You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lenya.apache.org by Andreas Hartmann <an...@apache.org> on 2008/04/04 15:44:38 UTC
Re: svn commit: r644407 - in /lenya/branches/branch_1_2_x_shibboleth/src:
java/org/apache/lenya/ac/shibboleth/ webapp/lenya/resources/i18n/
Jann Forrer schrieb:
> Hi Andreas
>
> [ ... ]
>> @@ -193,16 +200,17 @@
>> }
>> identity.removeIdentifiable(oldUser);
>> }
>> - identity.addIdentifiable(new TransientUserReference(user));
>> + identity.addIdentifiable(new ShibbolethUserReference(user));
>> if (getLogger().isDebugEnabled()) {
>> getLogger().debug("Adding user [" + user + "] to identity.");
>> }
>> }
>>
> Do you think it make sense to pass the type of UserReference
> (TransientUserReference, ShibbolsethUserRefernce, ....) as a parameter
> to the updateIdentity method?
> The reason is ask is: I extended the ShibbolethAuthenticator class
> adding a authenticateLdapUser method in order to authenticate ldap user
> which are not defnied in the cms. Within this method I also use the
> updateidenty method of the super class.
If you need this functionality, IMO it would make sense to introduce a
cascade of authenticators. The Java class hierarchy is not flexible
enough to handle such cases.
DefaultAccessController:
public boolean authenticate(Request request, ErrorHandler handler)
throws AccessControlException {
assert request != null;
boolean authenticated = false;
Authenticators[] authenticators = getAuthenticators();
int i = 0;
while (!authenticated) {
authenticated = authenticators[i].authenticate(
getAccreditableManager(), request, handler);
i++;
}
return authenticated;
}
Would this meet your requirements?
> However In the ldap case i don't need to add a ShibbolethUserReference
> but a TransientUserReference to the identity.
In this case I'd rather introduce the method
ShibbolethAuthenticator.createReference(User user);
-- Andreas
--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
Tel.: +41 (0) 43 818 57 01
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: svn commit: r644407 - in /lenya/branches/branch_1_2_x_shibboleth/src:
java/org/apache/lenya/ac/shibboleth/ webapp/lenya/resources/i18n/
Posted by Jann Forrer <ja...@id.uzh.ch>.
Andreas Hartmann wrote:
> Jann Forrer schrieb:
>> Hi Andreas
>>
>> [ ... ]
>>> @@ -193,16 +200,17 @@
>>> }
>>> identity.removeIdentifiable(oldUser);
>>> }
>>> - identity.addIdentifiable(new TransientUserReference(user));
>>> + identity.addIdentifiable(new ShibbolethUserReference(user));
>>> if (getLogger().isDebugEnabled()) {
>>> getLogger().debug("Adding user [" + user + "] to
>>> identity.");
>>> }
>>> }
>>>
>> Do you think it make sense to pass the type of UserReference
>> (TransientUserReference, ShibbolsethUserRefernce, ....) as a parameter
>> to the updateIdentity method?
>> The reason is ask is: I extended the ShibbolethAuthenticator class
>> adding a authenticateLdapUser method in order to authenticate ldap user
>> which are not defnied in the cms. Within this method I also use the
>> updateidenty method of the super class.
>
> If you need this functionality, IMO it would make sense to introduce a
> cascade of authenticators. The Java class hierarchy is not flexible
> enough to handle such cases.
>
> DefaultAccessController:
>
> public boolean authenticate(Request request, ErrorHandler handler)
> throws AccessControlException {
>
> assert request != null;
> boolean authenticated = false;
> Authenticators[] authenticators = getAuthenticators();
> int i = 0;
> while (!authenticated) {
> authenticated = authenticators[i].authenticate(
> getAccreditableManager(), request, handler);
> i++;
> }
> return authenticated;
> }
>
> Would this meet your requirements?
>
I think yes. But does it make sense to have inheritance within the
authenticators like:
AbstractTransientUserAuthenticator
¦ ¦
¦ ¦
ShibbolethAuthenticator LdapAuthenticator
because Authenticators for Transient-User have a lot in common.
and there could be something similar for User defined in the system like:
AbstractFileAuthenticator
¦ ¦
¦ ¦
SomeFileAuthenticator SomeOtherFileAuthenticator
>
>> However In the ldap case i don't need to add a ShibbolethUserReference
>> but a TransientUserReference to the identity.
>
> In this case I'd rather introduce the method
>
> ShibbolethAuthenticator.createReference(User user);
>
>
Ok, I will try it. Thanks for the pointers.
Jann
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org