Are you saying then that the instance of LoginContext used to login is held onto in the WASPSession, via the security framework?
If so then this brings up a huge security issue, as least the way the API sits and the examples showing that a LoginContext takes a username and password in its constructor. This mean that a password(probably plain text) is available in the session which is usually a big no no when it comes to a secure application. I've been through a few security probes from banks on various online applications that that is one of the first thing they look for / ask. "Are you holding onto the password?" -Craig Mr Mean wrote: > > There is currently no way to grab the login context, so you could > store it yourself (there migh be multiple logintexts though). But the > good news is you don't have to store it if you don't want to. The > logoff performs an equals check and currently every logincontext of > the same class and level is equal to another. So if you login using a > MySingleLoginContext(username, password) you can logoff with any new > instance of that class (logoff(new MySingleLoginContext());) > > However if you feel you need to have access to the original instance, > for instance because you want to know the username, i can always > include such a method in the api. > > Maurice > > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote: >> >> I see that the WASPSession.logout method takes a LoginContext. Is there >> somewhere within the SWARM implementation to grab the LoginContext used >> to >> login? Or when logging in is it up to the developer to put the >> LoginContext >> somewhere...say maybe the session itself? >> >> Thanks >> Craig >> -- >> View this message in context: >> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551 >> Sent from the Wicket - User mailing list archive at Nabble.com. >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by DB2 Express >> Download DB2 Express C - the FREE version of DB2 express and take >> control of your XML. No limits. Just data. Click to get it now. >> http://sourceforge.net/powerbar/db2/ >> _______________________________________________ >> Wicket-user mailing list >> Wicket-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/wicket-user >> > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > > -- View this message in context: http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11033924 Sent from the Wicket - User mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
