Hi,
I am thinking about the authentication and authorization
architecture for my struts application.
We must have a portable application and all the authentication,
access right logic is managed
by our application server. Our system is made of web clients and
legacy applications.
So we chose to program Authentication/Authorization servlets and not
use security servlet-container
features.
- Has someone an example of AuthenticationServlet and
AuthorizationServlet programs ?
- If the Authentication is successful the application server return
to the WebServer a session identifier
in order to access to user data in the future.
This identifier must be the same than the Web session identifier ?
Is it possible to have the same
identifier for the web server and the application server ? when the
web session failed, how can I
automatically update the session identifier in the application
server ?
Thanks a lot in advance.
Sandra
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
