You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by Hugh Ross <hu...@propylon.com> on 2005/10/18 18:10:49 UTC
Token in credentials
I am writing an server-side application which will use JackRabbit to
serve out files to a Python client.
Authentication will be via an LDAP server.
I only want the client to have to authenticate once per session as
opposed to once per request.
What is the best way of doing this?
(I won't be using Servlets so will not be able to store the JackRabbit
Session object in the servlet's HttpSession object, nor will I be using
Stateful Session EJBs)
I was thinking of using some sort of token which is generated on
successful log in and then stored in the database. The token would then
be passed for every subsequent request (using the setAttribute() method
of the SimpleCredentials object)
I would then need to override the RepositoryImpl.login method to check
the token passed against the database to ensure that it is a valid request.
Can anybody think of a better way of doing this?
Many thanks in advance for your help.
Hugh
Re: Token in credentials
Posted by David Nuescheler <da...@gmail.com>.
hi hugh,
also, i would probably use the j2ee container user to
log the user into the repository with a login module that
accept credentials without a password.
maybe depending on your application you can even
use the j2ee user id as your identifier for the session, which
would allow you to avoid the "session id" all together.
regards,
david
Re: Token in credentials
Posted by Stefan Guggisberg <st...@gmail.com>.
hi hugh
On 10/18/05, Hugh Ross <hu...@propylon.com> wrote:
> I am writing an server-side application which will use JackRabbit to
> serve out files to a Python client.
> Authentication will be via an LDAP server.
> I only want the client to have to authenticate once per session as
> opposed to once per request.
>
> What is the best way of doing this?
> (I won't be using Servlets so will not be able to store the JackRabbit
> Session object in the servlet's HttpSession object, nor will I be using
> Stateful Session EJBs)
>
> I was thinking of using some sort of token which is generated on
> successful log in and then stored in the database. The token would then
> be passed for every subsequent request (using the setAttribute() method
> of the SimpleCredentials object)
> I would then need to override the RepositoryImpl.login method to check
> the token passed against the database to ensure that it is a valid request.
>
> Can anybody think of a better way of doing this?
there's no need to override the RepositoryImpl.login method. all you have to
do is writing a custom LoginModule. see o.a.j.c.s.SimpleLoginModule
(the login method specifically) for an example.
cheers
stefan
>
> Many thanks in advance for your help.
>
> Hugh
>
>
>