Martin O'Shea wrote:
Chris
It's a case of considering options at the moment. It doesn't matter too much
about the actual expiration time of the session. But a question arises
concerning use of a realm: if I have the following code in a realm in
context.xml for existing browser-based logging in:
<Realm
className = "org.apache.catalina.realm.DataSourceRealm"
digest="MD5"
debug = "99"
dataSourceName = "jdbc/MyApp"
localDataSource = "true"
userTable = "User"
userNameCol = "UserName"
userCredCol = "Password"
userRoleTable = "User"
roleNameCol = "RoleName" />
Could it be used also for the REST service? And would a servlet be required to
handle authentication?
Well, apart from the layers of obfuscation added by Jersey, fundamentally the "REST
service" is still a webapp, composed of servlets.
So it is more a case of "does Jersey provide an authentication servlet (or filter) ? and
what can it do ?". No ?
Or does Jersey rely on container-based authentication ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
