Re[2]: Some questions about Shiro API

Sun, 08 Nov 2020 01:48:24 -0800 

Hi Lenny,
 
I have casts, you have casts, Bob and Mike also have casts. It doesn’t matter 
how many casts
you have, you mustn’t have any.
 
In modern SO development approach we use only API and shouldn’t know anything 
about implementations
classes. I’m sure that you know about OSGI, JPMS etc. The main idea of such 
systems is to completely hide
implementation classes. You event don’t see those implementation classes, so, 
you just CAN’T use them!
 
So, when you do FooImpl impl = (FooImpl) foo; it means that either you are 
doing something wrong,
or API is not flexible enough.
 
So, I can’t accept your advice because it is simply unacceptable.
 
 
--
Best regards, Alex Orlov
 
  
>Суббота, 7 ноября 2020, 23:37 +03:00 от Lenny Primak <[email protected]>:
> 
>Oh and I have very few “casts” that are necessary to accomplish any of this
> 
>> On Nov 7, 2020, at 12:50 AM, Alex Orlov < [email protected] > wrote:
>>
>> Hi all,
>>
>> Trying to I get the list of all logged in subjects I found this method :
>> SessionDAO#Collection<Session> getActiveSessions()
>> and want to use it.
>>
>> And I have two questions:
>>
>> 1) Why does API hide top level objects for which we have interfaces?
>> For example, using SecurityUtils we can get SecurityManager, however,
>> SecurityManager doesn’t let get SessionManager, SessionDAO etc.
>> So, we can’t do
>> SecurityUtils.getSecurityManager().getSessionManager().getSessionDAO()?
>> It seems to be unusual for me. Besides it is possible to set them via ini:
>>
>> sessionManager = com.foo.my.SessionManagerImplementation
>> securityManager.sessionManager = $sessionManage
>>
>> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
>> securityManager.sessionManager = $sessionManager
>> # Configure a SessionDAO and then set it:
>> securityManager.sessionManager.sessionDAO = $sessionDAO
>>
>> So, we can configure them statically, but not dynamically. At least, we must 
>> be able to get them
>> at runtime. Maybe it is necessary to change API to make it more flexible?
>>
>> 2) Why does SecurityManager extend SessionManager?
>> As I understand SecurityManager has a SessionManager, but not is a 
>> SessionManager:
>>
>> public interface SecurityManager extends Authenticator, Authorizer, 
>> SessionManager
>>
>> Could anyone explain?
>>
>>
>> --
>> Best regards, Alex Orlov
 

Reply via email to