I am not sure I understand...
To establish a CometD session, you need to send a handshake message,
and this is done via the client API.
It is perhaps possible to implement some incredibly hacky solution via
j_security_check, but I would not recommend that, and I am not even
sure it's possible.
Perhaps you can explain with some more details what you want to do ?
Simon
--
http://bordet.blogspot.com
---
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless. Victoria Livschitz
On Sun, Sep 4, 2011 at 14:17, perissf <per...@gmail.com> wrote:
> Ok.
> My app has some web services (a RESTful web service that connects to
> the db) and I need a security for them. I chose what I seemed to me
> the "standard" Java solution explained in all tutorials: to create a
> realm and to authenticate via j_security_check.
Uhm, j_security_check is used to do FORM authentication, which
normally is done when there is human interaction (i.e. user enters
username and password).
RESTful services are not normally authenticated with j_security_check
but with other mechanisms, ranging from (timed) tokens, to basic
authentication, etc. (i.e. something that does not require human
interaction).
CometD would work the same way, for example passing the HTTP headers
required by Basic authentication.
Since CometD requests (when using HTTP transports) are POSTs, you
can't POST additional data (like you would with j_security_check).
I am not sure how you can do that with restful services, for example
if I perform a POST request.
If you have a login page first, where you do your j_security_check,
and out of that page you get some authentication token, you can pass
that in CometD and have it processed on server-side (see
http://cometd.org/documentation/2.x/howtos/authentication).
Simon
--