> Sylvain Wallez wrote: > <snip> > > > >>A question about sunRise : is it possible to use standard HTTP > >>authentication and authorization ? AFAICS, it seems to be very tied to > >>form-based and application-managed authentication. > >> > > > >You can use any information you can reach from within the Java code. > >I'm not sure if there is a change to get the HTTP authentication infos. > >If yes, you can use sunRise. > > > The problem comes from the login page. With HTTP authentication, you > don't have a dedicated login page, and thus cannot use this one to > handle authentication. Or did I miss something ? >
Hm, correct me if I'm wrong as we never used HTTP authentication with sunRise. If a user requests a URI from the web server which is protected, the web server (or the browser) prompts for the authentication information. Only if the user is authenticated this request is forwarded to the servlet engine. Is this correct? If this is so, the servlet engine can - without using a form - use the sunRise-login action, get the information from the web server (if possible) and log the user into sunRise. Does this make sense? Carsten --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
