jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Meschberger <fmesc...@gmail.com>
Subject Re: Enhancement to the TokenBasedAuthentication
Date Thu, 24 Feb 2011 11:21:54 GMT
Hi,

Am Mittwoch, den 23.02.2011, 08:57 +0100 schrieb Angela Schreiber: 
> hi felix
> 
> > It would be nice if it would be possible to update the optional
> > properties by supplying new/changed ones in subsequent logins using
> > TokenCredentials.
> 
> that should be feasible... although i am a bit concerned about
> the updating as additional write operations upon login should from
> my point of view be as limited as possible.... anyway... will give
> it a try and write some information output into the log that
> allows us to track those updates for reconsideration later on.

Cool thanks. 

Regards
Felix

> 
> regards
> angela
> > For example:
> >
> >     TokenCredentials t = new TokenCredentials(token);
> >     t.setAttribute(attr2, attr2Value);
> >     Session s = repository.login(t);
> >     assert(attr2Value.equals(s.getAttribute(attr2)));
> >     s.logout();
> >
> >     TokenCredentials t2 = new TokenCredentials(token);
> >     Session s2 = repository.login(t2);
> >     assert(attr2Value.equals(s2.getAttribute(attr2)));
> >     s2.logout();
> >
> >
> > Regards
> > Felix
> >
> > Am Dienstag, den 22.02.2011, 10:51 +0100 schrieb Angela Schreiber:
> >> hi felix
> >>
> >>> On creation of the token all SimpleCredentials attributes are copied to
> >>> the token node. These attributes must be matched on subsequent requests
> >>> with attributes from the TokenCredentials object supplied.
> >>
> >> not quite... all attributes are stored in the node but only those
> >> marked as required attributes (having a leading '.token' will be
> >> used for validation upon a subsequent login.
> >>
> >>>     * Attributes are either optional or mandatory. Optional attributes
> >>>       present in the SimpleCredentials object are just stored in the
> >>>       token node but are not matched on subsequent requests. Mandatory
> >>>       attributes must be existing as secondary validation mechanisms
> >>>       in subsequent requests.
> >>
> >> see above
> >>
> >>>     * When creating the Session from the SimpleCredentials (on first
> >>>       access creating the token) only the optional attributes (plus the
> >>>       token value of course) are copied to the Session attributes. The
> >>>       mandatory attributes are not copied.
> >>
> >> makes sense... i will add that.
> >>
> >>>     * When creating the Session from the TokenCredentials (on subsequent
> >>>       access validating the supplied token and mandatory attributes) the
> >>>       optional attributes stored in the token node are copied to the
> >>>       Session attributes while (again) the mandatory attributes are not
> >>>       copied.
> >>
> >> same here.
> >>
> >>> This allows for preventing to leak mandatory attributes into the Session
> >>> but also allows for using the token node as a temporary store for
> >>> informational attributes.
> >>
> >> thanks for the review!
> >> angela
> >>
> >
> >



Mime
View raw message