Hi Eric,
I've been putting off implementing alternative authentication,
suffering along
with the default browser auth for now. I'd be interested in using your
solution
if you're willing to share it.
Thanks,
Andreas
On Sep 17, 2009, at 11:29 AM, Eric Norman wrote:
Well, my project doesn't currently have enough load to require more
than one
server node, so I haven't thought much about that yet. If your
cluster can
be configured to use sticky sessions, it would probably work fine
without
any further changes. Otherwise your app server would need to be
configured
to perform session replication to avoid the login prompt when you
get routed
to a different server node.
Does that make sense?
On Thu, Sep 17, 2009 at 7:45 AM, Vidar Ramdal <[email protected]> wrote:
On Thu, Sep 17, 2009 at 4:00 PM, Eric Norman
<[email protected]>
wrote:
For my own project, I ended up writing my own
FormAuthenticationHandler
which caches the submitted credentials (crypted) on the server-
side as a
session attribute. The cached credentials are used when no basic
auth
info
is available on the current request. It is actually not that hard
to
implement, there were a couple servlets (LoginServlet,
LogoutServlet) and
an
AuthenticationHandler class plus an esp script to render the login
page.
I could provide a patch if you are interested.
Does your approach handle clustered scenarios?
--
Vidar S. Ramdal <[email protected]> - http://www.idium.no
Sommerrogata 13-15, N-0255 Oslo, Norway
+ 47 22 00 84 00 / +47 21 531941, ext 2070
