Hi Stephan,
Stephan Koops wrote:
Hi Bruno,
I think, in the context of wider refactorisation of authentication and
authorisation, that authentication should provided a Principal when a
client has been authenticated (and perhaps a default guest principal
when no one has, like jGuard does, but that's a different matter).
why not use null as "guest principal"? What is the advantage of an
object for it?
I don't think it's very significant. I was simply referring to what
jGuard does:
http://jguard.xwiki.com/xwiki/bin/view/Doc/Faq#HAccessFilterautomaticallytriestologmeinas27guest27Whyshouldtherebea22default22userinjGuard3FIsn27tthatasecurityissue3F
Best wishes,
Bruno.
