It isn't fixed on username an password because i want people to be able to use any kind of authentication. e.g. a card reader or retinal scan. A credentials object could be used in this case, but then i am introducing yet another class people need to use / extend. But i already have an idea how to refactor this.
Maurice On 6/9/07, craigdd <[EMAIL PROTECTED]> wrote: > > Just out of curiosity why doesn't the login method take a username/password? > Or if you want it to be more abstracted create some sort of Credentials > object and update the WASPSession.login to take a LoginContext and > Credentials object. Then update the LoginContext login to take the > Credential. > > -Craig > > > Mr Mean wrote: > > > > I just remembered a little snag, this is not going to work because i > > currently use the context to ask if the component, class, model is > > authenticated by this context. So i really need it atm. > > > > Looks like i need to think this trough a little better. but first i > > gotta grab some sleep. > > > > Maurice > > > > On 6/9/07, craigdd <[EMAIL PROTECTED]> wrote: > >> > >> Sounds like a pretty good idea, I like that much better than having the > >> user > >> need to know they need to cleanup data state in their LoginContext. > >> > >> Another idea might be to have the LoginContext provide a method that > >> returns > >> a unique identifier. That value could be store internally and the user > >> can > >> pass anything they want, I'd assume the default would be to return the > >> username which is completely fair to be in the session. > >> > >> Without looking too closely at the code you could also use this > >> identifier > >> during logout. > >> > >> -Craig > >> > >> > >> Mr Mean wrote: > >> > > >> > Just thinking out loud here, but it shouldn't be too difficult to > >> > change this into holding a hash of the logincontext instead of the > >> > whole context. Since the equals contract already specifies that equal > >> > object should have equal hashes The equals check can be easily > >> > performed on the hash, HashMap actually uses the hash before it uses > >> > the equal, so i do not see much problems here. And it is not like you > >> > are gonna have an army of logincontexts in each session. > >> > > >> > Ill see if i can implement this sometime tomorrow. > >> > > >> > Thanks again for pointing this out, if you think there are more of > >> > this kind of problems just let me know. > >> > > >> > Maurice > >> > > >> > P.S. i guess an api for getting the original logincontext is out of > >> > the question then :) > >> > > >> > > >> > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote: > >> >> > >> >> Are you saying then that the instance of LoginContext used to login is > >> >> held > >> >> onto in the WASPSession, via the security framework? > >> >> > >> >> If so then this brings up a huge security issue, as least the way the > >> API > >> >> sits and the examples showing that a LoginContext takes a username and > >> >> password in its constructor. This mean that a password(probably plain > >> >> text) > >> >> is available in the session which is usually a big no no when it comes > >> to > >> >> a > >> >> secure application. I've been through a few security probes from > >> banks > >> >> on > >> >> various online applications that that is one of the first thing they > >> look > >> >> for / ask. "Are you holding onto the password?" > >> >> > >> >> -Craig > >> >> > >> >> > >> >> Mr Mean wrote: > >> >> > > >> >> > There is currently no way to grab the login context, so you could > >> >> > store it yourself (there migh be multiple logintexts though). But > >> the > >> >> > good news is you don't have to store it if you don't want to. The > >> >> > logoff performs an equals check and currently every logincontext of > >> >> > the same class and level is equal to another. So if you login using > >> a > >> >> > MySingleLoginContext(username, password) you can logoff with any new > >> >> > instance of that class (logoff(new MySingleLoginContext());) > >> >> > > >> >> > However if you feel you need to have access to the original > >> instance, > >> >> > for instance because you want to know the username, i can always > >> >> > include such a method in the api. > >> >> > > >> >> > Maurice > >> >> > > >> >> > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote: > >> >> >> > >> >> >> I see that the WASPSession.logout method takes a LoginContext. Is > >> >> there > >> >> >> somewhere within the SWARM implementation to grab the LoginContext > >> >> used > >> >> >> to > >> >> >> login? Or when logging in is it up to the developer to put the > >> >> >> LoginContext > >> >> >> somewhere...say maybe the session itself? > >> >> >> > >> >> >> Thanks > >> >> >> Craig > >> >> >> -- > >> >> >> View this message in context: > >> >> >> > >> >> > >> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551 > >> >> >> Sent from the Wicket - User mailing list archive at Nabble.com. > >> >> >> > >> >> >> > >> >> >> > >> >> > >> ------------------------------------------------------------------------- > >> >> >> This SF.net email is sponsored by DB2 Express > >> >> >> Download DB2 Express C - the FREE version of DB2 express and take > >> >> >> control of your XML. No limits. Just data. Click to get it now. > >> >> >> http://sourceforge.net/powerbar/db2/ > >> >> >> _______________________________________________ > >> >> >> Wicket-user mailing list > >> >> >> Wicket-user@lists.sourceforge.net > >> >> >> https://lists.sourceforge.net/lists/listinfo/wicket-user > >> >> >> > >> >> > > >> >> > > >> >> > >> ------------------------------------------------------------------------- > >> >> > This SF.net email is sponsored by DB2 Express > >> >> > Download DB2 Express C - the FREE version of DB2 express and take > >> >> > control of your XML. No limits. Just data. Click to get it now. > >> >> > http://sourceforge.net/powerbar/db2/ > >> >> > _______________________________________________ > >> >> > Wicket-user mailing list > >> >> > Wicket-user@lists.sourceforge.net > >> >> > https://lists.sourceforge.net/lists/listinfo/wicket-user > >> >> > > >> >> > > >> >> > >> >> -- > >> >> View this message in context: > >> >> > >> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11033924 > >> >> Sent from the Wicket - User mailing list archive at Nabble.com. > >> >> > >> >> > >> >> > >> ------------------------------------------------------------------------- > >> >> This SF.net email is sponsored by DB2 Express > >> >> Download DB2 Express C - the FREE version of DB2 express and take > >> >> control of your XML. No limits. Just data. Click to get it now. > >> >> http://sourceforge.net/powerbar/db2/ > >> >> _______________________________________________ > >> >> Wicket-user mailing list > >> >> Wicket-user@lists.sourceforge.net > >> >> https://lists.sourceforge.net/lists/listinfo/wicket-user > >> >> > >> > > >> > > >> ------------------------------------------------------------------------- > >> > This SF.net email is sponsored by DB2 Express > >> > Download DB2 Express C - the FREE version of DB2 express and take > >> > control of your XML. No limits. Just data. Click to get it now. > >> > http://sourceforge.net/powerbar/db2/ > >> > _______________________________________________ > >> > Wicket-user mailing list > >> > Wicket-user@lists.sourceforge.net > >> > https://lists.sourceforge.net/lists/listinfo/wicket-user > >> > > >> > > >> > >> -- > >> View this message in context: > >> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11035304 > >> Sent from the Wicket - User mailing list archive at Nabble.com. > >> > >> > >> ------------------------------------------------------------------------- > >> This SF.net email is sponsored by DB2 Express > >> Download DB2 Express C - the FREE version of DB2 express and take > >> control of your XML. No limits. Just data. Click to get it now. > >> http://sourceforge.net/powerbar/db2/ > >> _______________________________________________ > >> Wicket-user mailing list > >> Wicket-user@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/wicket-user > >> > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > Wicket-user mailing list > > Wicket-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/wicket-user > > > > > > -- > View this message in context: > http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11035497 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
