I try to implement federated authorization. I decide to create RequestFilter which gets cookie value and validate it using federated server. If validation successful it recives an username and populates SSO object describes user identity and places in ApplicationState. If validation failed as SSO stores GuestIdentity.
Is it good solution from tapestry architecture point of view? If it is, there is a problem: how to obtain user IP address? In RequsetFilter.service method passes Request object which dosn't provide user ip information. How to obtain it? Should i use HttpServletRequestFilter instead? If so, could i operate ApplicationState in them? Thanks Andrey Larionov --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
