On 26/05/2021 12:00, Carsten Klein wrote:
<snip/>
1. How to access the Principal's new attributes
Simplest is to provide a getter method, that actually returns the map
(optionally with a read-only parameter):
Given that the attributes may well be security related, you would need
to make sure neither the Map nor any of the keys/values could be
modified. Protecting the Map is easy. Protecting the keys/values is a
little trickier. For that reason I'd lean towards the solution below.
However, in the jakarta.servlet classes, there are also some entities
that have attributes. There, attributes are accessed by these methods:
Object getAttribute(String name);
Enumeration<String> getAttributeNames();
void setAttribute(String name, Object o);
Would you, for the sake of uniformity, prefer using these more
servlet-spec like methods?
Yes, but without setAttribute(). The attributes need to be provided at
construction time and should be immutable from that point onwards.
2. Should I add attributes-related public methods to the TomcatPrincipal
interface as well?
Yes. So far the only Tomcat specific extensions are for SPNEGO but this
is in the same category. The other option would be a new interface but I
don't see a need for that.
3. Class UserDatabasePrincipal in UserDatabaseRealm
<snip/>
Why does UserDatabaseRealm pass a userPrincipal of type
UserDatabasePrincipal? Can't we just drop that and do it like JNDIRealm
or DataSourceRealm?
I don't see any obvious reason. I'll do some digging in the source
history to see if I can find out why. Absent a good reason, I'd say drop it.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
