-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bárbara,
Bárbara Vieira wrote: > But if we have the Principal in cache, why we have to call the > authenticator method(FormAuthenticator)? That call doesn't provide any > additional security, can you understand now? That's a good question. Given the current implementation, it doesn't seem to make sense. On the other hand, the original designers could have determined that some /other/ authenticator might want to wrap (or otherwise change) a request even if the Principal were already available. If you're writing your own, why not simply re-write the code the way you think best and then test the heck out of it. Try the tomcat-dev list to see if someone can answer. Perhaps it's just legacy code that could be further optimized. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTekx9CaO5/Lv0PARAoo/AJ47Gx7MrW/kVBkpjmu7b40dovvS4QCfWAlm sQYLWxYa/+5ImWvYJNraz6w= =wlbi -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
