Hi Fabio, > I agree with you. > > In this case I'd follow the steps below: > 1. authenticate the third party application with an administrator (or user > with USER_READ capability) > 2. verify password by calling the method verifyPassword provided by the > userController > > What do you think about?
Could we add a duplicate verifyPassword method to UserController that takes the username/password instead of userId/password? The latter requires the application to find the user Id first and then check the password, whereas the former only requires one step to accomplish third-party authentication. Colm. On Fri, Mar 30, 2012 at 2:17 PM, Fabio Martelli <[email protected]> wrote: > > Il giorno 30/mar/2012, alle ore 15.09, Colm O hEigeartaigh ha scritto: > >> Hi Fabio, >> >>> Further, you have the method verifyPassword provided by UserController that >>> could be used to verify userid/password. >>> This method, for security reason can be called only by a user with USER_READ >>> capability. >> >> Consider the use-case as mentioned by Bob, where you have a third >> party application which receives login credentials and wishes to >> authenticate the user, and retrieve the roles associated with that >> user for authorization. If the application logs on with the received >> username/password, then it is assuming that the given user has a >> USER_READ entitlement. IMO the application would log on with its own >> credentials, and wish to authenticate the given username/password via >> some kind of "authenticateUser" method as I mentioned before. >> >> Do you see a use-case for this kind of functionality or am I missing >> something? > > I agree with you. > > In this case I'd follow the steps below: > 1. authenticate the third party application with an administrator (or user > with USER_READ capability) > 2. verify password by calling the method verifyPassword provided by the > userController > > What do you think about? > >>> Actually users have only the roles explicitly assigned. >> >> The question is whether it is possible to easily retrieve the >> hierarchy of roles for a particular user (or the authenticated user)? >> >> Thanks, >> >> Colm. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
