Just out of curiosity why doesn't the login method take a username/password? 
Or if you want it to be more abstracted create some sort of Credentials
object and update the WASPSession.login to take a LoginContext and
Credentials object.  Then update the LoginContext login to take the
Credential.

-Craig


Mr Mean wrote:
> 
> I just remembered a little snag, this is not going to work because i
> currently use the context to ask if the component, class, model is
> authenticated by this context. So i really need it atm.
> 
> Looks like i need to think this trough a little better. but first i
> gotta grab some sleep.
> 
> Maurice
> 
> On 6/9/07, craigdd <[EMAIL PROTECTED]> wrote:
>>
>> Sounds like a pretty good idea, I like that much better than having the
>> user
>> need to know they need to cleanup data state in their LoginContext.
>>
>> Another idea might be to have the LoginContext provide a method that
>> returns
>> a unique identifier.  That value could be store internally and the user
>> can
>> pass anything they want, I'd assume the default would be to return the
>> username which is completely fair to be in the session.
>>
>> Without looking too closely at the code you could also use this
>> identifier
>> during logout.
>>
>> -Craig
>>
>>
>> Mr Mean wrote:
>> >
>> > Just thinking out loud here, but it shouldn't be too difficult to
>> > change this into holding a hash of the logincontext instead of the
>> > whole context. Since the equals contract already specifies that equal
>> > object should have equal hashes The equals check can be easily
>> > performed on the hash, HashMap actually uses the hash before it uses
>> > the equal, so i do not see much problems here. And it is not like you
>> > are gonna have an army of logincontexts in each session.
>> >
>> > Ill see if i can implement this sometime tomorrow.
>> >
>> > Thanks again for pointing this out, if you think there are more of
>> > this kind of problems just let me know.
>> >
>> > Maurice
>> >
>> > P.S. i guess an api for getting the original logincontext is out of
>> > the question then :)
>> >
>> >
>> > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote:
>> >>
>> >> Are you saying then that the instance of LoginContext used to login is
>> >> held
>> >> onto in the WASPSession, via the security framework?
>> >>
>> >> If so then this brings up a huge security issue, as least the way the
>> API
>> >> sits and the examples showing that a LoginContext takes a username and
>> >> password in its constructor.  This mean that a password(probably plain
>> >> text)
>> >> is available in the session which is usually a big no no when it comes
>> to
>> >> a
>> >> secure application.  I've been through a few security probes from
>> banks
>> >> on
>> >> various online applications that that is one of the first thing they
>> look
>> >> for / ask. "Are you holding onto the password?"
>> >>
>> >> -Craig
>> >>
>> >>
>> >> Mr Mean wrote:
>> >> >
>> >> > There is currently no way to grab the login context, so you could
>> >> > store it yourself (there migh be multiple logintexts though). But
>> the
>> >> > good news is you don't have to store it if you don't want to. The
>> >> > logoff performs an equals check and currently every logincontext of
>> >> > the same class and level is equal to another. So if you login using
>> a
>> >> > MySingleLoginContext(username, password) you can logoff with any new
>> >> > instance of that class (logoff(new MySingleLoginContext());)
>> >> >
>> >> > However if you feel you need to have access to the original
>> instance,
>> >> > for instance because you want to know the username, i can always
>> >> > include such a method in the api.
>> >> >
>> >> > Maurice
>> >> >
>> >> > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote:
>> >> >>
>> >> >> I see that the WASPSession.logout method takes a LoginContext.  Is
>> >> there
>> >> >> somewhere within the SWARM implementation to grab the LoginContext
>> >> used
>> >> >> to
>> >> >> login?  Or when logging in is it up to the developer to put the
>> >> >> LoginContext
>> >> >> somewhere...say maybe the session itself?
>> >> >>
>> >> >> Thanks
>> >> >> Craig
>> >> >> --
>> >> >> View this message in context:
>> >> >>
>> >>
>> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551
>> >> >> Sent from the Wicket - User mailing list archive at Nabble.com.
>> >> >>
>> >> >>
>> >> >>
>> >>
>> -------------------------------------------------------------------------
>> >> >> This SF.net email is sponsored by DB2 Express
>> >> >> Download DB2 Express C - the FREE version of DB2 express and take
>> >> >> control of your XML. No limits. Just data. Click to get it now.
>> >> >> http://sourceforge.net/powerbar/db2/
>> >> >> _______________________________________________
>> >> >> Wicket-user mailing list
>> >> >> Wicket-user@lists.sourceforge.net
>> >> >> https://lists.sourceforge.net/lists/listinfo/wicket-user
>> >> >>
>> >> >
>> >> >
>> >>
>> -------------------------------------------------------------------------
>> >> > This SF.net email is sponsored by DB2 Express
>> >> > Download DB2 Express C - the FREE version of DB2 express and take
>> >> > control of your XML. No limits. Just data. Click to get it now.
>> >> > http://sourceforge.net/powerbar/db2/
>> >> > _______________________________________________
>> >> > Wicket-user mailing list
>> >> > Wicket-user@lists.sourceforge.net
>> >> > https://lists.sourceforge.net/lists/listinfo/wicket-user
>> >> >
>> >> >
>> >>
>> >> --
>> >> View this message in context:
>> >>
>> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11033924
>> >> Sent from the Wicket - User mailing list archive at Nabble.com.
>> >>
>> >>
>> >>
>> -------------------------------------------------------------------------
>> >> This SF.net email is sponsored by DB2 Express
>> >> Download DB2 Express C - the FREE version of DB2 express and take
>> >> control of your XML. No limits. Just data. Click to get it now.
>> >> http://sourceforge.net/powerbar/db2/
>> >> _______________________________________________
>> >> Wicket-user mailing list
>> >> Wicket-user@lists.sourceforge.net
>> >> https://lists.sourceforge.net/lists/listinfo/wicket-user
>> >>
>> >
>> >
>> -------------------------------------------------------------------------
>> > This SF.net email is sponsored by DB2 Express
>> > Download DB2 Express C - the FREE version of DB2 express and take
>> > control of your XML. No limits. Just data. Click to get it now.
>> > http://sourceforge.net/powerbar/db2/
>> > _______________________________________________
>> > Wicket-user mailing list
>> > Wicket-user@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/wicket-user
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11035304
>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by DB2 Express
>> Download DB2 Express C - the FREE version of DB2 express and take
>> control of your XML. No limits. Just data. Click to get it now.
>> http://sourceforge.net/powerbar/db2/
>> _______________________________________________
>> Wicket-user mailing list
>> Wicket-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/wicket-user
>>
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Wicket-user mailing list
> Wicket-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wicket-user
> 
> 

-- 
View this message in context: 
http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11035497
Sent from the Wicket - User mailing list archive at Nabble.com.


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

Reply via email to