Users rely on authorizatuon query param - stripped before actual query for security reasons - to put the token.
Side note: also used for other token based solutions like oauth2 or equivalent. Le 9 déc. 2016 23:32, "David Blevins" <david.blev...@gmail.com> a écrit : > http://www.tomitribe.com > > > On Dec 6, 2016, at 2:22 PM, Romain Manni-Bucau <rmannibu...@gmail.com> > wrote: > > > > Le 6 déc. 2016 23:15, "David Blevins" <david.blev...@gmail.com> a écrit > : > > > > > >> On Dec 5, 2016, at 2:54 PM, Romain Manni-Bucau <rmannibu...@gmail.com> > > wrote: > >> > >>> You may have a desktop app or some other scenario where on your trusted > >>> network, users can log in and you don’t want identity statically > > configured > >>> on the server side. > >>> > >>> > >> This is a feature we don't have today at all so quite out of scope of > the > >> current mail (this is a new feature client wide, not related to udp > >> probably) > > > > We do have this exactly and I think is possibly a reason for the > confusion. > > > > Here’s a thread from 2008, "Desktop app communicating with EJB" > > > > - http://tomee-openejb.979440.n4.nabble.com/Desktop-app- > > communicating-with-EJB-td980332.html <http://tomee-openejb.979440. > > n4.nabble.com/Desktop-app-communicating-with-EJB-td980332.html> > > > > Clients can login via the RemoteInitialContext parameters and have their > > identity propagate with their remote calls. > > > > The only change is that the user/pass could get applied at the http layer > > as well. > > > > > > This is unrelated to my comment. Point was we can use it with multicast - > > which is the only issue - cause outside of the multicasted info - the > url. > > > > > > Nothing we couldnt enhance but as explained this is also not needed and > > your example doesnt show this is wrong. > > I’m quite lost. Can you post a code snippet on how someone uses basic > auth from the client side with httpd+ejbd? > > -David > >
