On Tue, Feb 14, 2012 at 9:32 PM, Sameera Jayasoma <[email protected]> wrote: > Hi Amila, > > +1 for the proposed changes. Please see my comments below. > > On Tue, Feb 14, 2012 at 3:22 PM, Amila Jayasekara <[email protected]> wrote: >> >> Hi All, >> >> We had a review discussion on Carbon Authenticators and following are >> the review notes. >> >> 1. There are some common logic that should be implemented in every >> authenticator. Currently invoking this logic is duplicated among >> authenticators. So to avoid that we are planning to come up with an >> abstract Authenticator implementation. >> 2. As per now AuthenticationHandler first invokes AuthenticationAdmin >> and then it calls chain of authenticators. The AuthenticationAdmin >> call is not necessary. We need to refactor code in such a way that >> authenticator it self will only handle authenticating logic (Rather >> than within the Handler). >> 3. Properly implement authenticator chaining pattern. Make use >> “isHandle”, “priority”, “isAuthenticated” methods and make only >> authenticator aware about the logic. >> 4. After cleaning up the API, implement “Basic Auth” authenticator. >> (As first step) > > > 5. Cleanup Carbon.UI framework to improve the plugability of custom > authenticators. I recently wrote an authenticator, but I had to hard code > some URLs in the CarbonSecurityHttpContext class. Please have a look at the > following method in this class. > > private boolean skipSSOSessionInvalidation(String requestedURI) { > boolean skipSessionInvalidation = false; > if ((requestedURI.indexOf("/samlsso") > -1) > || (requestedURI.indexOf("sso-saml/login.jsp") > -1) > || > (requestedURI.indexOf("stratos-sso/login_ajaxprocessor.jsp") > -1) > || > (requestedURI.indexOf("sso-saml/redirect_ajaxprocessor.jsp") > -1) > || > (requestedURI.indexOf("stratos-sso/redirect_ajaxprocessor.jsp") > -1) > || > (requestedURI.indexOf("sso-acs/redirect_ajaxprocessor.jsp") > -1) > || > (requestedURI.indexOf("stratos-auth/redirect_ajaxprocessor.jsp") > -1)) { > skipSessionInvalidation = true; > } > return skipSessionInvalidation; > } > > As a part of this effort, lets refactor this bit of code as well.
+1. Will take above into consideration as well. If possible please create a carbon Jira and assigned to me. Thanks AmilaJ > > Thanks, > Sameera. > >> >> Thanks >> AmilaJ >> >> -- >> Mobile : +94773330538 >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > -- > Sameera Jayasoma > Technical Lead and Product Manager, WSO2 Carbon > > WSO2, Inc. (http://wso2.com) > email: [email protected] > blog: http://tech.jayasoma.org > > > Lean . Enterprise . Middleware > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > -- Mobile : +94773330538 _______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
