>>> "Subrahmanyam A.V.B." <[EMAIL PROTECTED]> 7/5/99 7:23:21 AM
>>>
>- [Sec 11.5.2 - Form Based Authentication] This is good step.
However,
>my concern is that the way authentication is performed is left to
the
>vendor, and the application developer has no control over it. I
suggest
>that both should be possible. The spec should specify a means (using
the
>deployment descriptor) to specify a component (and an interface)
that
>can perform authentication, bypassing the vendor's implementation.
This
>is necessary to integrate the web application with existing
>authentication systems.
It seems to me that the things that go in WAR should be very tightly
controlled indeed.
If a particular servlet wishes to do authentication in a strange and
wonderfull way then it can, but this doesn't need to go in the WAR.
The servlet can just do it.
Unless you mean something else?
Other authentication problem
I wish that James and co had grasped the nettle and put HTTP/1.1
digest authentication. From my reading of the spec it is not covered.
Perhaps I'm wrong?
Someone?
Nic Ferrier
Tapsell-Ferrier Ltd
www.tapsellferrier.co.uk
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
