Re: [Dspace-devel] Why do we call authenticate() on every AuthenticationMethod?

2015-05-05 Thread Tim Donohue 
Hi Mark,

My suspicion is that there's no great reason anymore. I don't know 
historically why the code was written this way. My speculation would be 
that the idea might have been to have a single login form which 
attempted authentication via several services. But, that is not really a 
plausible real life scenario, as modern authentication services often 
send you off to another location anyhow (e.g. Shibboleth).

That section of the AuthenticationManager, according to git blame, may 
date back to 2005 when the idea of stackable auth was first introduced 
into DSpace:

https://github.com/DSpace/DSpace/blame/master/dspace-api/src/main/java/org/dspace/authenticate/AuthenticationManager.java#L63

So, rather than dwell too much on the reason why it was built this way, 
it seems like we should investigate options to modernize our 
Authentication system in general.  Personally, I feel this is an area 
where we really should just be using a third-party Authentication plugin 
(as noted in DS-1566) rather than continually maintaining a 10 year old 
custom Authentication class.

https://jira.duraspace.org/browse/DS-1566

Just my two cents here though! :)

- Tim

On 5/4/2015 2:23 PM, Mark H. Wood wrote:
 Followup to IRC conversation with hpottinger.

 Please remind me why we do this.  If there are two stacked
 AuthenticationMethods which happen to use the same identifiers, we
 could ignore the user's choice and always authenticate using the first
 one.  At most one method is allowed to succeed before
 AuthenticationManager.authenticate() returns, so the reason can't be
 to let every method get a look at the login request.

 Should we not rather have an AuthenticationMethod.authorize() in
 addition to .authenticate()?  A UI would tell AuthenticationManager
 which method to use for authentication, and then AuthenticationManager
 would call authorize() on every method.  authenticate would *only*
 verify credentials; authorize() would be for whatever a method would
 like to do, such as decorating the session with additional
 information, updating the EPerson or other records, etc.  It might be
 sensible to have authorize() take up the function of adding special
 groups to the session.



 --
 One dashboard for servers and applications across Physical-Virtual-Cloud
 Widest out-of-the-box monitoring support with 50+ applications
 Performance metrics, stats and reports that give you Actionable Insights
 Deep dive visibility with transaction tracing using APM Insight.
 http://ad.doubleclick.net/ddm/clk/290420510;117567292;y



 ___
 Dspace-devel mailing list
 Dspace-devel@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/dspace-devel


--
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
___
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel

[Dspace-devel] DSpace Dev Mtg Tomorrow @ 15:00 UTC and JIRA Backlog Hour @ 16:00 UTC

2015-05-05 Thread Tim Donohue 
All,

Tomorrow (Weds, May 6) at 15:00 UTC, we have our weekly DSpace 
Developers Meeting in the #duraspace IRC channel. To determine your 
local time, check the world clock:
http://www.timeanddate.com/worldclock/fixedtime.html?hour=15min=0sec=0p1=0

The agenda is posted on our Developer meetings page at:
https://wiki.duraspace.org/display/DSPACE/Developer+Meetings

The notes from last week's meeting are also available off of the 
Meeting Archives area of that page.

As always, all our meetings are public.  We welcome any developers or 
non-developers to attend or just read along with the chat discussions.

If you are unable to attend, you can always add your own notes/thoughts 
on any agenda item to the above wiki page.

== JIRA Backlog Hour ==

The hour AFTER our Developers Meeting, we will be holding a JIRA 
Backlog Hour in #dspace IRC (note that it takes place in #dspace and 
NOT #duraspace).

During this meeting, developers who are available will begin to work 
together to tackle our backlog of Received tickets/bug reports in 
JIRA. We'll be looking to do a quick analysis of tickets to help move 
them along through our workflow. Anyone is welcome to join us (and you 
are more than welcome to just join mid-meeting as well).

It's a great way to learn about how we work together to support DSpace, 
and also a great way to contribute to DSpace software. Plus, you'll be 
helping all of us to determine which tickets (old and new) could use 
extra love  attention.

Our current JIRA Received backlog is at: 
https://jira.duraspace.org/secure/IssueNavigator.jspa?reset=truejqlQuery=project+%3D+DS+AND+status+%3D+Received+ORDER+BY+key+ASC%2C+priority+DESC

We hope to see you in IRC!

Thanks,

Tim Donohue
Technical Lead for DSpace Project
DuraSpace.org

--
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
___
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel