Hi Steven,
Correct.
I would be more inclined though to add an attribute to the
isSessionValid method that allows a SessionManager to have access to,
for example, request scoped objects. The type of that attribute would
be SessionCache or so and be implemented by the authentication
element. Like this the SessionManager still has complete control over
the validation of the sessions. Pulling session features out into
another class like you suggest blurs the control over authentication
session management imho. What do you think?
Take care,
Geert
On 25 Sep 2006, at 23:24, Steven Grimm wrote:
I don't think that will work. SessionManager is stateless and if
you did that you wouldn't be able to use a singleton instance.
An alternate approach would be to add a method that returns some
kind of session object given a session ID, and have that object
implement getSessionUserId() and continueSession(). (And maybe
isSessionValid() too, but you could just say that object is only
returned for valid session IDs.) The authentication code can
remember that object using a request attribute a la the
IDENTITY_ATTRIBUTE_NAME attribute so the element class can call it
as needed.
What do you think of that?
-Steve
Geert Bevin wrote:
Hi Steven,
maybe we should add a method to the SessionManager interface
(setElementSupport) that is called by the authentication with
itself as the argument.
What do you think?
Geert
_______________________________________________
Rife-users mailing list
Rife-users@uwyn.com
http://lists.uwyn.com/mailman/listinfo/rife-users
--
Geert Bevin
Uwyn "Use what you need" - http://uwyn.com
RIFE Java application framework - http://rifers.org
Music and words - http://gbevin.com
_______________________________________________
Rife-users mailing list
Rife-users@uwyn.com
http://lists.uwyn.com/mailman/listinfo/rife-users