I'm reading Chapter 7.9 and I'm left with questions...
Can't I leave Authentication to the container? For example, if I use
something like
https://spnego.dev.java.net/ that automatically
authenticates the user against an Active Directory, then all I need
Lift to do is worry about Authorization. In addition to
HttpBasicAuthentication, HttpDigestAuthentication, and
NoAuthentication, I would expect there to be another choice like
ContainerAuthentication (or PassThruAuthentication?). Some third
party IAM systems have authentication mechanisms that simply supply
the authenticated user as a header variable -- maybe
ImplicitHeaderAuthentication?
Anyway... I think you get my point... I need to let the container
take care of Authentication, but then I need to provide the
Authorization information to the Lift app... How should I do that?
P.S. There is a weird formatting issue with Chapter 7.9 because it
goes straight from 7.9 (HTTP Basic Authentication) to 7.9.0.1 (HTTP
Digest Authentication).