Thanks for the input all, what I am looking for is caching the Principals of a user in my Realm. It doesn't seem to be caching them, as every page I click generates numerous authenticate requests. I wish to avoid this after the user has logged in. If there is a built in way I just need to know how to configure it. If not, that is why I would need to get a session timeout event IN my realm so that I can throw those credentials out when the session expires.
Chris -----Original Message----- From: Mika Goeckel [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 6:24 PM To: Tomcat Users List Subject: Re: Principal caching with authentication Yep, Craig, I forgot about servlets :-) ----- Original Message ----- From: "Mika Goeckel" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Wednesday, November 14, 2001 12:23 AM Subject: Re: Principal caching with authentication > Chris, > > sessions are there by default, you can only avoid them by specifying in your > <%@ page session="false"> directive to disable them. > Sessions are in use once you declare a <jsp:usebean id="something" > scope"session"> with session as scope. > > Cheers, Mika > :wq > > ----- Original Message ----- > From: "Bongiorno, Christian" <[EMAIL PROTECTED]> > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > Sent: Wednesday, November 14, 2001 12:06 AM > Subject: RE: Principal caching with authentication > > > > How would I know if I was or wasn't using sessions? Maybe I don't > understand > > the use of the term correctly. What is the default? I can check the config > > > > -----Original Message----- > > From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, November 13, 2001 5:48 PM > > To: Tomcat Users List > > Subject: Re: Principal caching with authentication > > > > > > > > > > On Tue, 13 Nov 2001, Bongiorno, Christian wrote: > > > > > Date: Tue, 13 Nov 2001 17:49:40 -0500 > > > From: "Bongiorno, Christian" <[EMAIL PROTECTED]> > > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > > > To: 'Tomcat Users List' <[EMAIL PROTECTED]> > > > Subject: Principal caching with authentication > > > > > > Here is something else I am wrestling with. When a user hits a protected > > > page and authenticates, subsequent authentication requests for every > page > > > clicked on occurs. I have been reading that there is some sort of > caching > > > going on, but I still have my authenticate() method called even-though > the > > > user has been validated as having access roles for that session. So, > maybe > > > once again I am missing it, but, I could cache the credentials on my own > > if > > > I could get a session timeout event and the Principal it was using for > > that > > > session. I could just do a quick lookup on the principal to see if I > have > > it > > > already -- if so return it, else get a new one. > > > > > > > > > Am I thinking correctly? > > > > > > > In Tomcat 4, the standard Authenticators cache authenticated principals in > > the current session, ***if*** there is one (and assuming you do not turn > > it off with configuration options). In the absence of sessions, your > > Realm.authenticate() method will get called on every request. > > > > It is also common to see your authenticate() method called twice, even > > when using sessions, if the session hasn't been created yet when > > authentication occurs. But beyond that, as long as you're using sessions, > > the authenticated Principal will be cached and reused throughout the life > > of this session. > > > > > Chris > > > > > > > Craig > > > > > > -- > > To unsubscribe: <mailto:[EMAIL PROTECTED]> > > For additional commands: <mailto:[EMAIL PROTECTED]> > > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > > -- > > To unsubscribe: <mailto:[EMAIL PROTECTED]> > > For additional commands: <mailto:[EMAIL PROTECTED]> > > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
