Surely sendmail reeled when thusly spake Geert Bevin: > > Fred, you seem to have trouble to divide the architecture in > its different modules.
Oh, absolutely. Authentication in Rife is quite opaque (imho), and I have been unable to form a "big picture" of the flows of control, information, and authorization within the authentica- tion system. The javadoc (for example, SessionValidator) is quite detailed but does not fit into any larger picture. Call me bloody stupid, but that's where I am at. Therefore I am trying to trace existing, working code in order to locate a code element which can be used as a prototype for an HTTP Basic authenticator, so that it can immediately be live-tested and debugged, and I can watch it in operation, and learn by doing. This is frustrating because as I said, HTTP Basic Authentication is ridiculously simple, and could be added in to any element of the existing codebase as optional behavior: * If the client sends an "Authorization:" header with a valid user:pswd pair, access is granted -- on a per-request basis * If access is not granted to a request in this way, the reply code is 401 _not_ 200, and the header "WWW-Authenticate:" is added to provide a text cue to be used in a client-side authentication dialog fred _______________________________________________ Rife-users mailing list [email protected] http://www.uwyn.com/mailman/listinfo/rife-users
