On Mon, Jan 30, 2012 at 8:35 AM, Les Hazlewood <[email protected]> wrote: > On Mon, Jan 30, 2012 at 8:18 AM, Kalle Korhonen > <[email protected]> wrote: >> I was looking into the unfinished openid4java support module. The >> RelyingPartyRealm implementation seems a bit funny to me, it extends >> AuthorizingRealm but then states in the javadoc of it >> doGetAuthorizationInfo "Returns {@code null} always because OpenId >> does not support authorization operations". > Is this true? I mean, if Attribute Exchange is enabled, is it
You wrote the javadoc, right? > possible that some of the attributes are group or role names? I don't > know the answer to this question, but my assumption is that the answer > would determine which Realm implementation we extend. Attribute extensions for openid typically allow to fetch more user data (name, email, etc.) which you could see partly as an authorization technique, but even then, that applies to the remote authentication/authorization provider, not (directly) to your application. The model I usually follow with openId/oauth and similar is "remote authentication, local authorization", i.e. I have another realm just for authorization to keep the concerns separate. Kalle
