Am 14.06.2011 23:24, schrieb Sergey Beryozkin:
If we were to go with an interface like this then I'd propose to
combine the process of accumulating Principal and Roles info which is
what always happening AFAIK with the real systems. Authentication and
authorization are more often than not are done at different stages but
SecurityContext is populated in one go.
Thus I propose:
interface UserPasswordAuthenticationProvider {
SecurityContext authenticate(String userName, String password)
throws AuthenticationException;
}
or simply
SecurityContext authenticate(String userName, String password);
Sounds great. I think the variant without a special exception could be
enough. We can throw a RuntimeException
if the authentication fails. I would say SecurityContext should always
be populated completely (no two phases).
Christian
--
--
Christian Schneider
http://www.liquid-reality.de
Open Source Architect
Talend Application Integration Division http://www.talend.com
