We do not have GET requests so far in our System. This system is enterprise
application which will require custom integration and client will always
make POST requests.
-----Original Message-----
From: Paul.Sandoz_at_Sun.COM [mailto:Paul.Sandoz_at_Sun.COM]
Sent: Monday, August 25, 2008 5:36 PM
To: users_at_jersey.dev.java.net
Subject: Re: [Jersey] Problem with Filter
Ashish Raniwala wrote:
> Hi Paul,
>
> Our requirement is that each request need to send encoded token in request
> which need to be validated.
Is that for GET requests as well as POST requests? If so how is the
encoded token sent in a GET request? is that as a query parameter called
"sessionToken" ?
> This token cannot be stored in HttpSession for
> various reasons but is stored in database. Something like ACEGI's
Persistent
> Token based approach for remember me. We have option to send this token in
> request (POST) or in Http Header but Http Headers are difficult with plain
> HTMLs so we are currently working with form parameters.
>
> Since all requests will have this validation required that's why we
thought
> about using Filters.
>
Where is this security token parameter obtained from?
Sorry for all the questions as i really want to understand if it is
really the right thing for you to use form parameters for security token
parameters. It appears you may be implementing a variant of "classic"
session-based management with specific use-cases for security token
storage, and you may be able to use a cookie-based approach or a URI
query parameter approach with GET/POST for the transmission of the
security token.
Paul.
--
| ? + ? = To question
----------------\
Paul Sandoz
x38109
+33-4-76188109
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
For additional commands, e-mail: users-help_at_jersey.dev.java.net