[
https://issues.apache.org/jira/browse/CXF-5179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13747250#comment-13747250
]
Thorsten Hoeger commented on CXF-5179:
--------------------------------------
Hi,
in my application I refresh UserSubject on role changes. Regarding your example
we make sure to not log any login names or anything alike for privacy and legal
reasons. Otherwise our logs would be regarded as personal data and we would not
be allowed to send them via email for alerting. So for logging we always use
the id as it is an internal identifier.
But if you think some CXF parts would cause problems if the login name changes
we can keep UserSubject as is. Maybe it would be cool to ease the use of the
additional properties in UserSubject by providing setter and getter methods for
properties like setProperty(String key, String value) and getProperty(String
key)
> Add optional id field to UserSubject
> ------------------------------------
>
> Key: CXF-5179
> URL: https://issues.apache.org/jira/browse/CXF-5179
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.7.6
> Reporter: Thorsten Hoeger
> Priority: Minor
> Labels: OAuth2
> Attachments: 0001-adding-optional-user-id-to-UserSubject.patch
>
>
> As the user's login name my change over time it might be a good idea to
> assign a unique, non-changing user id. To reflect this within the auth module
> the class USerSubject needs an additional field.
> The OAuthContextUtils the may resolve the user's id.
> A patch implementing this improvement is attached.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
