jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: Enhancement to the TokenBasedAuthentication
Date Tue, 22 Feb 2011 09:51:12 GMT
hi felix

> On creation of the token all SimpleCredentials attributes are copied to
> the token node. These attributes must be matched on subsequent requests
> with attributes from the TokenCredentials object supplied.

not quite... all attributes are stored in the node but only those
marked as required attributes (having a leading '.token' will be
used for validation upon a subsequent login.

>    * Attributes are either optional or mandatory. Optional attributes
>      present in the SimpleCredentials object are just stored in the
>      token node but are not matched on subsequent requests. Mandatory
>      attributes must be existing as secondary validation mechanisms
>      in subsequent requests.

see above

>    * When creating the Session from the SimpleCredentials (on first
>      access creating the token) only the optional attributes (plus the
>      token value of course) are copied to the Session attributes. The
>      mandatory attributes are not copied.

makes sense... i will add that.

>    * When creating the Session from the TokenCredentials (on subsequent
>      access validating the supplied token and mandatory attributes) the
>      optional attributes stored in the token node are copied to the
>      Session attributes while (again) the mandatory attributes are not
>      copied.

same here.

> This allows for preventing to leak mandatory attributes into the Session
> but also allows for using the token node as a temporary store for
> informational attributes.

thanks for the review!

View raw message