Quick question: why does Catalina check with the Realm implementation on
every HTTP request, even after a successful authentication? Is it the
responsibility of the Realm to handle caching and expiring of credentials?
Seems to me that would lead to a good bit of replication of code among
Realm
"Kyle F. Downey" wrote:
Quick question: why does Catalina check with the Realm implementation on
every HTTP request, even after a successful authentication? Is it the
responsibility of the Realm to handle caching and expiring of credentials?
Seems to me that would lead to a good bit of
If you are in a session, the authenticated principal is actually cached (in a
private variable inside the Session object). If you are not in a session, Catalina
has no choice but to authenticate you every time, because it has no way to know
that the second request came from the same person