> The problem with this is BASIC authentication is
> stateless.
Sorry, of course the BASIC authentication approach itself doesn't have
state, but applications using it (such as the Spring Burlap client class,
Windows Explorer using WebDAV to access a Jakarta Slide servlet etc) often
ignore the j
Ben Alex wrote:
I have been considering the DaoAuthenticationProvider caching approach and
think we should change it. At present the cache depends on a
DaoAuthenticationToken being present in a user session. The problem with
this is BASIC authentication is stateless, meaning the
DaoAuthenticationTo
Colin Sampaleanu wrote:
Ben Alex wrote:
I have been considering the DaoAuthenticationProvider caching
approach and
think we should change it. At present the cache depends on a
DaoAuthenticationToken being present in a user session. The problem with
this is BASIC authentication is stateless, meanin
> I guess it'd be pretty hard to replace the use of the token
> only for Basic authentication actually.
>
> I was trying to think if there were any issues w/regards to
> clusters (with replicated sessions). In the case of getting
> rid of the token in the session, on a failover and switch to
I've just checked into CVS the changes that were discussed on-list. I ended
up removing the DaoAuthenticationToken. The reference guide has also been
updated.
Best regards
Ben
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on
