Hi Craig, Sorry for the late response. Yes beefing up the authentication APIs would we a worthwhile task. I'd welcome a JIRA issue and a patch if you can work on one!
Regards, Florent 2010/1/28 Craig McClanahan <[email protected]>: > The ContentManager interface sports a login() method that takes a > username and password. This will fit in well with repositories that > use HTTP Basic authentication, but won't be quite as useful for HTTP > Digest, or any sort of single sign on environment (OpenID, OAuth, > etc.) where the client application that uses Chemistry might not > actually have a plaintext password for the calling user. > > In previous $JOB lives, when designing an API like this, I've > sometimes created another interface called Authenticator (with an > implementation HttpBasicAuthenticator, plus perhaps some others). > Then: > > * I would add a login(Authenticator authenticator) method to the > ContentManager interface -- I'd be fine with keeping the existing login() > method as well because HTTP Basic will likely be a common use case, > but it would not be strictly necessary). > > * The Authenticator instance would get a chance, just before the outbound > HTTP request is sent, to add whatever HTTP headers it needed for > the authentication mechanism it implements. > > * For completeness, Authenticator should also be able to receive some sort > of callback if a 401 is received (perhaps similar to the way Acegi Security > does this kind of thing). > > Would something like this be of interest to the Chemistry developers? > If so, I can add a JIRA issue and take a crack at a patch to add this > feature. > > Craig McClanahan > > PS: In my current role, I'm evaluating how to integrate our company's > application (Jive SBS) more closely with various CMS environments, and > CMIS (and therefore Chemistry) looks like it might be a good long term > strategy. > -- Florent Guillaume, Director of R&D, Nuxeo Open Source, Java EE based, Enterprise Content Management (ECM) http://www.nuxeo.com http://www.nuxeo.org +33 1 40 33 79 87
