Humm, I am learning something about HttpBasicAuthentication and need to look into this more. Is this method called for every request ... even before the user fills out the login form?
On Wed, Mar 25, 2009 at 9:26 AM, Derek Chen-Becker <dchenbec...@gmail.com>wrote: > Take a look at the HttpBasicAuthentication class: > > > http://scala-tools.org/mvnsites-snapshots/liftweb/lift-webkit/scaladocs/net/liftweb/http/auth/HttpBasicAuthentication.html > > The constructor func you provide takes a (username : String, password : > String, req : Req) and returns a boolean. You should be able to use > Req.cookies to get at the passed cookies to determine if the user is logged > in. Let us know if that's not what you need. > > Derek > > > > On Wed, Mar 25, 2009 at 8:30 AM, Chad Skinner <chadwskin...@gmail.com>wrote: > >> I have been reading about Lift Authentication and the Authentication >> mechanism in OSGi and have a couple of questions and possibly feature >> requests. >> Is it possible to inspect a request to perform authentication before >> sending the 401 if a user is not authenticated? >> >> We use an authentication server that when a user logs in sets a cookie for >> our domain. I would like to be able to write a module that would inspect the >> users request to find this cookie and if found perform a call to the >> authentication server to determine if the user is still authenticated. If >> the user is authenticated I would like to be able to get the user's roles >> from the authentication and bypass the authentication request and grant >> access. If the user is not authenticated then they would be prompted for >> their username and password and the authentication would be handled by the >> authentication server. >> >> Basically, what this provides is a mechanism where you can integrate the >> authentication into single sign on systems (Glassfish allows you to do >> something similar with JSR-196). >> >> Thanks, >> -- Chad >> >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---
