0 Replies Latest reply on Feb 25, 2003 6:29 AM by Achilleus Mantzios

    Programmatic access to Form-based authenticated URL resource

    Achilleus Mantzios Newbie

      Hi,

      My question is somewhat general.

      BASIC authentication is well supported on web browsers, but it is
      not session based and there is no simple way to implement "logout".
      However it is great for program clients (like servlets).

      Form authentication looks fancier, is based on sessions, therefore
      a "logout" is simply a Session.invalidate(), but it is not easy
      for program clients to handle.

      Suppose some wants to write a simple servlet that "mails" another URL
      to the client.

      One way to do so is to use javax.activation.URLDataSource.
      However, because it works as a plain HTTP Conversation with the server
      (that is with itself!!), there is no way to bypass the securitiy issues invlolved.

      Has anyone any ideas on the matter??