Hi Amila, +1 for the proposed changes. Please see my comments below.
On Tue, Feb 14, 2012 at 3:22 PM, Amila Jayasekara <[email protected]> wrote: > Hi All, > > We had a review discussion on Carbon Authenticators and following are > the review notes. > > 1. There are some common logic that should be implemented in every > authenticator. Currently invoking this logic is duplicated among > authenticators. So to avoid that we are planning to come up with an > abstract Authenticator implementation. > 2. As per now AuthenticationHandler first invokes AuthenticationAdmin > and then it calls chain of authenticators. The AuthenticationAdmin > call is not necessary. We need to refactor code in such a way that > authenticator it self will only handle authenticating logic (Rather > than within the Handler). > 3. Properly implement authenticator chaining pattern. Make use > “isHandle”, “priority”, “isAuthenticated” methods and make only > authenticator aware about the logic. > 4. After cleaning up the API, implement “Basic Auth” authenticator. > (As first step) > 5. Cleanup Carbon.UI framework to improve the plugability of custom authenticators. I recently wrote an authenticator, but I had to hard code some URLs in the CarbonSecurityHttpContext class. Please have a look at the following method in this class. private boolean skipSSOSessionInvalidation(String requestedURI) { boolean skipSessionInvalidation = false; if ((requestedURI.indexOf("/samlsso") > -1) || (requestedURI.indexOf("sso-saml/login.jsp") > -1) || (requestedURI.indexOf("stratos-sso/login_ajaxprocessor.jsp") > -1) || (requestedURI.indexOf("sso-saml/redirect_ajaxprocessor.jsp") > -1) || (requestedURI.indexOf("stratos-sso/redirect_ajaxprocessor.jsp") > -1) || (requestedURI.indexOf("sso-acs/redirect_ajaxprocessor.jsp") > -1) || (requestedURI.indexOf("stratos-auth/redirect_ajaxprocessor.jsp") > -1)) { skipSessionInvalidation = true; } return skipSessionInvalidation; } As a part of this effort, lets refactor this bit of code as well. Thanks, Sameera. > Thanks > AmilaJ > > -- > Mobile : +94773330538 > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > -- Sameera Jayasoma Technical Lead and Product Manager, WSO2 Carbon WSO2, Inc. (http://wso2.com) email: [email protected] blog: http://tech.jayasoma.org Lean . Enterprise . Middleware
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
