hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <ROLWE...@de.ibm.com>
Subject Re: HLCA: generating followup requests
Date Sun, 06 Feb 2005 13:01:33 GMT
Hi Oleg,

> We may think of an additional
> abstraction layer in a form of HttpContext, which would enable the
> redirect handler to reset the authentication process without being
> directly coupled with any of the authentication classes.

I like the idea of a context. I assume we will have an HttpAuthFilter
responsible for inserting Authorization and Proxy-Authorization headers
into requests, and an AuthenticationChallengeHandler in whatever form,
which provides the authentication data for the filter. A context would
be a good way for these two associated objects to share data. It is
also a good way to share data across requests, like authentication
challenges.
To avoid bringing actual authentication dependencies into http-common,
an approach similar to {s|g}etAttribute in the Servlet API could be
taken. The context information from the original request can be made
available in the associated responses and followup requests. This
would make the context useful for applications as well.

I still think that an authentication handler should itself detect
state changes due to changing URLs, rather than rely on an explicit
reset by a redirect handler. Like in a browser, the authentication
state should keep track of the current authentication realms from
which challenges have already been received, and the URL domains to
which these realms extend.

cheers,
  Roland

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message