Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

declaretive authentication problem

 
Harshana Dias
Ranch Hand
Posts: 348
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey,

We know in secure transport when a client make a request thorough http it first ask for https then again after https request gone it will pop out the login form and ask for username and password.

So its the 3rd request that user have to submit the login data which the user gonna mad and not effiecint too. isnt there any better solution? cant we ask for login same time asking https?
 
Chinmaya Chowdary
Ranch Hand
Posts: 434
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Harshana. Can you please elaborate your question?
cant we ask for login same time asking https?
 
Harshana Dias
Ranch Hand
Posts: 348
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Chinmaya Chowdary wrote:Hi Harshana. Can you please elaborate your question?


ok Chinmaya..do you think the follwing efficient?

when a client make a request thorough http it first ask for https then again after https request gone it will pop out the login form and ask for username and password. So its the 3rd request that user have to submit the login data.
 
Chinmaya Chowdary
Ranch Hand
Posts: 434
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Harshana. Thanks for the reply. It seems you want to reduce the requests(less than 3 requests). As far my knowledge concerned, its not possible in this model(client-server). If we ask for login same time asking https, the container will not be able to know wether the client is sending data over secure transport layer connection or not. We know we are sending our 'username and password' securely using 'https'.
The J2EE specification guarantees 'data integrity' and 'data confidentiality'. So it has to know wether the client has opened secure connection or not. For this purpose it sends 301 resposne, for first request. Therefore the container needs this extra step.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic