Transmit Report:
To: [EMAIL PROTECTED], 402 Local User Inbox Full ([EMAIL PROTECTED])
--- Begin Message ---
If this is not an appropriate list to ask design questions, could someone
point me to a more suitable resource? Perhaps the tomcat-dev list?
Thank you,
-Sasha Borodin
On 7/28/03 11:35,
"Sasha Borodin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> > Where in the AUTH process does the session get created? Does Tomcat
> > create a session, even if the AUTH failed? This would invalidate this
> > whole idea. The creation of a session object would no longer imply tha
> Where in the AUTH process does the session get created? Does Tomcat
> create a session, even if the AUTH failed? This would invalidate this
> whole idea. The creation of a session object would no longer imply that
> the session owner is Authenticated.
>From my observations, a session is created
I do all requests on version 4.1.24 of tomcat.
Larry
>>> [EMAIL PROTECTED] 07/28/03 2:26 PM >>>
Larry,
Did you apply the filter to all requests or were you successful in
assigning
it only to the j_security_check URL? If you were successful, what
version
of Tomcat are you running?
Thanks,
-Sas
I've vaguely uncomfortable suggesting it, but how about using a Session
Listener ? You could have a class implement the
javax.servlet.http.HttpSessionListener interface, and be notified of
such events as creation, invalidation and time-out of the session.
If CMA is accomplished through session
Larry,
Did you apply the filter to all requests or were you successful in assigning
it only to the j_security_check URL? If you were successful, what version
of Tomcat are you running?
Thanks,
-Sasha Borodin
On 7/28/03 14:59, "Larry Meadors" <[EMAIL PROTECTED]> wrote:
> I did this with a filt
I did this with a filter. Happens on each requests, but the performance
was acceptable. Another alternative is to extend the Realm you are using
to meet your needs.
Larry
>>> [EMAIL PROTECTED] 07/28/03 1:53 PM >>>
AFAIK, this is the appropriate list. You could try tomcat-dev, but that
is more
AFAIK, this is the appropriate list. You could try tomcat-dev, but that
is more for discussions about developing Tomcat itself, not using Tomcat.
If you haven't received a reply here, it is most likely because nobody
has an answer. People here are pretty good about responding whenever
they ca
If this is not an appropriate list to ask design questions, could someone
point me to a more suitable resource? Perhaps the tomcat-dev list?
Thank you,
-Sasha Borodin
On 7/28/03 11:35, "Sasha Borodin" <[EMAIL PROTECTED]> wrote:
> I'd like to get some suggestions for performing "post-authentica
