Basic Auth – Just Say No
One simply should not use basic auth. Period. And I am not talking about security here. Only functionality and what you can, and most importantly cannot do with basic auth. Okay, I know that was a bit harsh, and I do use basic auth myself sometimes. Like for instance with something dead-simple on an intranet, [...]
December 4, 2009
· 
polesen · 
7 Comments
Tags: http, security · Posted in: Programming
Acegi Security Not Setting a New Session Cookie
I and a colleague battled a “funny” problem, where our flash client did not get a new session cookie, when the old one expired. In the process of determining what was wrong, we came in touch with a great deal of areas, including RFC 2965 about HTTP State Management, the sources for tomcat 6, JSR-154 [...]
July 19, 2008
· polesen · 2 Comments
Tags: acegi, cookie, security, session · Posted in: Programming
Faking a Valid Acegi SecurityContext in a UnitTest
When using acegi security in your code, you will often have a setup, where the authentication information is put on a ThreadLocal somewhere inside SecurityContextHolder and then used later on in the application code. Actually, acegi operates with strategies for how to store the security information, but more often than not, it is on a [...]
January 24, 2008
· polesen · No Comments
Tags: acegi, Java, junit, security · Posted in: Programming, Testing