tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From João Nuno Silva <jns...@gmail.com>
Subject Re: POST replication
Date Wed, 18 Nov 2009 19:13:27 GMT
Caldarale, Charles R wrote:
>> From: João Nuno Silva [mailto:jnss81@gmail.com]
>> Subject: Re: POST replication
>>
>>  From what I've seen in the FormAuthenticator class Mark pointed me to,
>> Tomcat doesn't create a new request, instead it fills it's fields with
>> the values from the previous request. I'll try this in the near future
>> and let you guys know how it went. Thanks!
>>     
>
> I'm curious as to why you're reinventing this particular wheel.  Why not let Tomcat's
built-in authentication handling do the hard work for you, and you just supply either a custom
Realm or a JAAS-compliant login module to do the actual user validation?  That would seem
to be a lot easier and a lot less dependent on the internals of the particular Tomcat version
you happen to be using.
>   
I'm doing this as an hobby, not at work! With this in mind, my reasons are:
1) I want to have an authentication module that's independent of the 
servlet container used (because I think this behavior of request replay 
isn't a standard, but I might be wrong...);
2) I believe I can better optimize session creation to reduce memory 
usage (because I won't save the previous request in session). I think 
this way I can be more tolerable to DoS attacks from unauthenticated users;
3) I'm learning a few things in the process of reinventing this wheel ;)
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and
is thus for use only by the intended recipient. If you received this in error, please contact
the sender and delete the e-mail and its attachments from all computers.
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message