On Sat, Feb 14, 2009 at 3:05 PM, Ashish <[email protected]> wrote: > 1. We have marker(empty) interfaces for > Authentication/AuthorizationRequest. Couldn't guess the reason why > they are empty?
Authentication serves as the interfaces passed to the UserManager, since the actual implementation is up to the user manager, it does not contain any methods. This might be a bit to generic (as been discussed before on this list) since FTP almost always uses username/password or anon. But, once we had a X509 based Authentication. AuthorizationRequest is pretty much the same thing, it's implementations are only to be understood by the corresponding Authority. > 2. Authority interface has functions, that pertain to Authorization. > The interface should have the Role given to the User? Not sure I understand the question. Authority populates an AuthorizationRequest which can give a user a role (or write permission, or whatever is needed) if that's what we want (we do not currently have roles, but the interfaces would certainly allow for such an implementation). > Have just finished an Authentication implementation using Spring > Security and wanted to see how well it gels with FtpServer. > > The idea is to have authentication and authorization delegated to > Spring Security infrastructure to have use > load of features already built-in (including ADS support). Should be very much doable, feel free to get back with your results :-) /niklas
