[prev in list] [next in list] [prev in thread] [next in thread]
List: httpclient-commons-dev
Subject: Re: Delaying response generation (for failed login attempts)
From: Oleg Kalnichevski <olegk () apache ! org>
Date: 2009-04-16 14:45:46
Message-ID: 20090416144546.GA24128 () ok2consulting ! com
[Download RAW message or body]
On Thu, Apr 16, 2009 at 04:41:59PM +0200, Joerg Bullmann wrote:
> Hi Oleg,
>
> Thanks a lot for your quick and very detailed reply. Will have a look. There is \
> just one thing: what I'd like to do is have the web application respond with a \
> proper 'login failed' style web page instead of a code 401. I guess I can do just \
> that instead of your suggestion in step (4). Am I right?
Any valid HTTP response you please.
Oleg
> Cheers,
> Joerg
>
> On Thursday, 16 April, 2009 4:03pm, "Oleg Kalnichevski" <olegk@apache.org> said:
>
> > This can be fairly easily done with HttpCore NIO without an additional
> > execution thread or blocking the I/O tread. However, most likely you
> > will have to implement a custom NHttpServiceHandler to get it done.
> >
> > Here's what you have to do
> >
> > (1) After a complete HTTP request has been received, execute user
> > authentication logic of your choice. If authentication fails, disable
> > both input and output events on that connection and set connection
> > timeout to something like 3 seconds. The connection will be effectively
> > disabled.
> >
> > (2) NHttpServiceHandler#timeout will fire approximately 3 seconds later.
> > Reset the timeout to its default value and enable input and output
> > events.
> >
> > (3) NHttpServiceHandler# responseReady will fire at some point of time
> > indicating the connection is ready to accept a response.
> >
> > (4) Submit a 401 response to the user.
> >
> > That is it.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic