Hello again!
I have run into a new exciting challenge, concerning a realm i need to
build for authentication and authorization.
Basically, i need create a realm, which performs both authN and authZ
against a rest service. The challenge is that there is no "superuser"
credentials i can use. So i will be performing authN/Z towards the service
with the users actual authentication token.
So basically, the authorization will be performed by retrieving the
subjects own "User" object, via a REST service, using the users actual
username and password as authentication towards the REST service.
The problem i have run into is that the two methods used for this are
discrete:
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals) {
}
@Override
protected AuthenticationInfo
doGetAuthenticationInfo(AuthenticationToken token) throws
AuthenticationException {
}
During the call doGetAuthenticationInfo, i have the token as provided by
the user, so i can actually login. but during doGetAuthorizationInfo, i
only have the PrincipalCollection. Since i no longer have access to the
password, i can't contact the REST service again and get the rest of the
data.
So my question is: What is the smartest way to handle this?
The first idea, which i quickly skipped over, was to save the password
inside the PrincipalCollection, but that would be terrible.
Another idea i had was to pull out both authentication and authorization
data on the authN action, and then cache it for the authZ action. But that
does seem like it might return stale data in some cases.
Do you guys have any sleeker ways of handling the issue, maybe even
firsthand experience?
Thanks in advance
-Martin
