[magnolia-dev] [JIRA] Created: (MAGNOLIA-1522) Impement configurable authentication/callback mechanism together with LoginFilter

Wed, 09 May 2007 10:28:14 -0700 

Impement configurable authentication/callback mechanism together with 
LoginFilter 
----------------------------------------------------------------------------------

                 Key: MAGNOLIA-1522
                 URL: http://jira.magnolia.info/browse/MAGNOLIA-1522
             Project: Magnolia
          Issue Type: Improvement
          Components: security
    Affects Versions: 3.1 M1
            Reporter: Sameer Charles
         Assigned To: Sameer Charles
             Fix For: 3.1 M2


Current problem:
  - whenever we have to handle additional login method (Basic, Form, etc..) we 
add this in SecurityFilter making it impossible to introduce new method 
    without touching existing code base.

thoughts:
1) 
Implement LoginFilter responsible for login based on configred login handlers, 
something like
                         server->filters->login
                                                              -> auth
                                                                          -> 
Basic    - "implementing class"
                                                                          -> 
Form     - "implementing class"
                                                                          -> 
NTLM   - "implementing class"
     
    - Login filter will simply delegate to these handlers, one or more handlers 
can accept this request and perform login, this will allow to replace/add any
      custom method without touching magnolia code, also if needed you can 
login to other applications together with magnolia login (although this 
      can be solved in different ways)

2) 
Introduce "ClientCallback" as a property of SecurityFilter (any securityfilter 
extended from BaseSecurity)
  
                       server->filters->URISecurityFilter
                                                              -> callback      
- "implementing class"
  
    -  callback will tell the SecurityFilter what to do in case you are not 
Authorized, you can have callback which does "something" or a callback
       which sends a login form to the client or a one which sends an error.


I started working on this, if you have any suggestions or if you can see 
potential problems please let me know.



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/developer.html
----------------------------------------------------------------

Reply via email to