Hi,
several authentication mechanisms require a session (*not* HTTP session)
or connection being initiated when authentication is performed and
principal cached for subsquent requests [1], [2].
Now, I want to patch our SPNEGO authenticator in Tomcat 6 to behave
stateful. I once contributed that code to Apache in bug 48465 [3] which
does not behave like that. I like to align both authenticators.
This issue initially popped up while fixing an issue in libserf [4] for
the upcoming Apache Subversion version 1.8.0.
How do I access that information in an authenticator? I do not intend to
create a HTTP session for that for two reasons:
1. Creation of sessions should be upto the webapp.
2. There is no guarantee that the client will present the session cookie
on a subsequent request.
Thanks,
Michael
[1] http://www.chromium.org/spdy/spdy-authentication
[2]
http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html
[3] https://issues.apache.org/bugzilla/show_bug.cgi?id=48685
[4] http://code.google.com/p/serf/issues/detail?id=89#c11
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org