-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tsirkin,
On 2/23/2010 1:49 PM, Tsirkin Evgeny wrote: > On Tue, Feb 23, 2010 at 8:08 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: >> I guess tomcat authentication is broken for me - tomcat is probably writing >> something in >> session _ before _ the filter loads the data into it from db. That is true: Tomcat does session work /before/ filters are invoked, but it also has something called the "session note" which is essentially a private attribute that can be used for things like authentication state information. The HttpSession has no access to this except through introspection, which could be disabled by a SecurityManager I'd imagine. >> This probably can be fixed if i do not rip the "old" data written by tomcat >> and just add my own ,but i just don't use tomcat auth. If you're not using container-based authentication, then I guess it doesn't matter. > That means that things like flow-resuming (where your original > request is re-submitted after successful authentication) won't work. > > >> What's "flow-resuming" is ?How a request can be "resumed" ?Doesn't this goes >> againt the idea >> of "http is staitless" ,that's vrey interesting? See section 12.5.3 of the servlet (2.5) specification which lays this all out in plain English. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuETaUACgkQ9CaO5/Lv0PDHggCeOrnsxbjOuB0THbM80BBmeJSe BEEAnRglqa3NXiGhX7+2IoFIWbotMCLl =4KTl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
