Where does Jetty store information about authenticated user?

522 views Asked by At

I read the documentation on Jetty page: http://www.eclipse.org/jetty/documentation/9.2.6.v20141205/index.html

but I still do not know where does Jetty store information about authenticated user. I am currently writing application which is state less despite of the fact that I need to know who was logged in.

Do I need to set up session replication via database or maybe there is a smarter way to do this like session stored in cookie: http://httpd.apache.org/docs/trunk/mod/mod_session_cookie.html

1

There are 1 answers

0
gregw On

It depends on what authentication mechanism you are using. If you use BASIC, then nothing is stored on the server and the credentials are sent along with every request.

If you use DIGEST, then only transient data is stored on the server (in the DigestAuthenticator), so it does not need to be replicated in a cluster.

If you use FORM auth, then the credentials are indeed cached in the users session and if you are operating in a cluster you either need to distribute the session.... or if you want to be stateless, use some single sign on mechanism to handle any authentication failures.