[jetty-dev] Deferred security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-dev] Deferred security

From: Greg Wilkins <gregw@xxxxxxxxxxx>
Date: Tue, 04 Aug 2009 18:22:48 +1000
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Thunderbird 2.0.0.22 (X11/20090608)

David,

I went ahead with removing deferred Authenticator class as we discussed on IRC.

It was a little trickier than I had thought since previouslycalling an
authenticator with mandatory=false meant authenticate if you can, rather
than defer.  Now it means defer unless you have other reasons (eg
j_security_check).   In order to get the authenticate if you can
semantic, authenticators have to check for a Deferred response
being passed in.    This is a bit of a hack and I'll have to
think if we can clean it up... or name things better.


Also by the same logic as was applied to removed the deferredAuthenticator,
I also removed the SessionCachingAuthenticator and now just have a
SessionAuthentication that can be used by multiple Authenticators.

The DelegateAuthenticator class was also then not needed.

I also removed the XD session cache class - which I suspect
you do use, but it can implement it elsewhere as nothing in
jetty uses or even tests it.

I think the result is a little less capable, but a lot simpler.

cheers

Prev by Date: Re: [jetty-dev] Eclipse and JSP
Next by Date: [jetty-dev] Project meta data is out of date for rt.jetty
Previous by thread: [jetty-dev] Update on Jetty7 Release
Next by thread: [jetty-dev] Re: jetty-setuid module modified for jetty 7 + jna.
Index(es):
- Date
- Thread

Breadcrumbs