In the HTTPAuthentication example, there are
two distinct steps in credentials validation:
1) RoleUser credentials = new RoleUser(username, password, role);
if (credentials.validate()) { [..]
This validates the constraints of the credentials bean instance.
2) long userid = MemoryUsers.getRepInstance().verifyCredentials
(credentials);
if (userid >= 0) { [..]
This verifies the credentials according to what's available in the
back-end and returns the userid.
Apparently step 1 only makes simple checks about
the existence of arguments, while step 2 performs
the actual check of the username+password combo ?
--
Geert Bevin Uwyn bvba
"Use what you need" Avenue de Scailmont 34
http://www.uwyn.com 7170 Manage, Belgium
gbevin[remove] at uwyn dot com Tel +32 64 84 80 03
PGP Fingerprint : 4E21 6399 CD9E A384 6619 719A C8F4 D40D 309F D6A9
Public PGP key : available at servers pgp.mit.edu, wwwkeys.pgp.net
_______________________________________________
Rife-users mailing list
[email protected]
http://www.uwyn.com/mailman/listinfo/rife-users
