jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Meschberger <fmesc...@adobe.com>
Subject Enhancement to the TokenBasedAuthentication
Date Mon, 21 Feb 2011 10:07:34 GMT
Hi all,

JCR-2851 introduced token based authentication support which allows for
password-less access if only a known token is available.

On creation of the token all SimpleCredentials attributes are copied to
the token node. These attributes must be matched on subsequent requests
with attributes from the TokenCredentials object supplied.

I propose to extend the attribute support as follows:

  * Attributes are either optional or mandatory. Optional attributes
    present in the SimpleCredentials object are just stored in the
    token node but are not matched on subsequent requests. Mandatory
    attributes must be existing as secondary validation mechanisms
    in subsequent requests.

  * When creating the Session from the SimpleCredentials (on first
    access creating the token) only the optional attributes (plus the
    token value of course) are copied to the Session attributes. The
    mandatory attributes are not copied.

  * When creating the Session from the TokenCredentials (on subsequent
    access validating the supplied token and mandatory attributes) the
    optional attributes stored in the token node are copied to the
    Session attributes while (again) the mandatory attributes are not
    copied.

This allows for preventing to leak mandatory attributes into the Session
but also allows for using the token node as a temporary store for
informational attributes.

WDYT ?

Regards
Felix


Mime
View raw message