You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2019/05/15 11:43:00 UTC
[jira] [Commented] (OAK-8316) Drop userId field in TokenLoginModule
[ https://issues.apache.org/jira/browse/OAK-8316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16840307#comment-16840307 ]
angela commented on OAK-8316:
-----------------------------
[~stillalex], let me know in case you have any concern regarding the proposed changes.
> Drop userId field in TokenLoginModule
> -------------------------------------
>
> Key: OAK-8316
> URL: https://issues.apache.org/jira/browse/OAK-8316
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: core, security
> Reporter: angela
> Assignee: angela
> Priority: Minor
> Attachments: OAK-8316.patch
>
>
> {{TokenLoginModule.login}} contains the following code that may set the {{userId}} field:
> {code}
> [...]
> TokenCredentials tc = (TokenCredentials) credentials;
> TokenAuthentication authentication = new TokenAuthentication(tokenProvider);
> if (authentication.authenticate(tc)) {
> tokenCredentials = tc;
> tokenInfo = authentication.getTokenInfo();
> userId = authentication.getUserId();
> [...]
> }
> {code}
> however, {{TokenAuthentication.getUserId()}} will just delegate to {{TokenInfo.getUserId}} and setting the {{userId}} in the login module is IMO redundant. Also, upon commit the {{AuthInfo}} is ultimately populated with the ID retrieved from the {{TokenInfo}} and the userId field is ignored.
> I would therefore suggest to drop the extra {{userId}} field and simplify the code accordingly. [~stillalex], will attach a proposed patch later today.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)