tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mika Goeckel" <m...@stepstone.de>
Subject Re: Principal caching with authentication
Date Tue, 13 Nov 2001 23:24:24 GMT
Yep, Craig, I forgot about servlets :-)

----- Original Message -----
From: "Mika Goeckel" <mika@stepstone.de>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Wednesday, November 14, 2001 12:23 AM
Subject: Re: Principal caching with authentication


> Chris,
>
> sessions are there by default, you can only avoid them by specifying in
your
> <%@ page session="false"> directive to disable them.
> Sessions are in use once you declare a <jsp:usebean id="something"
> scope"session"> with session as scope.
>
> Cheers, Mika
> :wq
>
> ----- Original Message -----
> From: "Bongiorno, Christian" <Bongiorno.Christian@ensco.com>
> To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org>
> Sent: Wednesday, November 14, 2001 12:06 AM
> Subject: RE: Principal caching with authentication
>
>
> > How would I know if I was or wasn't using sessions? Maybe I don't
> understand
> > the use of the term correctly. What is the default? I can check the
config
> >
> > -----Original Message-----
> > From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> > Sent: Tuesday, November 13, 2001 5:48 PM
> > To: Tomcat Users List
> > Subject: Re: Principal caching with authentication
> >
> >
> >
> >
> > On Tue, 13 Nov 2001, Bongiorno, Christian wrote:
> >
> > > Date: Tue, 13 Nov 2001 17:49:40 -0500
> > > From: "Bongiorno, Christian" <Bongiorno.Christian@ensco.com>
> > > Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> > > To: 'Tomcat Users List' <tomcat-user@jakarta.apache.org>
> > > Subject: Principal caching with authentication
> > >
> > > Here is something else I am wrestling with. When a user hits a
protected
> > > page and authenticates, subsequent authentication requests for every
> page
> > > clicked on occurs. I have been reading that there is some sort of
> caching
> > > going on, but I still have my authenticate() method called even-though
> the
> > > user has been validated as having access roles for that session. So,
> maybe
> > > once again I am missing it, but, I could cache the credentials on my
own
> > if
> > > I could get a session timeout event and the Principal it was using for
> > that
> > > session. I could just do a quick lookup on the principal to see if I
> have
> > it
> > > already -- if so return it, else get a new one.
> > >
> > >
> > > Am I thinking correctly?
> > >
> >
> > In Tomcat 4, the standard Authenticators cache authenticated principals
in
> > the current session, ***if*** there is one (and assuming you do not turn
> > it off with configuration options).  In the absence of sessions, your
> > Realm.authenticate() method will get called on every request.
> >
> > It is also common to see your authenticate() method called twice, even
> > when using sessions, if the session hasn't been created yet when
> > authentication occurs.  But beyond that, as long as you're using
sessions,
> > the authenticated Principal will be cached and reused throughout the
life
> > of this session.
> >
> > > Chris
> > >
> >
> > Craig
> >
> >
> > --
> > To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> > Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
> >
> > --
> > To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> > Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
> >
>
>
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
>


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message