handle this correctly (i.e. it will
propagate
> Principal you provided into the container). I remember some examples
> from the Bea WebLogic server.
>
And IHMO this sucks, because it's container-specific. I would like an
abstraction for it within Cocoon as well, or at least a standard way of
handling it.
<snip/>
> Not good; This would not be propagated to the other environments, say,
> into an EJB. Not to say that this is against any standards Java has.
> And, same could be done using session:
>
> public Principal getUserPrincipal() {
> if (session.getAttribute("userPrincipal") == null) {
> return request.userPrincipal;
> } else {
> return session.getAttribute("userPrincipal");
> }
> }
That's what I was thinking; I like the idea of having "reserved" Session
or Request attributes that hold that the user information.
Greg
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
