db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-3335) Allow UserAuthenticator.authenticateUser to work with authorization identifiers and not user name.
Date Fri, 18 Jan 2008 21:20:34 GMT
Allow UserAuthenticator.authenticateUser to work with authorization identifiers and not user
name.
--------------------------------------------------------------------------------------------------

                 Key: DERBY-3335
                 URL: https://issues.apache.org/jira/browse/DERBY-3335
             Project: Derby
          Issue Type: Improvement
          Components: Security
            Reporter: Daniel John Debrunner
            Priority: Minor


Add a new method to UserAuthenticator that allows the authentication scheme to request that
the user name passed into authenticateUser is an authentication identifier. This would absolve
authentication schemes from each implementing the mapping from user name to authorization
identifier. Implementing the logic in each scheme is pointless and subject to errors if a
different set of rules is implemented by the scheme (say by a coding bug).

Signature could be

/**
  Return true if the identifier argument to authenticateUser is to represent an authorization
identifier,
   false if it is to represent the user name.

   Note the identifier argument passed into authenticateUser  is provided by the database
engine.

   @since 10.x  If this method does exist then a return of false is assumed.
*/
public boolean authenticateUsingAuthorizationId();

The first argument to authenticateUser would change for userName to identifier with appropriate
comment changes.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message