Hi Rob, Am Montag, den 10.12.2007, 08:50 +0000 schrieb Rob Walker: > From what I remember, OSGi supports a basic authentication via the > following method on the HttpContext > > public boolean handleSecurity(HttpServletRequest request, > HttpServletResponse response) > > This then leaves it open to an individual application to add whatever > authentication checks they like by creating one or more custom security > contexts. I'm no expert in this area, but I'd assume the Servlet session > objects would typically be used to manage security details across calls.
Interesting that you mention this, because I just stumbled upon an issue with this: As per the spec (if I read it correctly) the handleSecurity method should set request attribtues for the user and the authentication method if true is returned. These two attributes should be used by the HttpService implementation to provide the return values for the HttpServletRequest.getRemoteUser() and getAuthType() methods. Unfortunately at the moment the http.jetty project does not do that. I will create an issue and provide a patch for this. Regards Felix --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
