Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 8618 invoked from network); 18 Nov 2009 19:13:56 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 18 Nov 2009 19:13:56 -0000 Received: (qmail 32413 invoked by uid 500); 18 Nov 2009 19:13:52 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 32354 invoked by uid 500); 18 Nov 2009 19:13:52 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 32343 invoked by uid 99); 18 Nov 2009 19:13:52 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Nov 2009 19:13:52 +0000 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=FS_REPLICA,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jnss81@gmail.com designates 74.125.78.145 as permitted sender) Received: from [74.125.78.145] (HELO ey-out-1920.google.com) (74.125.78.145) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Nov 2009 19:13:43 +0000 Received: by ey-out-1920.google.com with SMTP id 26so238637eyw.2 for ; Wed, 18 Nov 2009 11:13:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=LFj9+/7DVVByKeo0nkgsNbpWearioVlOMJ1ylTL7C9I=; b=dAXUWeOS0ulTTClYr6sjqC7q44OW7pM6QWLNiGUT7XZwkCSlZA6YamWZ8HHUm5tA9p 5Fs7h0igoKPjIzUiVpQGN1sDpAcHihM0MBdWD4YkAnDAwvzT6xvTfSbbhhfR+s9pcjkE Vl3SSjqbQ1l7EjHfRp9Y9R6lNkbC4Hq9RfEpc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=NeD3wKdcXFJdQYDUx8MTKXo3YRa9f2Th0Y9AuGygm11XYY9F+H5kE4vUsTfwliMmb/ aQbWWql93QrVwIQ3ll7tOf5fNAUm5+ZbbuVt5DiRebD/aABIeDobGiE28icjc+70h7Yc 9VRFDErZrDpFkC3SnTAqXKI4K9QT7+RmoBVFw= Received: by 10.213.0.197 with SMTP id 5mr450196ebc.93.1258571602296; Wed, 18 Nov 2009 11:13:22 -0800 (PST) Received: from ?192.168.1.108? ([62.28.143.10]) by mx.google.com with ESMTPS id 15sm52138ewy.4.2009.11.18.11.13.21 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 18 Nov 2009 11:13:21 -0800 (PST) Message-ID: <4B044757.5080504@gmail.com> Date: Wed, 18 Nov 2009 19:13:27 +0000 From: =?UTF-8?B?Sm/Do28gTnVubyBTaWx2YQ==?= User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: POST replication References: <4B041541.8060503@gmail.com> <4B042400.4090103@apache.org> <4B0433FB.4020301@christopherschultz.net> <4B043BC3.1040002@gmail.com> <99C8B2929B39C24493377AC7A121E21F967C73EDDA@USEA-EXCH8.na.uis.unisys.com> In-Reply-To: <99C8B2929B39C24493377AC7A121E21F967C73EDDA@USEA-EXCH8.na.uis.unisys.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Caldarale, Charles R wrote: >> From: João Nuno Silva [mailto:jnss81@gmail.com] >> Subject: Re: POST replication >> >> From what I've seen in the FormAuthenticator class Mark pointed me to, >> Tomcat doesn't create a new request, instead it fills it's fields with >> the values from the previous request. I'll try this in the near future >> and let you guys know how it went. Thanks! >> > > I'm curious as to why you're reinventing this particular wheel. Why not let Tomcat's built-in authentication handling do the hard work for you, and you just supply either a custom Realm or a JAAS-compliant login module to do the actual user validation? That would seem to be a lot easier and a lot less dependent on the internals of the particular Tomcat version you happen to be using. > I'm doing this as an hobby, not at work! With this in mind, my reasons are: 1) I want to have an authentication module that's independent of the servlet container used (because I think this behavior of request replay isn't a standard, but I might be wrong...); 2) I believe I can better optimize session creation to reduce memory usage (because I won't save the previous request in session). I think this way I can be more tolerable to DoS attacks from unauthenticated users; 3) I'm learning a few things in the process of reinventing this wheel ;) > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org