Hello,
As I understand, RequestInterceptor.authenticate() and authorize() get
called every time a protected resource is being accessed. Does it mean
tomcat do not cache user/roles after first authentication?
Should I perform actual authentication every time (which is awfully resource
consuming) or could I assume that if (request.getRemoteUser() != null) user
has been authenticated.
something like this:
if (request.getRemoteUser() == null) {
//perform authentication
}
the same question with authorize. What is the best way to handle it. Can I
cache roles using request.getRemoteUser() as a key?
Is user principal container wide or context wide?
Thank you very much in advance
Alex Roytman
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
