Hi Steve, I still have several doubts about this. > > The User interface has no knowledge of how your repository maintains > security, or even if it does! ... > I don't think it would be a good idea to force implementations of User to > make their passwords accessable via a public method, hashed or otherwise.
OK, that's truth, but wouldn't be interesting a UserRepository that could provide all user's data to its implementation class ? I'm think in the possibility of a more complex module for Remote Manager and in a more complex User Repository. Forget the method "getHashedPassword()" I thought better in maybe a more flexible method like "Object getAttribute(String key)" in "User" interface or a new interface "UserData" that extends from "User" and used in the method "boolean addUser(UserData userdata)" of "UserRepository", there are several possibilities. > > Is it correct to do a cast to a class from an interface ? I > > think this generate a dependency between RemoteManager and > > Users Repositories then the interface "UserRepository" itsn't > > sufficient to determine the "contract" for the Users > > repository implementation. Is that correct ? > > The pragmatic approach taken currently is to say that only one type of > UserRepository is concurrently supported, so it is safe to cast. It would be > possible to refactor and use polymorphism to avoid this, but that isn't > strictly neccesary when there is only ever one type of reposoitory involved. It seems to me a little surprises this solution, in any case perhaps my problem is that I need a User repository more complex, mainly I need to manage more information of the user, specially groups, but not only. I think that in my case when having a external (and more complex) users repository (LDAP server) It is assumed that the maintenance of that repository is external to James, James only uses the repository to know if the recipient is local and similar uses. Is it correct? :::Roberto. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
