jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Guggisberg <stefan.guggisb...@gmail.com>
Subject Re: Token in credentials
Date Tue, 18 Oct 2005 16:20:29 GMT
hi hugh

On 10/18/05, Hugh Ross <hugh.ross@propylon.com> wrote:
> I am writing an server-side application which will use JackRabbit to
> serve out files to a Python client.
> Authentication will be via an LDAP server.
> I only want the client to have to authenticate once per session as
> opposed to once per request.
> What is the best way of doing this?
> (I won't be using Servlets so will not be able to store the JackRabbit
> Session object in the servlet's HttpSession object, nor will I be using
> Stateful Session EJBs)
> I was thinking of using some sort of token which is generated on
> successful log in and then stored in the database. The token would then
> be passed for every subsequent request (using the setAttribute() method
> of the SimpleCredentials object)
> I would then need to override the RepositoryImpl.login method to check
> the token passed against the database to ensure that it is a valid request.
> Can anybody think of a better way of doing this?

there's no need to override the RepositoryImpl.login method. all you have to
do is writing a custom LoginModule. see o.a.j.c.s.SimpleLoginModule
(the login method specifically) for an example.


> Many thanks in advance for your help.
> Hugh

View raw message