Has anyone tried using Rife with any of Tomcat's authentication
mechanisms ? In particular, forms-based authentication ?
Authentication by Tomcat is attractive to me because (AFAICT) it
could then also cleanly handle the authentication process that is
expected by a WebDAV editor. Then I would have a "single sign-on"
that controls access both to my existing URL space and also to a
new URL space which would speak to WebDAV-capable standalone
editors using WebDAV-based content access:
<element id="DAV" file="myapp/dav.xml" url="/dav/*" />
I could access Tomcat's authentication data at runtime in order
to perform access control within the WevDAV URL space that is as
fine-grained as I wish.
(Note that since forms-based login credentials are sent in the
clear, it should be done over an HTTPS connection.)
This has the potential to be much simpler than trying to integrate
any WebDAV codebase that is even remotely connected to Jakarta
Slide, except for (*perhaps*) the Slide WCK translation layer.
It would require that Tomcat is configured with a login form URL
and a login failure URL, whcih could both (AFAICT) be served up
by Rife. These are described at
http://www.cafesoft.com/products/cams/tomcat-security.html#Form_Based_Authentication
and an example "web.xml" is given at
http://servlets.com/jservlet2/examples/ch08b/web.xml
The idea then would be to transfer responsibility for authenticating
access to my servlet's entire URL space (both WebDAV and non-WebDAV)
from Rife to Tomcat.
Any relevant code, ideas, tips, or criticism would be quite welcome.
fred
--
F.Baube *
Georgetown/MSFS/1988 * Act locally.
email fbaube#welho.com * Think pangalactically.
gsm +358 41 536 8192 *
wmd 60°11'10.8"N 24°57'36.9"E
_______________________________________________
Rife-users mailing list
[email protected]
http://www.uwyn.com/mailman/listinfo/rife-users
