>>> Mailing Lists <[EMAIL PROTECTED]> 19-Mar-01 9:19:00 PM >>>
>Thanks for the info. Does this 'base 64 encoded' stuff
>have anything to do with the form based authentication
>method used in Sun's pet store demo application?
No.
>To me, this form based authentication looks like some
>sort of J2EE standard authentication mechanism but I
>cannot find any documented information on it in the
>specs,
You haven't looked in the servlet spec then. Because that's where it
is.
The b64 method is needed to do HTTP authentication which is when the
browser pops up a window asking you for a username and password.
>nor has anyone mentioned it to me before.
>Again, the method I have used previouly is to store a
>token in the user's session after a successful login - is
>Sun's pet store form based authentication simply an
>automated way of doing this?
Pretty much. It's a container provided system for automatically
handling an authentication coming from a form.
IMHO it's a hack and I hate it.
The new servlet API includes filters which will allow very nice
"interceptor pattern" based authentication systems to be developed,
eg: an LDAP authenticator which obtains the username and password from
form parameters or from an HTTP authentication.
>If you could shed any more light on this I would be grateful.
I hope to update my security FAQ soon... I'm waiting to move my
webserver and massively update my website.
If you get really stuck take note of the ad at the bottom of this
mail /8->
Nic
-----------------
Advert: I am available for employment on javamail or servlet
projects, consultancy or fixed goal basis. Please contact me privately
if you're interested.
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
