Il giorno 30/mar/2012, alle ore 15.22, Colm O hEigeartaigh ha scritto: > Hi Fabio, > >> I agree with you. >> >> In this case I'd follow the steps below: >> 1. authenticate the third party application with an administrator (or user >> with USER_READ capability) >> 2. verify password by calling the method verifyPassword provided by the >> userController >> >> What do you think about? > > Could we add a duplicate verifyPassword method to UserController that > takes the username/password instead of userId/password? The latter > requires the application to find the user Id first and then check the > password, whereas the former only requires one step to accomplish > third-party authentication.
Sure! I think we must. Regards, F. > > Colm. > > On Fri, Mar 30, 2012 at 2:17 PM, Fabio Martelli > <[email protected]> wrote: >> >> Il giorno 30/mar/2012, alle ore 15.09, Colm O hEigeartaigh ha scritto: >> >>> Hi Fabio, >>> >>>> Further, you have the method verifyPassword provided by UserController that >>>> could be used to verify userid/password. >>>> This method, for security reason can be called only by a user with >>>> USER_READ >>>> capability. >>> >>> Consider the use-case as mentioned by Bob, where you have a third >>> party application which receives login credentials and wishes to >>> authenticate the user, and retrieve the roles associated with that >>> user for authorization. If the application logs on with the received >>> username/password, then it is assuming that the given user has a >>> USER_READ entitlement. IMO the application would log on with its own >>> credentials, and wish to authenticate the given username/password via >>> some kind of "authenticateUser" method as I mentioned before. >>> >>> Do you see a use-case for this kind of functionality or am I missing >>> something? >> >> I agree with you. >> >> In this case I'd follow the steps below: >> 1. authenticate the third party application with an administrator (or user >> with USER_READ capability) >> 2. verify password by calling the method verifyPassword provided by the >> userController >> >> What do you think about? >> >>>> Actually users have only the roles explicitly assigned. >>> >>> The question is whether it is possible to easily retrieve the >>> hierarchy of roles for a particular user (or the authenticated user)? >>> >>> Thanks, >>> >>> Colm. >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
