W3C home > Mailing lists > Public > www-jigsaw@w3.org > January to February 1997

Re: getting the basic auth-name

From: Anselm Baird_Smith <abaird@www43.inria.fr>
Date: Wed, 22 Jan 1997 15:47:42 +0100 (MET)
Message-Id: <199701221447.PAA23131@www43.inria.fr>
To: "S. Alexander Jacobson" <alex@interband.com>
Cc: www-jigsaw@www10.w3.org
S. Alexander Jacobson writes:
 > Anselm, Anotonio,
 > 
 > You both suggest something like this:
 > > request.getState(www.jigsaw.auth.AuthFilter.STATE_AUTHUSER);
 > 
 > There seems to be two difficulties with this:
 > 1. it returns the name of the user as opposed to an Authuser object
 > which forces two resource lookups instead of just one if I want other
 > information from the user

Yes, there is no work around here, since an AuthUser is a resource,
and a resource pointer can not be kept without special care (ie
providing the AuthUser would require that we setSate(STATE, authuser))

 > 2. this use of request state seems to have inherent namespace problems-
 > What if I had multiple auth filters
 > in front of my resource.  For example, suppose that I had an
 > organization authfilter which allowed everyone from particular sets 
 > of IP addresses to enter as the organization from which they accessed
 > (e.g. aol, cserve, prodigy, ibm).  Then I installed a generic-auth-filter
 > inside that filter to track particular users at particular organizations.
 >
 > I assume a state lookup as above would return just the content of the
 > inner-auth. Is there a way to grab both?  

The namespace is not a problem, since all state pieces are prefixed (a
convention) with the class that is responsible for setting the
state. The AuthFilter being generic, part of any of its subclass
contract is to provide that info.

In the case of multiple auth filters, you'll get the inner one,
yes. Note that currently HTTP doesn't let you put multiple
authentication on the same document (you can have one IP and another
basic, but not two basics, or a basic and a digest). If this were to
become possible some day, we would probably have to redefine the
semantics of STATE_AUTHUSER to return a String[] (I guess)

Anselm.
Received on Wednesday, 22 January 1997 09:48:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 9 April 2012 12:13:25 GMT