> On Dec 9, 2016, at 2:50 PM, Romain Manni-Bucau <rmannibu...@gmail.com> wrote: > > Users rely on authorizatuon query param - stripped before actual query for > security reasons - to put the token.
Can you point at the documentation for it or paste an example that includes the InitialContext creation with the right combination of InitialContext and query parameters? > Side note: also used for other token based solutions like oauth2 or > equivalent. Supported, but discouraged, by the oauth2 spec, yes. You note, they’re not sent on the wire as query parameters, so that is fine and inline. I’d want to make sure we’re not logging the passwords. -David > > > Le 9 déc. 2016 23:32, "David Blevins" <david.blev...@gmail.com> a écrit : > >> http://www.tomitribe.com >> >>> On Dec 6, 2016, at 2:22 PM, Romain Manni-Bucau <rmannibu...@gmail.com> >> wrote: >>> >>> Le 6 déc. 2016 23:15, "David Blevins" <david.blev...@gmail.com> a écrit >> : >>> >>> >>>> On Dec 5, 2016, at 2:54 PM, Romain Manni-Bucau <rmannibu...@gmail.com> >>> wrote: >>>> >>>>> You may have a desktop app or some other scenario where on your trusted >>>>> network, users can log in and you don’t want identity statically >>> configured >>>>> on the server side. >>>>> >>>>> >>>> This is a feature we don't have today at all so quite out of scope of >> the >>>> current mail (this is a new feature client wide, not related to udp >>>> probably) >>> >>> We do have this exactly and I think is possibly a reason for the >> confusion. >>> >>> Here’s a thread from 2008, "Desktop app communicating with EJB" >>> >>> - http://tomee-openejb.979440.n4.nabble.com/Desktop-app- >>> communicating-with-EJB-td980332.html <http://tomee-openejb.979440. >>> n4.nabble.com/Desktop-app-communicating-with-EJB-td980332.html> >>> >>> Clients can login via the RemoteInitialContext parameters and have their >>> identity propagate with their remote calls. >>> >>> The only change is that the user/pass could get applied at the http layer >>> as well. >>> >>> >>> This is unrelated to my comment. Point was we can use it with multicast - >>> which is the only issue - cause outside of the multicasted info - the >> url. >>> >>> >>> Nothing we couldnt enhance but as explained this is also not needed and >>> your example doesnt show this is wrong. >> >> I’m quite lost. Can you post a code snippet on how someone uses basic >> auth from the client side with httpd+ejbd? >> >> -David >> >>
