Craig Berry wrote:
> > It would be great if you made changes to User/UserFactory and to the
> current
> > TurbineUser implementation to take advantage of the new validation scheme.
> > Create diffs against the cvs version (use cvs diff -u) and post them to
> > the list. We'll discuss them, and if agreement is reached, I'll check them
> > in for you. Sounds good?
>
> Sounds great. Proposed diffs follow; comments are welcome. Rafal, please
> keep me in the loop if/when you check this stuff in. And thanks again!
Your changes look good! I had a bit of problems with the patch though, because
it got wrapped in your mail client. Please remember to set line wrapping to
a very high value when sending diffs.
I made a few changes to TurbineUser:
1. password encryption is handled by a separate method 'String encryptPassword(String
password)'.
2. password gets encrypted in 'retrieveFromStorage( String unsername, String password
) not
in 'validate()', because it would try re-encrypting the password on the second call
of
validate, wich would obviusly result in wrong value (not to mention extra
computation time :)).
3. passwor will get encrypted in 'setPassword(String password)' method. The encrypted
passwords
must somehow appear in the DB, don't they?
I tested this on my own instalation (insecure/secure passwords) and it everything
seems to
be working fine.
All the changes has been checked into the CVS.
I think that the next step should be deciding on the structure of the data that we
want to keep in the directory (objects, classes, attributes). I posted a very skeletal
proposal lately. I hope to get one of our LDAP guys to write some .ldiffs for us
this week. Maybe you have some written?
Then we could proceed to writing User and AccessControlBuilder implementations.
I noticed the following problem we will have to deal with.
User administration application requires retrieving User objects from
storage to manipulate them. This is done using UserFactory.getUser( int VISITORID );
Implementing this methdod (and getUser( String LOGINID) that is curently unused)
using LDAP backen will require authenticating to the server as someone else
(system administrator?) to retrieve this data.
Right of the top of my head, I'd suggest that retrieveFromStorage(String,String) should
check if the second arg is null, and them use authentication info contained in
TurbineResources.properties (we store DB username & password there, so it should
be no problem).
Rafal
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
