portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Grant <Jan.Gr...@bristol.ac.uk>
Subject RE: Security 1.4: more implement[eo]r feedback on provider APIs
Date Tue, 06 Aug 2002 12:52:01 GMT
On Mon, 5 Aug 2002, David Sean Taylor wrote:

> I believe at first you only wanted to change the logout method. Am I correct
> to say that now you want to change all the security calls to explicity pass
> in the current user?

Basically, my first pass was with authentication only, because logout
stood out from the crowd. I took a closer look at the other interfaces;
in the light of that, I think that wherever the current user has a
(potential) bearing on security provider decisions (ie, where the
javadoc says "provider may use current user from context to determine
whether to do this" or words to that effect), then the user should be
passed as part of the interface.

This principally came to light when I was trying to create a
multiplexing security provider (basically a "Composite" that was
supported by a composite JetspeedUser) and ran into trouble using the
supplied turbine provider with it.

jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk
Scrabble gematria: "BIBLE" = "DOGMA"

To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>

View raw message