You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Les Hazlewood <lh...@apache.org> on 2011/02/17 23:37:46 UTC
Proposed Subject / PrincipalCollection API improvements - feedback appreciated
Hi all,
I wanted to run an idea by the community and see what you think.
Currently when you call Subject.getPrincipals() it returns a
PrincipalCollection. The PrincipalCollection, while it necessarily
retains which principals are from each realm, I think it is less than
ideal in that you can't easily reference the principals by name - only
by type, which can be a bit clunky.
For example, I think of Principals as identity attributes of a
Subject. It is a natural extension to then want to be able to call
things like:
Subject.getUsername()
Subject.getUserId()
etc.
Naturally, we can't have methods like this because they're very
dependent upon a specific application (some apps don't use usernames
at all and use X509. Maybe they don't have a userId and call it an
'accountId'). And of course we wouldn't want to force those methods
on Subject implementations.
But we could do this in a generic way if the Subject principals were a
map, where the map key was the principal name, and the map value was
the principal itself. For example:
subject.getPrincipals() returns a PrincipalMap. A PrincipalMap is a
Map<String,Object> that has some additional methods that allow you to
get Realm-specific principals too if you wanted.
So you could do things like this:
subject.getPrincipal("username") returns a username;
subject.getPrincipal("userId") returns a username.
Then we could do really cool things in the JSP tags, e.g.:
<shiro:principal name="username"/>
and in Groovy:
subject.principals.username
subject.principals.userId
etc.
Unfortunately I don't know if this change can be backwards compatible
because of the Subject and Realm changes it might require. Maybe it
could - I need to research. Having 20/20 hindsight, I almost think
"duh, I can't believe we didn't do it like this to begin with". What
do you think?
Thoughts? Comments?
Cheers,
--
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com