Eric,
It sounds like your solution is the start of the approach I was
considering. If your willing to share, at minimum, Andreas and myself
would love to look at your solution.
-- Mike
On Sep 17, 2009, at 8:44 AM, Andreas Kollegger wrote:
Hi Eric,
I've been putting off implementing alternative authentication,
suffering along
with the default browser auth for now. I'd be interested in using
your solution
if you're willing to share it.
Thanks,
Andreas
On Sep 17, 2009, at 11:29 AM, Eric Norman wrote:
Well, my project doesn't currently have enough load to require more
than one
server node, so I haven't thought much about that yet. If your
cluster can
be configured to use sticky sessions, it would probably work fine
without
any further changes. Otherwise your app server would need to be
configured
to perform session replication to avoid the login prompt when you
get routed
to a different server node.
Does that make sense?
On Thu, Sep 17, 2009 at 7:45 AM, Vidar Ramdal <[email protected]> wrote:
On Thu, Sep 17, 2009 at 4:00 PM, Eric Norman <[email protected]
>
wrote:
For my own project, I ended up writing my own
FormAuthenticationHandler
which caches the submitted credentials (crypted) on the server-
side as a
session attribute. The cached credentials are used when no basic
auth
info
is available on the current request. It is actually not that
hard to
implement, there were a couple servlets (LoginServlet,
LogoutServlet) and
an
AuthenticationHandler class plus an esp script to render the
login page.
I could provide a patch if you are interested.
Does your approach handle clustered scenarios?
--
Vidar S. Ramdal <[email protected]> - http://www.idium.no
Sommerrogata 13-15, N-0255 Oslo, Norway
+ 47 22 00 84 00 / +47 21 531941, ext 2070
:: mike moulton
:: meltmedia
::
:: [email protected]
:: 602.648.6810 | direct
:: 602.432.2568 | iphone
:: mmoulton66 | aim
