On Feb 1, 2007, at 3:33 PM, Scott Battaglia wrote: > Would your DartmouthUserPassCred2PrincipalResolver be able to > return a principal for the types of users that the new > CredentialsToPrincipalResolver would be able to handle? If it > doesn't recognize those users and would return null, then the chain > would continue until it found one that did not return null.
I *think* it should fail, the backend data source it would be trying to pull from is very different, and there would be no overlap of users. I wasn't sure what would happen if the first UserPass resolver failed, but sounds like it will do what we need. > I am looking at creating a more optimized algorithm (an alternative > AuthenticationManager) that would allow you to specify a one-to-one > mapping of authentication handlers and > CredentialsToPrincipalResolvers. We do it the way we do now as it > covers both scenarios where people have the mapping (its just less > efficient) and people don't have the mapping. > > Thoughts? Might make it simpler, I can't ever see a need for an AuthHanlder to work with more than one Resolver. One C2PResolver should be able to support mulitple Handlers though. It is more to configure, but I don't know if it makes it easier in the actual code. As long as the fall-through is fast and well-defined, I don't see a strong preference. One question would be what happens with 25 auth handlers and say 20 C2PResolvers? Steve _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
