Chris
It's a case of considering options at the moment. It doesn't matter too much
about the actual expiration time of the session. But a question arises
concerning use of a realm: if I have the following code in a realm in
context.xml for existing browser-based logging in:
<Realm
className = "org.apache.catalina.realm.DataSourceRealm"
digest="MD5"
debug = "99"
dataSourceName = "jdbc/MyApp"
localDataSource = "true"
userTable = "User"
userNameCol = "UserName"
userCredCol = "Password"
userRoleTable = "User"
roleNameCol = "RoleName" />
Could it be used also for the REST service? And would a servlet be required to
handle authentication?
Thanks
Martin O'Shea.
-----Original Message-----
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: 18 Jul 2013 15 05
To: Tomcat Users List
Subject: Re: Authentication from a REST service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Martin,
On 7/18/13 5:34 AM, Martin O'Shea wrote:
> I am in the process of setting up a web service between an android app
> and Tomcat 6.0.26 implemented with Jersey. I already have client and
> server communicating with each other by sending XML requests. But I
> would like the user of the client to be authenticated by the server
> for a set period of time and then have to re-authenticate after that
> time has expired.
If you are using Servlet 3.0, you can use HttpServletRequest.login to
authenticate the user using a realm configured for the context. If you use FORM
authentication, then the session's expiration time becomes the duration of the
login (a caveat being that the timeout is reset for every request the client
makes).
If you want fixed-login times (like 30-minutes max regardless of how many
requests are made), then stuff your own expiration date into the user's session
and then check that timeout with each request. This could all be done in a
Filter to keep things orthogonal to your servlet code.
Or were you looking for something more elaborate?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJR5/YeAAoJEBzwKT+lPKRYoxwQALmCJCd2ZnPVPY2YB219GnZz
FysWbmNIxHENt3ZVif+7qjtRwa7WIlXlD8imfEDPgKCUoxH38biN8EBgaM39U6OY
6kRB+GsT9OcrfQV2A6bm1fOPmNdCSzNyFr418AP6knumyMGoqHEjdAP4OqD89W2Y
2O75E3qmXDdL/1e5QfvnyObfbF9rrQXk9Y5lcVdZP1NJAVG+N7JHNu5OpKCjkyXM
RlB9/gD3ar7sa06NL8dTdNfUPbPVHcqKyGFFPLMJGca7gfOc9aZuqEdp18M1OhVN
s4TarQn0MukQSlHAyc443uXvpJzr5ZJ5eofCeLacMgyV5C2oD6MOMC374OlLGU3i
J0iAkfN65haUIkQTMjAk7EdApBsqw97nvYsXD79w2Zxlr6qAaoC2Q5PNOvxnZBt+
+G86swCz3dbasI3Lh6qQr6VKVaQUl0/qXnnE+/RrURCupzbImzwVktZ9NUHPyEO3
LwWLa5bR/y+UM7jv/umsYhBdpTkJ/r0QauTdUXC8RUWXY1YjXCj7w7XY6NQOOgxC
K36vsMVgSm9cce51VgfpG0d1gyHIBfBejBArVe49G6UrbowAylAGN2e4iLGcP/aw
V8QWOQDaa98+YjPItWRmOS0aSoi06m/fTfaFP2fdPkAN6iNPD9yqraiJieJ+8Gh9
JFMNdCl4mZQF7yt17yh1
=i2aK
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
