Hi +1 for Tommaso's suggestion.
cheers tsuy On Tue, Mar 29, 2011 at 10:00 AM, Tommaso Teofili <[email protected]> wrote: > I'd like more to have separate methods, not to pass over the String > returning one; for example exposing: > AuthenticationMethod.authenticateWithSubject(Request request) > which returns a Subject sounds good to me. > Cheers, > Tommaso > > 2011/3/29 Henry Story <[email protected]> > >> >> currently AuthenticationMethod.authenticate(Request request) returns >> String >> >> It would make more sense if it could return a Subject [1]. This would >> allow the object returned to be a lot richer. For example >> >> (a) A Subject can contain a number of credentials and a number of >> Principals. Each principal would >> be a WebID. Some WebIDs might take time to be verified, so they could >> appear in the Subject at a >> later time. >> >> (b) A Subject can also contain credentials. In fact X509 certificates >> should be the prototypical public credential. >> >> (c) Credentials can be any object, but clearly one could wrap an >> X509certificate with an isCurrent() method to test if the certificate is >> still valid. It would also allow X509certs to be destroyed, which could then >> perhaps throw TLS exceptions... to be looked into. >> >> >> Question: How does TLS authentication relate to the LoginContext? It seems >> that it works for Kerberos >> >> >> http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html >> >> >> Henry >> >> [1] >> http://download.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html#Subject >> >> >> Social Web Architect >> http://bblfish.net/ >> >> > -- --trialox ag-------------------------------------- Tsuyoshi Ito Binzmuehlestrasse 14 CH-8050 Zürich Tel. +41 44 635 75 77 URL: http://trialox.org
