Dave, It is the Jetspeed server that is logging in, not the user's browser!
I am not sure I follow you description. In the case of Jetspeed, it is Jetspeed that is the client and logging into the web server. So if UserA opens a WebPagePortet using the url "http://UserA:[EMAIL PROTECTED]/secure_area/index.html"; and then UserB opens the same portlet, but with a different username, will the web server treat UserB's request as UserA? This is a different issue, but it need to be resolved. The issue raised was with with the links returned by the web server. Those links will NOT have any user information, unless the web server add it, and the client, relative to the web server, is different. Paul Spencer "Jakopac, Dave" wrote: > > Once you supply the credentials to enter the realm, you're in. As long > as you stay in (under?) that hierarchy there is no further checking of > credentials. If you protect mysite/, then anyone who get's admitted to > mysite/ can also see mysite/secretstuff/ and > mysite/secretstuff/evenmoresecret/, etc., without further checking of > credentials. So, I believe the strategy you outlined works. > > --dave > > Lisle Technology Partners, LLC phone: (630) 353-1900 x15 > 650 Warrenville Rd., Suite 100 mail: mailto:[EMAIL PROTECTED] > Lisle, IL 60532 web: http://www.lisletech.com/ > > > -----Original Message----- > > From: Paul Spencer [mailto:[EMAIL PROTECTED]] > > Sent: Friday, November 02, 2001 4:31 AM > > To: Jetspeed Users List > > Subject: Re: Can't seem to use > > myusername:[EMAIL PROTECTED] url > > > > > > The hole I see in the intended implementation. We are not > > maintaining a > > session with the web server, nor are we rewriting any links in the > > returned page with the user information. This means any link returned > > by the page will have NO user information, so clicking the > > link will be > > seen by the web server as a request from an anonymous user. > > > > Is this a problem? > > > > Paul Spencer > > > > -- > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
