jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Munteanu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OAK-6144) ExternalIdentity should have a method indicating if an identity is actually active
Date Fri, 02 Jun 2017 09:35:04 GMT

    [ https://issues.apache.org/jira/browse/OAK-6144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16034387#comment-16034387
] 

Robert Munteanu commented on OAK-6144:
--------------------------------------

[~baedke] - good news, glad to hear that it works

> ExternalIdentity should have a method indicating if an identity is actually active
> ----------------------------------------------------------------------------------
>
>                 Key: OAK-6144
>                 URL: https://issues.apache.org/jira/browse/OAK-6144
>             Project: Jackrabbit Oak
>          Issue Type: New Feature
>          Components: auth-external
>            Reporter: Manfred Baedke
>            Assignee: Manfred Baedke
>         Attachments: oak-6144-1.patch
>
>
> The interface ExternalIdentityProvider currently offers the method getIdentity(ExternalIdentityRef)
to resolve a reference to an external Identity, but there is no way to tell if the external
identity is considered active by the identity provider. The ability to resolve the reference
doesn't mean that the resulting identity may actually be used for authentication or authorization.
> If ExternaIIdentity isn't able to express this difference, it's hard to come up with
a sensible implemenation of e.g. SynchronizationMBean#purgeOrphanedUsers(), because the ability
to resolve a reference to an external identity doesn't mean that the corresponding Oak user
is still valid.
> A new method ExternalIdentiy#isActive() would allow us to clearly define the notion of
an "orphaned user".



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message