You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by Hugh Ross <hu...@propylon.com> on 2005/10/18 18:10:49 UTC

Token in credentials

I am writing an server-side application which will use JackRabbit to 
serve out files to a Python client.
Authentication will be via an LDAP server.
I only want the client to have to authenticate once per session as 
opposed to once per request.

What is the best way of doing this?
(I won't be using Servlets so will not be able to store the JackRabbit 
Session object in the servlet's HttpSession object, nor will I be using 
Stateful Session EJBs)

I was thinking of using some sort of token which is generated on 
successful log in and then stored in the database. The token would then 
be passed for every subsequent request (using the setAttribute() method 
of the SimpleCredentials object)
I would then need to override the RepositoryImpl.login method to check 
the token passed against the database to ensure that it is a valid request.

Can anybody think of a better way of doing this?

Many thanks in advance for your help.

Hugh

Re: Token in credentials

Posted by David Nuescheler <da...@gmail.com>.

hi hugh,

also, i would probably use the j2ee container user to
log the user into the repository with a login module that
accept credentials without a password.
maybe depending on your application you can even
use the j2ee user id as your identifier for the session, which
would allow you to avoid the "session id" all together.

regards,
david

Re: Token in credentials

Posted by Stefan Guggisberg <st...@gmail.com>.

hi hugh

On 10/18/05, Hugh Ross <hu...@propylon.com> wrote:
> I am writing an server-side application which will use JackRabbit to
> serve out files to a Python client.
> Authentication will be via an LDAP server.
> I only want the client to have to authenticate once per session as
> opposed to once per request.
>
> What is the best way of doing this?
> (I won't be using Servlets so will not be able to store the JackRabbit
> Session object in the servlet's HttpSession object, nor will I be using
> Stateful Session EJBs)
>
> I was thinking of using some sort of token which is generated on
> successful log in and then stored in the database. The token would then
> be passed for every subsequent request (using the setAttribute() method
> of the SimpleCredentials object)
> I would then need to override the RepositoryImpl.login method to check
> the token passed against the database to ensure that it is a valid request.
>
> Can anybody think of a better way of doing this?

there's no need to override the RepositoryImpl.login method. all you have to
do is writing a custom LoginModule. see o.a.j.c.s.SimpleLoginModule
(the login method specifically) for an example.

cheers
stefan

>
> Many thanks in advance for your help.
>
> Hugh
>
>
>