Roberto S�nchez (QO) wrote: > Hi, > > One question: > If the interface "User" hasn't a method to get the user's > password, How can I add to my repository a new user with the > correct password ? The interface UsersRepository has the > method: "boolean addUser(User user)", the only reference to > the user's data is an interface "User".
The User interface has no knowledge of how your repository maintains security, or even if it does! > In other implementations of UserRepository, it is done a cast > to "DefaultUser" to use the method "getHashedPassword()" > > For example in > org.apache.james.userrepository.DefaultUsersJdbcRepository#set > UserForInsertStatement(User user, ...) > DefaultUser defUser = (DefaultUser)user; > ... > userInsert.setString(3, defUser.getHashedPassword()); > > What do you think about to include the method > "getHashedPassword()" in "User" interface ? I don't think it would be a good idea to force implementations of User to make their passwords accessable via a public method, hashed or otherwise. > Is it correct to do a cast to a class from an interface ? I > think this generate a dependency between RemoteManager and > Users Repositories then the interface "UserRepository" itsn't > sufficient to determine the "contract" for the Users > repository implementation. Is that correct ? The pragmatic approach taken currently is to say that only one type of UserRepository is concurrently supported, so it is safe to cast. It would be possible to refactor and use polymorphism to avoid this, but that isn't strictly neccesary when there is only ever one type of reposoitory involved. -- Steve --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
