Ashish Raniwala wrote:
> Hi Paul,
>
> Our requirement is that each request need to send encoded token in request
> which need to be validated.
Is that for GET requests as well as POST requests? If so how is the
encoded token sent in a GET request? is that as a query parameter called
"sessionToken" ?
> This token cannot be stored in HttpSession for
> various reasons but is stored in database. Something like ACEGI's Persistent
> Token based approach for remember me. We have option to send this token in
> request (POST) or in Http Header but Http Headers are difficult with plain
> HTMLs so we are currently working with form parameters.
>
> Since all requests will have this validation required that's why we thought
> about using Filters.
>
Where is this security token parameter obtained from?
Sorry for all the questions as i really want to understand if it is
really the right thing for you to use form parameters for security token
parameters. It appears you may be implementing a variant of "classic"
session-based management with specific use-cases for security token
storage, and you may be able to use a cookie-based approach or a URI
query parameter approach with GET/POST for the transmission of the
security token.
Paul.
--
| ? + ? = To question
----------------\
Paul Sandoz
x38109
+33-4-76188109