I have to pose a question that my colleagues and I have been asking each other for a few days now:
If you have user-provided credentials that authenticate against a directory, why _wouldn't_ you use them for principal lookup and attribute retrieval? Just by default? I'm not trying to be smarmy here. I'd really like to understand this from an architectural standpoint. Also, it _looks_ like an easy way out in FastBindLdapAuthenticationHandler (or some variation thereof) to set the user's credentials into the Context's UserDn and Password. It works like a champ, but it _feels_ like a bad idea. I'm only setting the credentials into the Context after successful login and I'm resetting them to empty string at the top of the authenticateUsernamePasswordInternal routine to minimize the chance that userB could ride userA's coattails into the system. But I have a lingering sense of doubt. Thoughts? Please? I'm looking for an elegant way to handle this, but what I've come up with feels like a hack. Thanks, Ann ------ G. Ann Campbell Systems Engineer Shaw Industries ********************************************************** Privileged and/or confidential information may be contained in this message. If you are not the addressee indicated in this message (or are not responsible for delivery of this message to that person) , you may not copy or deliver this message to anyone. In such case, you should destroy this message and notify the sender by reply e-mail. If you or your employer do not consent to Internet e-mail for messages of this kind, please advise the sender. Shaw Industries does not provide or endorse any opinions, conclusions or other information in this message that do not relate to the official business of the company or its subsidiaries. **********************************************************
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
