+1 indeed thanks, Sergey
On Thu, Jun 16, 2011 at 4:33 PM, Christian Schneider <[email protected]> wrote: > Am 16.06.2011 16:21, schrieb Sergey Beryozkin: >> >> Also, CXF ships runtime AuthenticationException and >> AuthorizationException. So BasicAuthInterceptor >> can possibly check for both, provided a given UserNamePasswordProvider >> decides it needs to do the authorization as well, so may be >> UserNamePasswordProvider should also be provided with a current >> Message ? So that some impls can get whatever context info they need >> in order to proceed with the early authorization step...Method name >> can be enough, but paramers, client ip, etc, may be needed for a final >> decision... > > As Authorization is quite simple as you showed with the existing impls I > think we should rather not have the Authentication impl do authorization. I > am not sure if any more context info is needed for authentication too but I > think we could first start with only username and password and see when > someone really needs more. > > Christian > > -- > -- > Christian Schneider > http://www.liquid-reality.de > > Open Source Architect > Talend Application Integration Division http://www.talend.com > > -- Sergey Beryozkin Application Integration Division of Talend http://sberyozkin.blogspot.com
