Now I'm writing remote client application to communicate with server by Burlap. Web services are protected by the ACEGI security framework. As the sample Contacts client application, each time I have to provide the username and password for authentication.
Questions 1: Will the acegi authenticate the request each time when I calling different services even I have already authenticated? If not, is acegi just use the user id and the Authentication object in the server side to determine the user already login? If not, how to avoid the server to authenticate the user in each service call?
Question 2: Can I get back the session ID information after login in the client side? Then, can I present it(session id) instead of providing login information again on the next burlap request call like the web browser application?
Question 3: In my application, we need to implement session management such as we have to force user logout. How can we do it with ACEGI? Do we only need to remove the Authentication object from the Httpsession and remove it from the ContextHolder?