Return-Path: Delivered-To: apmail-jackrabbit-dev-archive@www.apache.org Received: (qmail 64567 invoked from network); 22 Feb 2011 09:52:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 22 Feb 2011 09:52:13 -0000 Received: (qmail 82316 invoked by uid 500); 22 Feb 2011 09:52:12 -0000 Delivered-To: apmail-jackrabbit-dev-archive@jackrabbit.apache.org Received: (qmail 81937 invoked by uid 500); 22 Feb 2011 09:52:09 -0000 Mailing-List: contact dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list dev@jackrabbit.apache.org Received: (qmail 81930 invoked by uid 99); 22 Feb 2011 09:52:08 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Feb 2011 09:52:08 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of anchela@adobe.com designates 64.18.1.27 as permitted sender) Received: from [64.18.1.27] (HELO exprod6og111.obsmtp.com) (64.18.1.27) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Feb 2011 09:51:59 +0000 Received: from source ([193.104.215.16]) by exprod6ob111.postini.com ([64.18.5.12]) with SMTP ID DSNKTWOHKp9QQNPCWrCmsDsbuKpNHJpvdGeC@postini.com; Tue, 22 Feb 2011 01:51:39 PST Received: from inner-relay-1.corp.adobe.com (inner-relay-1.corp.adobe.com [153.32.1.51]) by outbound-smtp-2.corp.adobe.com (8.12.10/8.12.10) with ESMTP id p1M9pbjX027160 for ; Tue, 22 Feb 2011 01:51:37 -0800 (PST) Received: from nacas01.corp.adobe.com (nacas01.corp.adobe.com [10.8.189.99]) by inner-relay-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id p1M9pXdP029126 for ; Tue, 22 Feb 2011 01:51:36 -0800 (PST) Received: from eurcas01.eur.adobe.com (10.128.4.27) by nacas01.corp.adobe.com (10.8.189.99) with Microsoft SMTP Server (TLS) id 8.3.137.0; Tue, 22 Feb 2011 01:51:36 -0800 Received: from Angela.local (10.131.197.91) by eurcas01.eur.adobe.com (10.128.4.111) with Microsoft SMTP Server id 8.3.137.0; Tue, 22 Feb 2011 09:51:13 +0000 Message-ID: <4D638710.2040800@adobe.com> Date: Tue, 22 Feb 2011 10:51:12 +0100 From: Angela Schreiber User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.11) Gecko/20101013 Thunderbird/3.1.5 MIME-Version: 1.0 To: "dev@jackrabbit.apache.org" Subject: Re: Enhancement to the TokenBasedAuthentication References: <1298282854.4515.200.camel@meschbix> In-Reply-To: <1298282854.4515.200.camel@meschbix> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit hi felix > On creation of the token all SimpleCredentials attributes are copied to > the token node. These attributes must be matched on subsequent requests > with attributes from the TokenCredentials object supplied. not quite... all attributes are stored in the node but only those marked as required attributes (having a leading '.token' will be used for validation upon a subsequent login. > * Attributes are either optional or mandatory. Optional attributes > present in the SimpleCredentials object are just stored in the > token node but are not matched on subsequent requests. Mandatory > attributes must be existing as secondary validation mechanisms > in subsequent requests. see above > * When creating the Session from the SimpleCredentials (on first > access creating the token) only the optional attributes (plus the > token value of course) are copied to the Session attributes. The > mandatory attributes are not copied. makes sense... i will add that. > * When creating the Session from the TokenCredentials (on subsequent > access validating the supplied token and mandatory attributes) the > optional attributes stored in the token node are copied to the > Session attributes while (again) the mandatory attributes are not > copied. same here. > This allows for preventing to leak mandatory attributes into the Session > but also allows for using the token node as a temporary store for > informational attributes. thanks for the review! angela