I have yet another tapestry-security add-on module in the works, this time for remember me. For context, read http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/ (and re-read until you agree that's the best way) for doing authenticating "remember me" while minimizing other security implications. I've been using different variations of the same concept for years in my web applications.
However, hat's not the subject of the email. For the purposes of the module, I need to store simple name-value pairs (principal, token) persistently. Currently, I'm using a simple JPA/Hibernate ExpiringRollingToken entity and that works fine (and I really love that its so simple with Tapestry to contribute additional persistent entities not part of the application model) but to make the module truly generic, I'm thinking it might be better to use a separate, overridable persistence model for this. After all, we are just talking about name-value pairs here and obviously it also needs to be fast since rememberMe can typically be invoked as part of any request. Memcached is pretty popular these days. I'm currently evaluating http://code.google.com/p/jmemcache-daemon and I like that it allows in-process access to the cache, thereby making it suitable for embedding but also allowing to scale out as needed. Does anybody have experience on this particular implementation and/or any other contenders that you'd suggest checking out? Kalle --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
