Caldarale, Charles R wrote:
From: João Nuno Silva [mailto:jns...@gmail.com]
Subject: Re: POST replication
From what I've seen in the FormAuthenticator class Mark pointed me to,
Tomcat doesn't create a new request, instead it fills it's fields with
the values from the previous request. I'll try this in the near future
and let you guys know how it went. Thanks!
I'm curious as to why you're reinventing this particular wheel. Why not let
Tomcat's built-in authentication handling do the hard work for you, and you
just supply either a custom Realm or a JAAS-compliant login module to do the
actual user validation? That would seem to be a lot easier and a lot less
dependent on the internals of the particular Tomcat version you happen to be
using.
I'm doing this as an hobby, not at work! With this in mind, my reasons are:
1) I want to have an authentication module that's independent of the
servlet container used (because I think this behavior of request replay
isn't a standard, but I might be wrong...);
2) I believe I can better optimize session creation to reduce memory
usage (because I won't save the previous request in session). I think
this way I can be more tolerable to DoS attacks from unauthenticated users;
3) I'm learning a few things in the process of reinventing this wheel ;)
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
