Hi guys,
yesterday, we had an interesting convo with Antoine, about the
definition of a dedicated Authenticator, and how to configure it.
First, the Authenticator interface can be implemented but it's probably
a better idea to extend the AbstractAuthenticator, as it brings some
references to teh underlying DirectoryService for free, plus some
default implementations to init and dispose the Authenticator. One thing
to take care of is the PasswordPolicy which can be enabled or disabled.
We have to determinate the best way to deal with this service.
Another aspect is the Authenticator configuration : how to inject it and
have it available when the server is stopped and restarted? The solution
is probably to extend the existing configuration, which is based on the
DIT. That means defining a specific Bean, plus the associated OC and AT.
We have to think about it, and I would suggest we try to write a
prototype that demonstrates the way to extend the configuration. It has
to be documented, as the Authenticator is an extension point.
I'm pretty sure it's not such a big deal, but we need time, and we have
littel :) I would suggest we follow closely Antoine's effort and try to
leverage what he is doing to improve the server *and* the documentation...
Thanks !
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
