Oleg Nitz wrote:
>
> Luke Taylor wrote:
> > OK, things are becoming a bit clearer (I think) - I was a bit confused
> > by the idea of a totally stateless server and the client apparently
> > re-authenticating on each request. So when Marc said "JBoss doesn't
> > remember squat" was he really saying "JBoss doesn't remember squat....
> > but it gets its pal JAAS to remember for it " :-)?
>
> Don't you see the difference between a list of users that logged in
> and the cache that can be purged at any moment?
>
Not quite sure what you mean here ... but I probably need to read some
more on JAAS etc. I would have thought any state information
representing client credentials would have to be purged periodically,
either based on the valididty period of those credentials or as the
server sees fit - forcing the client to re-authenticate ...
> Have you tried beer-drinking? It's not boring at all :-)
>
All too often, I'm afraid (this is Scotland after all, despite the
Swiss email address). The loss of brain cells has doubtlessly
contributed to my slow-witted approach to tehnical problems these days,
and frequent dumb mistakes.
Cheers,
Luke.
--
Luke Taylor.
PGP Key ID: 0x57E9523C
