Michael,
On 10/3/21 11:58, Michael Osipov wrote:
Am 2021-10-02 um 02:48 schrieb Jerry Malcolm:
I need to write a custom BasicAuthenticator class to decode a
specialized encoding of the authToken. I have been scouring google
for info. I found one post where the answer included the statement:
This would clearly violate Basic auth scheme and the according RFC. I
highly recommend against. Don't abuse Basic. Create your own
scheme/header and solve your problem with it.
This is a very good point.
Instead of:
Authorization: Basic [base64stuff]
Using "Bearer" might be a better choice, though that is also covered by
a specific RFC and might be confusing to overload that token ("Bearer")
for another purpose.
You could just do:
Authorization: Malcolms [token]
If you are going to write a custom authenticator, anyway. You'll need to
have a custom client, of course, but you will already have that kind of
thing because no standard HTTP client would format your authentication
tokens in this way.
Another dumb question: why use your own custom stuff instead of the
standard(s)?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
