Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 92772 invoked from network); 28 Nov 2007 17:10:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Nov 2007 17:10:00 -0000 Received: (qmail 816 invoked by uid 500); 28 Nov 2007 17:09:37 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 550 invoked by uid 500); 28 Nov 2007 17:09:37 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 539 invoked by uid 99); 28 Nov 2007 17:09:37 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Nov 2007 09:09:37 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [76.96.62.56] (HELO QMTA06.westchester.pa.mail.comcast.net) (76.96.62.56) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Nov 2007 17:09:38 +0000 Received: from OMTA14.westchester.pa.mail.comcast.net ([76.96.62.60]) by QMTA06.westchester.pa.mail.comcast.net with comcast id JBM21Y0041HzFnQ050VN00; Wed, 28 Nov 2007 17:09:17 +0000 Received: from [192.168.1.102] ([68.50.0.179]) by OMTA14.westchester.pa.mail.comcast.net with comcast id JH9H1Y0033rjQ2C0300000; Wed, 28 Nov 2007 17:09:17 +0000 X-Authority-Analysis: v=1.0 c=1 a=W_WgNwA-jckA:10 a=xe8BsctaAAAA:8 a=NZRdkbxoVIjye4j9zNYA:9 a=2Ezg9WI-IhFOi68mnPcA:7 a=oSrzzWhYgXfkkqbdKjuqwCZDxBIA:4 a=rPt6xJ-oxjAA:10 Message-ID: <474DA0BC.9080802@christopherschultz.net> Date: Wed, 28 Nov 2007 12:09:16 -0500 From: Christopher Schultz User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Tomcat Users List CC: 'Carlo Politi' Subject: Re: Tomcat's container architecture - Authenticator References: <542915.9276.qm@web27708.mail.ukl.yahoo.com> <000001c831a5$2bce14b0$836a3e10$@uminho.pt> In-Reply-To: <000001c831a5$2bce14b0$836a3e10$@uminho.pt> X-Enigmail-Version: 0.95.5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Barbara, Bárbara Vieira wrote: > My question is: why we are putting the Principal in the Request? So that request.getUserPrincipal() will return a value. > Why we can’t just authenticate the user if there is a principal in > internal Session?! Doesn’t make sense, put the Principal in the > Request, and after in the authentication method we just test if there > is a Principal in the Request and return true. A request may be checked multiple times for authentication (think server-side forwards, etc.) so it's a small optimization to cache the principal in the request -- and it satisfies the requirement that request.getUserPrincipal() actually works, so it makes sense. > In others words, what kind of security this process provides?! There will never be a Principal object that has not been properly authenticated. Is that good enough security for you? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTaC89CaO5/Lv0PARArZNAJ9GTktlPVu1+Q3a9CMkxbtdAB5V4QCeJJwm K6u4yM6jdG/l+IA/p/WT0TI= =lF0e -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org