directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: bind operation and interceptors
Date Thu, 25 Apr 2013 10:21:40 GMT
On Thu, Apr 25, 2013 at 2:44 PM, Emmanuel Lécharny <elecharny@gmail.com>wrote:

> Le 4/24/13 6:00 PM, Emmanuel Lecharny a écrit :
> > hi guys,
> >
> > I was wondering if it makes sense at all to process the bind operation
> > through the interceptirs ? currently, we process it in the authn
> > interceptor, all the other interceptors just ignore the operation. Why
> > don't we handle this op in the bind handler ?
> >
>
> Let me explain a but further why I'm suggesting that (as I can now use a
> computer, and not a mobile phone...)
>
> Right now, a Bind is just a logical process that does not access the
> backend (ie, there is no Bind operation done on any partition).
> Basically, it's all about fetching the user's entry from the provided
> DN, and compare the password in it with the provided password. For
> external bind, it may be more ocmplex but again, it does not involve the
> partitions.
>
> The thing is we have two interceptors implementing the bind() operation :
> - NormalizationInterceptor : it normalize the user's DN
> - AuthenticationInterceptor : This is where we process the authentication
>
> having bind in interceptor will give control to the user when a custom
interceptor is
injected, except this I don't see any other advantages.
I know, we allow users to configure custom authenticator but the control
through an authenticator
is limited compared with the power of having access to the whole
interceptor chain
so, personally I like to have bind method in the interceptor

> We don't need to process the Bind in the NormalizationInterceptor, the
> DN is already normalized (actually, I removed the implementation in this
> class. It works like a charm without it).
>
>
> So the question is really to know if we should not process the bind in
> the OperationManager, as it's the entry point for any operation done in
> the DirectoryService. It would not be the only operation that would hav
> some pre-processing done in the OperationManager : for the add, compare,
> delete, modify, move, moveAndRename, rename, search operations, we
> pre-process referrals.
>
> That would also make the addition of new authenticator easier, as they
> will not depend on the AuthenticatorInterceptor configuration to be
> added : we can associate them to the DirectoryService configuration
> instead.
>
> so wdyt ?
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message