- From: Anselm Baird_Smith <abaird@www43.inria.fr>
- Date: Wed, 22 Jan 1997 15:47:42 +0100 (MET)
- To: "S. Alexander Jacobson" <alex@interband.com>
- Cc: www-jigsaw@www10.w3.org
S. Alexander Jacobson writes: > Anselm, Anotonio, > > You both suggest something like this: > > request.getState(www.jigsaw.auth.AuthFilter.STATE_AUTHUSER); > > There seems to be two difficulties with this: > 1. it returns the name of the user as opposed to an Authuser object > which forces two resource lookups instead of just one if I want other > information from the user Yes, there is no work around here, since an AuthUser is a resource, and a resource pointer can not be kept without special care (ie providing the AuthUser would require that we setSate(STATE, authuser)) > 2. this use of request state seems to have inherent namespace problems- > What if I had multiple auth filters > in front of my resource. For example, suppose that I had an > organization authfilter which allowed everyone from particular sets > of IP addresses to enter as the organization from which they accessed > (e.g. aol, cserve, prodigy, ibm). Then I installed a generic-auth-filter > inside that filter to track particular users at particular organizations. > > I assume a state lookup as above would return just the content of the > inner-auth. Is there a way to grab both? The namespace is not a problem, since all state pieces are prefixed (a convention) with the class that is responsible for setting the state. The AuthFilter being generic, part of any of its subclass contract is to provide that info. In the case of multiple auth filters, you'll get the inner one, yes. Note that currently HTTP doesn't let you put multiple authentication on the same document (you can have one IP and another basic, but not two basics, or a basic and a digest). If this were to become possible some day, we would probably have to redefine the semantics of STATE_AUTHUSER to return a String[] (I guess) Anselm.
Received on Wednesday, 22 January 1997 09:48:19 UTC