On 10/12/2007, Felix Meschberger <[EMAIL PROTECTED]> wrote: > > Hi Rob, > > Am Montag, den 10.12.2007, 08:50 +0000 schrieb Rob Walker: > > From what I remember, OSGi supports a basic authentication via the > > following method on the HttpContext > > > > public boolean handleSecurity(HttpServletRequest request, > > HttpServletResponse response) > > > > This then leaves it open to an individual application to add whatever > > authentication checks they like by creating one or more custom security > > contexts. I'm no expert in this area, but I'd assume the Servlet session > > objects would typically be used to manage security details across calls. > > Interesting that you mention this, because I just stumbled upon an > issue with this: As per the spec (if I read it correctly) the > handleSecurity method should set request attribtues for the user and the > authentication method if true is returned. These two attributes should > be used by the HttpService implementation to provide the return values > for the HttpServletRequest.getRemoteUser() and getAuthType() methods.
wow... so much synchronicity, it's freaky! - I also just discovered this (separately) today when running the Pax-Web implementation against the OSGi TCK for HTTP Unfortunately at the moment the http.jetty project does not do that. I > will create an issue and provide a patch for this. > > Regards > Felix > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Cheers, Stuart
