Return-Path: Delivered-To: apmail-mina-dev-archive@www.apache.org Received: (qmail 58304 invoked from network); 13 Nov 2009 17:29:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 13 Nov 2009 17:29:05 -0000 Received: (qmail 45409 invoked by uid 500); 13 Nov 2009 17:29:05 -0000 Delivered-To: apmail-mina-dev-archive@mina.apache.org Received: (qmail 45352 invoked by uid 500); 13 Nov 2009 17:29:04 -0000 Mailing-List: contact dev-help@mina.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@mina.apache.org Delivered-To: mailing list dev@mina.apache.org Received: (qmail 45342 invoked by uid 99); 13 Nov 2009 17:29:04 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Nov 2009 17:29:04 +0000 X-ASF-Spam-Status: No, hits=-6.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of sop@google.com designates 216.239.45.13 as permitted sender) Received: from [216.239.45.13] (HELO smtp-out.google.com) (216.239.45.13) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Nov 2009 17:29:02 +0000 Received: from wpaz17.hot.corp.google.com (wpaz17.hot.corp.google.com [172.24.198.81]) by smtp-out.google.com with ESMTP id nADHSf62029750 for ; Fri, 13 Nov 2009 09:28:41 -0800 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1258133322; bh=LaOm1HH24Dt4JNAyZd2ngsV/JDE=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Content-Type:Content-Transfer-Encoding; b=TjaGiS44o9RuDmUNvXFtsE4NH70I2qRIkY5AV6Pt1Ru8d5k3vqQnxaCap59YCYmVD HgkkeR7nOMpjFwrSMHlpA== DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:from:date:message-id: subject:to:content-type:content-transfer-encoding:x-system-of-record; b=YxV3dgsvC+TRU40IPjYJvT9FykbOWWS2pWTvm2TG9y+i1NlDUuz//1rXJxPKAWaGw SoT/Zee41tx0HkcgZAGcg== Received: from pwi15 (pwi15.prod.google.com [10.241.219.15]) by wpaz17.hot.corp.google.com with ESMTP id nADHSOeq007459 for ; Fri, 13 Nov 2009 09:28:38 -0800 Received: by pwi15 with SMTP id 15so2140580pwi.4 for ; Fri, 13 Nov 2009 09:28:38 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.133.4 with SMTP id g4mr244127rvd.287.1258133318045; Fri, 13 Nov 2009 09:28:38 -0800 (PST) In-Reply-To: References: <4AEB3E2A.8070906@fifthhorseman.net> <1cc472780911130700j200442dr692825f67eedbc90@mail.gmail.com> From: Shawn Pearce Date: Fri, 13 Nov 2009 09:28:18 -0800 Message-ID: <1cc472780911130928h2933158chd26ecc7649f81d84@mail.gmail.com> Subject: Re: symmetry of pluggable authentication classes? To: dev@mina.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-System-Of-Record: true On Fri, Nov 13, 2009 at 09:08, Guillaume Nodet wrote: > Yeah, it may make more sense to always return a boolean then. =A0Wdyt ? I think boolean makes more sense as a return, its the result of the authentication operation, "true" they are permitted, "false" they are not. If the authenticator cares about attaching more than the username to the session for downstream usage, its got the session available to do that with an Attribute. If it doesn't, it can happily ignore the whole mess and simply return its status. Returning Object is a bit sloppy, we are overloading null to mean "I hate you go away", and the return type isn't type safe. E.g. its easy to make your PasswordAuthenticator return a different type of user data than your PublicKeyAuthenticator, and downstream get surprised when one type of authentication results in an unexpected ClassCastException. The Attribute stuff on ServerSession tries to reduce the chances of that sort of runtime surprise. (Though it does nothing to ensure both authenticators actually populated the Attributes your downstream code cares about.) > Btw, I've done quite a bit of refactoring on the shell / commands > interfaces, so it will break any existing app (though the changes are > quite easy to do). Yea, I've noticed. Shouldn't take me long to update, I just haven't had the time to pick up a newer snapshot from trunk. Minor API breakages are an accepted risk for using a project still under active development. :-)