Yup. Exactly. This way, I still can subclass the Existing User and not have to worry about breaking anything.
Thanks Shishir -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Monday, June 07, 2004 3:09 AM To: [EMAIL PROTECTED] Subject: RE: [Acegisecurity-developer] Custom attributes on User Object > Since getPrincipal already has a signature of Object, why can't it be > allowed to store the user object sans password instead of only the > user name as string. Then in my provider, I can prepare my user object > in anyway I like, whether it be string (user name) or an object with > some info and then cast it accordingly in my view . So you're proposing DaoAuthenticationProvider returns an Authentication object (specifically UsernamePasswordAuthenticationToken) that has as its Principal the User, rather than the current User.getUsername() String? DaoAuthenticationProvider uses authentication.getPrincipal() in which it expects a String to be presented. We would need to have DaoAuthenticationProvider detect if the presented Authentication.getPrincipal() object is a String or User, and handle it accordingly. Aside from this, I can't see any problems with this approach. I also think we should overwrite the password in the User object before passing it to the AuthenticationEvent and/or using it as the returned Authentication.getPrincipal() value. Would doing this cause concerns for anyone? Ben ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
