[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-commons-dev
Subject:    Re: Delaying response generation (for failed login attempts)
From:       Oleg Kalnichevski <olegk () apache ! org>
Date:       2009-04-16 14:45:46
Message-ID: 20090416144546.GA24128 () ok2consulting ! com
[Download RAW message or body]

On Thu, Apr 16, 2009 at 04:41:59PM +0200, Joerg Bullmann wrote:
> Hi Oleg,
> 
> Thanks a lot for your quick and very detailed reply. Will have a look. There is \
> just one thing: what I'd like to do is have the web application respond with a \
> proper 'login failed' style web page instead of a code 401. I guess I can do just \
> that instead of your suggestion in step (4). Am I right? 

Any valid HTTP response you please.

Oleg


> Cheers,
> Joerg
> 
> On Thursday, 16 April, 2009 4:03pm, "Oleg Kalnichevski" <olegk@apache.org> said:
> 
> > This can be fairly easily done with HttpCore NIO without an additional
> > execution thread or blocking the I/O tread. However, most likely you
> > will have to implement a custom NHttpServiceHandler to get it done.
> > 
> > Here's what you have to do
> > 
> > (1) After a complete HTTP request has been received, execute user
> > authentication logic of your choice. If authentication fails, disable
> > both input and output events on that connection and set connection
> > timeout to something like 3 seconds. The connection will be effectively
> > disabled.
> > 
> > (2) NHttpServiceHandler#timeout will fire approximately 3 seconds later.
> > Reset the timeout to its default value and enable input and output
> > events.
> > 
> > (3) NHttpServiceHandler# responseReady will fire at some point of time
> > indicating the connection is ready to accept a response.
> > 
> > (4) Submit a 401 response to the user.
> > 
> > That is it.
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]