Return-Path: Delivered-To: apmail-jackrabbit-dev-archive@www.apache.org Received: (qmail 53717 invoked from network); 23 Feb 2011 07:58:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 23 Feb 2011 07:58:51 -0000 Received: (qmail 58760 invoked by uid 500); 23 Feb 2011 07:58:51 -0000 Delivered-To: apmail-jackrabbit-dev-archive@jackrabbit.apache.org Received: (qmail 58482 invoked by uid 500); 23 Feb 2011 07:58:49 -0000 Mailing-List: contact dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list dev@jackrabbit.apache.org Received: (qmail 58475 invoked by uid 99); 23 Feb 2011 07:58:48 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Feb 2011 07:58:48 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of anchela@adobe.com designates 64.18.1.37 as permitted sender) Received: from [64.18.1.37] (HELO exprod6og116.obsmtp.com) (64.18.1.37) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Feb 2011 07:58:38 +0000 Received: from source ([192.150.11.134]) by exprod6ob116.postini.com ([64.18.5.12]) with SMTP ID DSNKTWS+FpXA3F/bfr7nU9JUhqGRpiueyuh1@postini.com; Tue, 22 Feb 2011 23:58:17 PST Received: from inner-relay-4.eur.adobe.com (inner-relay-4.adobe.com [193.104.215.14]) by outbound-smtp-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id p1N7vYKG007628 for ; Tue, 22 Feb 2011 23:57:35 -0800 (PST) Received: from nacas01.corp.adobe.com (nacas01.corp.adobe.com [10.8.189.99]) by inner-relay-4.eur.adobe.com (8.12.10/8.12.9) with ESMTP id p1N7wB1S002115 for ; Tue, 22 Feb 2011 23:58:12 -0800 (PST) Received: from eurcas01.eur.adobe.com (10.128.4.27) by nacas01.corp.adobe.com (10.8.189.99) with Microsoft SMTP Server (TLS) id 8.3.137.0; Tue, 22 Feb 2011 23:58:11 -0800 Received: from Angela.local (10.131.197.91) by eurcas01.eur.adobe.com (10.128.4.111) with Microsoft SMTP Server id 8.3.137.0; Wed, 23 Feb 2011 07:57:52 +0000 Message-ID: <4D64BE01.5030605@adobe.com> Date: Wed, 23 Feb 2011 08:57:53 +0100 From: Angela Schreiber User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.11) Gecko/20101013 Thunderbird/3.1.5 MIME-Version: 1.0 To: "dev@jackrabbit.apache.org" Subject: Re: Enhancement to the TokenBasedAuthentication References: <1298282854.4515.200.camel@meschbix> <4D638710.2040800@adobe.com> <1298377133.4515.772.camel@meschbix> In-Reply-To: <1298377133.4515.772.camel@meschbix> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org hi felix > It would be nice if it would be possible to update the optional > properties by supplying new/changed ones in subsequent logins using > TokenCredentials. that should be feasible... although i am a bit concerned about the updating as additional write operations upon login should from my point of view be as limited as possible.... anyway... will give it a try and write some information output into the log that allows us to track those updates for reconsideration later on. regards angela > For example: > > TokenCredentials t = new TokenCredentials(token); > t.setAttribute(attr2, attr2Value); > Session s = repository.login(t); > assert(attr2Value.equals(s.getAttribute(attr2))); > s.logout(); > > TokenCredentials t2 = new TokenCredentials(token); > Session s2 = repository.login(t2); > assert(attr2Value.equals(s2.getAttribute(attr2))); > s2.logout(); > > > Regards > Felix > > Am Dienstag, den 22.02.2011, 10:51 +0100 schrieb Angela Schreiber: >> hi felix >> >>> On creation of the token all SimpleCredentials attributes are copied to >>> the token node. These attributes must be matched on subsequent requests >>> with attributes from the TokenCredentials object supplied. >> >> not quite... all attributes are stored in the node but only those >> marked as required attributes (having a leading '.token' will be >> used for validation upon a subsequent login. >> >>> * Attributes are either optional or mandatory. Optional attributes >>> present in the SimpleCredentials object are just stored in the >>> token node but are not matched on subsequent requests. Mandatory >>> attributes must be existing as secondary validation mechanisms >>> in subsequent requests. >> >> see above >> >>> * When creating the Session from the SimpleCredentials (on first >>> access creating the token) only the optional attributes (plus the >>> token value of course) are copied to the Session attributes. The >>> mandatory attributes are not copied. >> >> makes sense... i will add that. >> >>> * When creating the Session from the TokenCredentials (on subsequent >>> access validating the supplied token and mandatory attributes) the >>> optional attributes stored in the token node are copied to the >>> Session attributes while (again) the mandatory attributes are not >>> copied. >> >> same here. >> >>> This allows for preventing to leak mandatory attributes into the Session >>> but also allows for using the token node as a temporary store for >>> informational attributes. >> >> thanks for the review! >> angela >> > >