On Mar 17, 2008, at 4:40 PM, Alex Povolotsky wrote:
Jay K wrote:
That page is slightly incorrect.
In C::A::Store::Null -based class, apparently $storeclass-
>can('find_user') returns 0 (called from
C::A::Authentication::Realm.pm line 85) so Realm tries to construct
find_user by itself, without success.
Yes. Null does not implement find_user - you have to. Which is
why
the wiki page says subclass and add find_user.
Hmm... I guess you should read Null.pm, especially lines 29-32.
Ah. I see that you are correct. A
Catalyst::Authentication::Store::Null object should return true to
can('find_user') I'd be interested in seeing a test where that fails.
For SSO - you can hook at any of those points. The store is the
easiest, really - because Credential::Password has a 'passthrough'
mode by telling it password_type='none' - effectively delegating the
entire auth process cleanly to the store's find_user method. Since
you will probably need to provide some type of user information -
overriding the store gives you the ideal spot to handle both at the
same time.
Well, I still think that SSO is for CREDENTIAL VALIDATION, so we
need to override Credential.
Actually, I've done an extremly simple SSO (but it works good
enough!) and store authenticated users in DBIx::Class, and happy
with it :)
Surely one could override Realm, or Catalyst itself, or rewrite
Catalyst from scratch, but I've explained my position.
As I mention in my previous post - It really depends on the complexity
of your SSO system and what it grants access to in your app. It could
also very easily be considered user retrieval - in which case a store
could be considered more appropriate.
My point is simply that I built the Auth module to allow the most
flexibility for customization without the need to 'rewrite Catalyst
from scratch' as you put it. Any of the hook points I mentioned can
be appropriate, and indeed for an SSO such as OpenID, which is much
more complex than validating a hash in a cookie - overriding at $realm-
>authenticate() may be the best option.
Jay
---
"May we not return to those scoundrels of old, the illustrious
founders of superstition and fanaticism, who first took the knife from
the altar to make victims of those who refused to be their disciples."
- Voltaire
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
