mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn Pearce <...@google.com>
Subject Re: symmetry of pluggable authentication classes?
Date Fri, 13 Nov 2009 17:28:18 GMT
On Fri, Nov 13, 2009 at 09:08, Guillaume Nodet <gnodet@gmail.com> wrote:
> Yeah, it may make more sense to always return a boolean then.  Wdyt ?

I think boolean makes more sense as a return, its the result of the
authentication operation, "true" they are permitted, "false" they are
not.  If the authenticator cares about attaching more than the
username to the session for downstream usage, its got the session
available to do that with an Attribute.  If it doesn't, it can happily
ignore the whole mess and simply return its status.

Returning Object is a bit sloppy, we are overloading null to mean "I
hate you go away", and the return type isn't type safe.  E.g. its easy
to make your PasswordAuthenticator return a different type of user
data than your PublicKeyAuthenticator, and downstream get surprised
when one type of authentication results in an unexpected
ClassCastException.  The Attribute stuff on ServerSession tries to
reduce the chances of that sort of runtime surprise.  (Though it does
nothing to ensure both authenticators actually populated the
Attributes your downstream code cares about.)

> Btw, I've done quite a bit of refactoring on the shell / commands
> interfaces, so it will break any existing app (though the changes are
> quite easy to do).

Yea, I've noticed.  Shouldn't take me long to update, I just haven't
had the time to pick up a newer snapshot from trunk.  Minor API
breakages are an accepted risk for using a project still under active
development.  :-)

View raw message