> > Does anyone know whether the webdav servlet can use form based > > authentication when the client is not a browser (e.g. DAVExplorer or Web > > Folders)? > > > > Isn't this really a question of whether your *client* can understand how > to interact using form based login? That seems pretty unlikely -- most of > the client-is-a-program scenarios I've seen (like the Manager webapp in > Tomcat) use BASIC authentication simply because it is easy to program to.
Good point. > > If not, can one configure single sign on to use form based > authentication on > > some resources and BASIC on others? > > > > If you use Tomcat's single sign on support, each webapp can have its own > login method, so you could use BASIC on the webdav webapp, and form-based > for the ones that people use. Ok. Musing aloud... However, that means that if one uses form based login and you invalidate its session, that doesn't necessarily log out any access to another app through BASIC authentication. That could perhaps be a good thing in some instances. > > The impetus for my question is the fact that you can not (from > my reading on > > this list and a google search) programmatically log out the > user from BASIC > > authentication. > > > > API for asking for a logout was added in Servlet 2.4, so you'll see it > eventually in Tomcat 5. That doesn't help much in the mean time, though > ... and implementing logout for clients using BASIC is pretty interesting > anyway, since it is the *client* that keeps sending the Authorization > header containing the username/password ... Yes, I've read that various places. I've also realized that my question has its own answer: my WebDAV client is a different app from the browser even if they're being used together (e.g. click on a dir in a browser, see it in Web Folders) and the user should be logged out of each differently and at different times. Per -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
