Jan 10th, 2012, 03:11 AM
create-session="stateless" usage ?
I was hoping that changing into "stateless" for create-session attribute would be the end of it to achieve stateless spring security in my webapp, but it is not so.
With that change, the spring security seems to be not working, since spring security doesnt store anything in the session, and cannot do authentication to secured web requests ?
How do i make use of this "stateless" feature ?
Thank you !
Jan 10th, 2012, 10:52 AM
Stateless means you have to pass credentials for every request. As you can imagine, without some sort of caching (try the @Cached annotations) or signature based credential (not provided) this can be rather costly to performance.
Jan 10th, 2012, 06:24 PM
Hi, thanks for the reply. Does this mean i must use http basic or digest auth, or perhaps there are other approaches? My clients would be mostly web browsers and rest clients.
Actually i like the simplicity of digest with SSL, but im uncomfortable with being unable to logout using digest auth without restarting the browser.
I would like to do stateless in hope i can scale horizontaly easily. Will the use of @Cached break this requirement?
Please share your thoughts. Thank you.
Tags for this Thread