I had the same requirements and ended up using Spring security. Although spring security is no set up for ajax itself, you can make a filter that catches all ajax context after it goes through the security class filters. Take a look here :
http://static.springsource.org/spring-security/site/ If you think this is a solution for you let me know and I can provide more details. Jimmy On Feb 8, 2013, at 8:35 AM, Johannes Meyer <[email protected]> wrote: > Hi Konstantin, > > thank you for answer. > >> HttpServletRequest.login(..) ? >> (in a Servlet 3.0 application) > > If I call this function, only the current request is authorized, but > not the whole session. > > Is there any solution to authorize the session? > > Thank you, > Johannes > > 2013/2/8 Konstantin Kolinko <[email protected]>: >> 2013/2/8 Johannes Meyer <[email protected]>: >>> Hello all, >>> >>> I'm developing a web application with asynchronous techniques (ExtJS). >>> >>> The most pages are secured with a "security-constraint", so the user >>> has to log in at first. >>> >>> >>> The users gets prompted a login dialog and can type in his username >>> and password. The data will be sent asynchronous to the server and the >>> user should be logged in. >>> >>> How can I implement it at best? >>> >>> I tried to work with FORM-authentication but it is not very elegant. >>> >>> Is there any solution to make an AJAX-Authentication? >>> >>> Or can I build a servlet, that logs the user in, without show him any >>> dialogs? >>> >> >> HttpServletRequest.login(..) ? >> (in a Servlet 3.0 application) >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
