Details
-
Sub-task
-
Resolution: Done
-
Major
-
None
-
None
Description
The mechanism should be usable both in a Servlet container and non Serlvet container environment.
For FORM authentication we predominantly have an error page and a login page to display these can be displayed on one of three ways: -
1. Redirect to the appropriate page - this does not provide compatibility with other mechanisms as the redirect is triggered with a status code so a 401 can not be sent as well.
2. Serve up the raw resource, this will work for static pages but if the login page is dynamically generated will not be suitable.
3. Forward the request within the server to serve the page content, this allows all additional server side processing such as jsp pages to be served.
An additional consideration is multi-step FORM based authentication e.g.
1. User supplies username and password.
2. If user configured for OTP additional challenge sent asking for next token.
On this case at step 1 the user could possibly only be prompted for a username, after that a user appropriate challenge can be sent.
