× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. March 2006

Re: Authenticate "on demand"

I didn't want to be the bearer of bad news and I've held my tongue -- so to speak -- since I was only 99% sure, but Walden is correct.
There's a user authentication class in the Java toolkit if you'd like to roll your own. It's a basic function so you shouldn't have any problems locating sample code. 

Thanks,
Alfred

Walden H. Leverich wrote:


Apparently this is just hiding the content not actually signing them

off.

Unless Apache on iSeries works differently, there's nothing to
"signoff".

The first time a browser requests a page that's protected it doesn't
send an authenticated header, and as such, the server kicks the request
back with a 401 requesting authentication. The browser then asks the
user for the username and password and then responds to the server by
including an authentication header w/the username and password. All
subsequent request also include the username and password. In reality
each request is checked by the server and since the authentication
header is already there (and valid) the content is served.

How would you sign that off? There is no statefull session information
there to signoff -- it's up to the browser to throw out the cached
username and password. Now, sending a new 401 response may cause the
browser to throw out it's cache of the old username and password, I'm
not sure (and the answer would vary from browser to browser) but I don't
see what you could do on the server to force it.

Of course, if you didn't use native authentication and either rolled
your own plugin for basic authentication, or went with something that
was session based you'd be better off, but that is more work.

-Walden

------------
Walden H Leverich III
Tech Software
(516) 627-3800 x3051
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com

Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.