Hi, Thanks alot. One other use case just occurred to me today:
It would be nice if it would be possible to update the optional properties by supplying new/changed ones in subsequent logins using TokenCredentials. For example: TokenCredentials t = new TokenCredentials(token); t.setAttribute(attr2, attr2Value); Session s = repository.login(t); assert(attr2Value.equals(s.getAttribute(attr2))); s.logout(); TokenCredentials t2 = new TokenCredentials(token); Session s2 = repository.login(t2); assert(attr2Value.equals(s2.getAttribute(attr2))); s2.logout(); Regards Felix Am Dienstag, den 22.02.2011, 10:51 +0100 schrieb Angela Schreiber: > hi felix > > > On creation of the token all SimpleCredentials attributes are copied to > > the token node. These attributes must be matched on subsequent requests > > with attributes from the TokenCredentials object supplied. > > not quite... all attributes are stored in the node but only those > marked as required attributes (having a leading '.token' will be > used for validation upon a subsequent login. > > > * Attributes are either optional or mandatory. Optional attributes > > present in the SimpleCredentials object are just stored in the > > token node but are not matched on subsequent requests. Mandatory > > attributes must be existing as secondary validation mechanisms > > in subsequent requests. > > see above > > > * When creating the Session from the SimpleCredentials (on first > > access creating the token) only the optional attributes (plus the > > token value of course) are copied to the Session attributes. The > > mandatory attributes are not copied. > > makes sense... i will add that. > > > * When creating the Session from the TokenCredentials (on subsequent > > access validating the supplied token and mandatory attributes) the > > optional attributes stored in the token node are copied to the > > Session attributes while (again) the mandatory attributes are not > > copied. > > same here. > > > This allows for preventing to leak mandatory attributes into the Session > > but also allows for using the token node as a temporary store for > > informational attributes. > > thanks for the review! > angela >
