Hi,

several authentication mechanisms require a session (*not* HTTP session) or connection being initiated when authentication is performed and principal cached for subsquent requests [1], [2].

Now, I want to patch our SPNEGO authenticator in Tomcat 6 to behave stateful. I once contributed that code to Apache in bug 48465 [3] which does not behave like that. I like to align both authenticators. This issue initially popped up while fixing an issue in libserf [4] for the upcoming Apache Subversion version 1.8.0.

How do I access that information in an authenticator? I do not intend to create a HTTP session for that for two reasons:

1. Creation of sessions should be upto the webapp.
2. There is no guarantee that the client will present the session cookie on a subsequent request.

Thanks,

Michael

[1] http://www.chromium.org/spdy/spdy-authentication
[2] http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html
[3] https://issues.apache.org/bugzilla/show_bug.cgi?id=48685
[4] http://code.google.com/p/serf/issues/detail?id=89#c11

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to