On Sat, Sep 27, 2008 at 1:57 PM, Andrea Francia <[EMAIL PROTECTED]> wrote: > [snip a lot of good reasoning]
> The implementation (AnonymousAuthentication, or > UsernamePasswordAuthentication) is choosed by the > org.apache.ftpserver.command.impl.PASS command while I think this should be a > responsibility of the UserManager. Please note the PASS needs to be able to figure out if a user is anonymous for the connection checks. > So I propose to: > - remove the anonymous authentication > - move the UsernamePasswordAuthentication to the Ftplet API module. > - modify the UsernamePasswordAuthentication in that way: The reason for this design in the first place was an idea of providing additional types of authentication. For example, we once had one based on the X.509 certificate of the SSL session. However, I'm not pretty sure that was over-design in the first place and an easier, more adopted to the real world use of FTP is appropriate. Thus, I agree with your suggestions above. Maybe we should adopt Authentication to be more in line with UsernamePasswordAuthentication or replace it completely. /niklas
