Re: svn commit: r644407 - in /lenya/branches/branch_1_2_x_shibboleth/src: java/org/apache/lenya/ac/shibboleth/ webapp/lenya/resources/i18n/

Fri, 04 Apr 2008 08:37:18 -0700 

Andreas Hartmann wrote:
> Jann Forrer schrieb:
>> Hi Andreas
>>
>> [ ... ]
>>> @@ -193,16 +200,17 @@
>>>              }
>>>              identity.removeIdentifiable(oldUser);
>>>          }
>>> -        identity.addIdentifiable(new TransientUserReference(user));
>>> +        identity.addIdentifiable(new ShibbolethUserReference(user));
>>>          if (getLogger().isDebugEnabled()) {
>>>              getLogger().debug("Adding user [" + user + "] to
>>> identity.");
>>>          }
>>>      }
>>>  
>> Do you think it make sense to pass the type of UserReference
>> (TransientUserReference, ShibbolsethUserRefernce, ....) as a parameter
>> to the updateIdentity method?
>> The reason is ask is: I extended the ShibbolethAuthenticator class
>> adding a authenticateLdapUser method in order to authenticate ldap user
>> which are not defnied in the cms. Within this method I also use the
>> updateidenty method of the super class.
> 
> If you need this functionality, IMO it would make sense to introduce a
> cascade of authenticators. The Java class hierarchy is not flexible
> enough to handle such cases.
> 
> DefaultAccessController:
> 
>     public boolean authenticate(Request request, ErrorHandler handler)
>             throws AccessControlException {
> 
>         assert request != null;
>         boolean authenticated = false;
>         Authenticators[] authenticators = getAuthenticators();
>         int i = 0;
>         while (!authenticated) {
>             authenticated = authenticators[i].authenticate(
>                 getAccreditableManager(), request, handler);
>             i++;
>         }
>         return authenticated;
>     }
> 
> Would this meet your requirements?
>
I think yes. But does it make sense to have inheritance within the
authenticators like:

      AbstractTransientUserAuthenticator
          ¦                       ¦
          ¦                       ¦
ShibbolethAuthenticator       LdapAuthenticator

because Authenticators for Transient-User have a lot in common.

and there could be something similar for User defined in the system like:

       AbstractFileAuthenticator
           ¦                  ¦
           ¦                  ¦
SomeFileAuthenticator    SomeOtherFileAuthenticator



> 
>> However In the ldap case i don't need to add a ShibbolethUserReference
>> but a TransientUserReference to the identity.
> 
> In this case I'd rather introduce the method
> 
>   ShibbolethAuthenticator.createReference(User user);
> 
> 
Ok, I will try it. Thanks for the pointers.

Jann

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to