Hi
Of course current version of user factory have bad assumption.
In order to perform validation in LDAP server we must pass creditensials to
LDAP server BEFORE we gat access to user object.
In my initial implementation , I've modified UserFactory and User class
interface to send password to retrieveFromStorage method.
public static User getUser( String username, String password )
throws LoginFailedException
{
String userClassName = TurbineResources.getString("user.class",
"org.apache.turbine.om.user.TurbineUser");
User user = null;
try {
return user =
((User)Class.forName(userClassName).newInstance()).retrieveFromStorage(
username, password );
+1 to change current model.
Grzegorz Czuba
PS: I am currently working in the same area.
-----Original Message-----
From: Craig Berry [mailto:[EMAIL PROTECTED]]
Subject: Moving user validation into User interface from UserFactory class
I'm in the process of trying to adapt Turbine to use LDAP rather than SQL to
store
user information. As part of this process, I need to use LDAP
authentication to
confirm username and password; this process involves presenting the password
to the
LDAP server, rather than retrieving the password and comparing it on the
client side.
Unfortunately, the current user authentication scheme puts the
validateUser(user, pwd) method in UserFactory, and builds in the assumption
that the password is retrieved and
compared. If this were replaced with a User.validate() method taking no
arguments,
derived, specialized user classes could handle their own validation in any
desired way
without requiring changes to the Turbine base code. This would seem to be a
better
compartmentalization of design.
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
