Ok Laurie, I know that the basic authentication is not too much
secure, but is sufficient in the best cases. I think that your
suggestion, to use the container managed security, is absolutely the
best, and I will follow this hint. The original idea of to write an
interceptor capable to communicate
Firstly, HTTP BASIC authentication is only pseudo-secure: credentials
are sent encoded rather than in plain text, but the encoding is
trivially reversible. Hence my previous statement that you still need to
use HTTPS if security is a concern.
That said, if you want to use BASIC authentication,
Than you Pawel,
But, if your web container support JAAS, you can configure the
login-config tag in your web.xml in this way:
BASIC
myRealm
This cause the browser and the container to share encoded credential
in a secure way without https.
I want to write my interceptor
Hi Gianluca,
how would You expect to share credential without https?
Can't You just turn https on for Your login action?
If there is no https, all data are sent in plain text - as far as i know.
Best Greetings,
Paweł Wielgus.
2008/10/3 [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> Ok, i will write a
Ok, i will write a custom interceptor and/or action ho do this, to
allow browser and server to safely share credential without https,
like in standard jaas authentication.
I've no idea or how to do. Can someone give me an hint?
Inviato da iPhone
Il giorno 02/ott/08, alle ore 20:59, Laurie H
Gianluca Musella wrote:
I've implemented an AuthenticationInterceptor. If the user isn't
logged then is redirected to a login page to enter credential.
The problem is that from this page user and password are sent in clear
text, as a normal http post.
Is this true? And if yes there is a way to
I've implemented an AuthenticationInterceptor. If the user isn't
logged then is redirected to a login page to enter credential.
The problem is that from this page user and password are sent in clear
text, as a normal http post.
Is this true? And if yes there is a way to use some type of encriptio
7 matches
Mail list logo
