I put Geert's explanation of the various pieces of the authentication
system up on the Wiki. But I have a question. Actually a lot more than
one but I'll start small.
Geert Bevin wrote:
Now RIFE also has a collection of authorization features that rely on
Credentials and a CredentialsManager. Credentials are actually an
empty interface, they can contain anything, as long as the associated
CredentialsManager is able to verify if they are correct and return a
user ID.
I don't think the statement "Credentials are actually an empty
interface" is true. Well, it is *literally* true; the Credentials
interface itself is empty. But it extends the Validated interface, which
requires implementing a whole lot of methods that aren't necessarily
relevant to arbitrary user-supplied credentials. For example, if your
site uses an outside single-sign-on service, it never needs to present a
login form to the user, and so never needs to do input validation on the
user's credentials.
To what extent can those methods just be implemented as stubs to keep
the compiler happy?
I think it would be swell if Credentials really was an empty interface
as described. Any reason it can't stop subclassing Validated, if the
RIFE classes that currently implement Credentials are also made to
implement Validated explicitly?
-Steve
_______________________________________________
Rife-users mailing list
[email protected]
http://lists.uwyn.com/mailman/listinfo/rife-users
