So just implement some sort if authentication using the state machine and a
database record lookup.
Sent from my iPhone
On Aug 7, 2013, at 2:11 PM, Hunter McMillen <mcmil...@gmail.com> wrote:
> I misunderstood what you were asking, yes we have an abstract Command class
> that has derivatives for all of the commands that a user could enter.
>
> Hunter
> On 8/7/2013 1:13 PM, Jon wrote:
>> You must be building some sort of communication format for it.
>>
>> Sent from my iPhone
>>
>> On Aug 7, 2013, at 1:06 PM, Hunter McMillen <mcmil...@gmail.com> wrote:
>>
>>> We're not really implementing a protocol, we are just trying to make a
>>> text-based game that will seamlessly support hundreds to thousands of users
>>> at a time.
>>>
>>> Hunter
>>> On 8/7/2013 12:02 PM, Jon wrote:
>>>> This is more of a protocol implementation than a networking question.
>>>> What kind of protocol are you implementing.
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On Aug 7, 2013, at 11:34 AM, Hunter McMillen <mcmil...@gmail.com> wrote:
>>>>
>>>>> We actually won't need anything as complex as LDAP, just a simple DB hash
>>>>> + salt lookup.
>>>>>
>>>>> Hunter
>>>>> On 8/7/2013 10:26 AM, Emmanuel Lécharny wrote:
>>>>>> Le 8/7/13 4:11 PM, Hunter McMillen a écrit :
>>>>>>> What are the common ways to authenticate users using Mina?
>>>>>>>
>>>>>>> The first attempt I made was using a state machine, but I had problems
>>>>>>> integrating that with an IoHandler.
>>>>>>>
>>>>>>> In retrospect, the state machine seems like overkill; so I was hoping
>>>>>>> to get ideas for other ways to authenticate users, or maybe a link to
>>>>>>> an application that does some authentication.
>>>>>>>
>>>>>>> would it be terrible to do something like this?
>>>>>>>
>>>>>>> public void sessionCreated(IoSession session) {
>>>>>>> authenticateUser() // < ----- Good idea? Bad Idea? Run in a
>>>>>>> separate thread?
>>>>>>> }
>>>>>> Depends...
>>>>>>
>>>>>> let's see how it works with LDAP :
>>>>>>
>>>>>> - the user can connect on the server (and the sessionCreated event is
>>>>>> handled), but the user will not be authentified at this point.
>>>>>>
>>>>>> - in order to authenticate the user, we need to know about the user.
>>>>>> Just having his IP address is certainly not good enough (it's easy to
>>>>>> spoof it), so we expect the client to sent some credentials in the first
>>>>>> dedicated message. In LDAP this is done through a BindRequest. Anyway,
>>>>>> as you require the user to send you some data, you have to process them
>>>>>> by handling the messageReceived event.
>>>>>>
>>>>>>
>>>>>> Last, not least : what about a separate thread ?
>>>>>>
>>>>>> That's a good question. The answer, again is "it depends". If it takes
>>>>>> seconds to authenticat a user, because you have to send the auth request
>>>>>> to a remote server, then having a separate thread for that sounds smart.
>>>>>> Most of the time, the authent will take a few ms, and will be done quite
>>>>>> rarely, so it's enough to execute this code in the same thread.
>>>>>>
>>>>>> Hope it helps.
>
