From: "Bill Burke" <bburke(a)redhat.com&gt; To: undertow-dev(a)lists.jboss.org Sent: Thursday, 7 November, 2013 3:36:52 AM Subject: [undertow-dev] cached authenticated sessions class CachedAuthenticatedSessionHandler { private boolean isCacheable(final SecurityNotification notification) { return notification.isProgramatic() || "FORM".equals(notification.getMechanism()); } Any new AuthenticationMechanism that wants session cached auth is forced to specify "FORM" for its mechanism when calling authenticationComplete(). Is this a bad thing? Should "cacheable" be a part of the authenticationComplete() callback instead? -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ undertow-dev mailing list undertow-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/undertow-dev