[magnolia-dev] [JIRA] Resolved: (MAGNOLIA-1522) Impement configurable authentication/callback mechanism together with LoginFilter

Mon, 14 May 2007 02:10:45 -0700 

     [ http://jira.magnolia.info/browse/MAGNOLIA-1522?page=all ]

Sameer Charles resolved MAGNOLIA-1522.
--------------------------------------

    Resolution: Fixed

> Impement configurable authentication/callback mechanism together with 
> LoginFilter
> ---------------------------------------------------------------------------------
>
>                 Key: MAGNOLIA-1522
>                 URL: http://jira.magnolia.info/browse/MAGNOLIA-1522
>             Project: Magnolia
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.1 M1
>            Reporter: Sameer Charles
>         Assigned To: Sameer Charles
>             Fix For: 3.1 M2
>
>
> Current problem:
>   - whenever we have to handle additional login method (Basic, Form, etc..) 
> we add this in SecurityFilter making it impossible to introduce new method 
>     without touching existing code base.
> thoughts:
> 1) 
> Implement LoginFilter responsible for login based on configred login 
> handlers, something like
>                          server->filters->login
>                                                               -> auth
>                                                                           -> 
> Basic    - "implementing class"
>                                                                           -> 
> Form     - "implementing class"
>                                                                           -> 
> NTLM   - "implementing class"
>      
>     - Login filter will simply delegate to these handlers, one or more 
> handlers can accept this request and perform login, this will allow to 
> replace/add any
>       custom method without touching magnolia code, also if needed you can 
> login to other applications together with magnolia login (although this 
>       can be solved in different ways)
> 2) 
> Introduce "ClientCallback" as a property of SecurityFilter (any 
> securityfilter extended from BaseSecurity)
>   
>                        server->filters->URISecurityFilter
>                                                               -> callback     
>  - "implementing class"
>   
>     -  callback will tell the SecurityFilter what to do in case you are not 
> Authorized, you can have callback which does "something" or a callback
>        which sends a login form to the client or a one which sends an error.
> I started working on this, if you have any suggestions or if you can see 
> potential problems please let me know.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/developer.html
----------------------------------------------------------------

Reply via email to