Just out of curiosity why doesn't the login method take a username/password? Or if you want it to be more abstracted create some sort of Credentials object and update the WASPSession.login to take a LoginContext and Credentials object. Then update the LoginContext login to take the Credential.
-Craig Mr Mean wrote: > > I just remembered a little snag, this is not going to work because i > currently use the context to ask if the component, class, model is > authenticated by this context. So i really need it atm. > > Looks like i need to think this trough a little better. but first i > gotta grab some sleep. > > Maurice > > On 6/9/07, craigdd <[EMAIL PROTECTED]> wrote: >> >> Sounds like a pretty good idea, I like that much better than having the >> user >> need to know they need to cleanup data state in their LoginContext. >> >> Another idea might be to have the LoginContext provide a method that >> returns >> a unique identifier. That value could be store internally and the user >> can >> pass anything they want, I'd assume the default would be to return the >> username which is completely fair to be in the session. >> >> Without looking too closely at the code you could also use this >> identifier >> during logout. >> >> -Craig >> >> >> Mr Mean wrote: >> > >> > Just thinking out loud here, but it shouldn't be too difficult to >> > change this into holding a hash of the logincontext instead of the >> > whole context. Since the equals contract already specifies that equal >> > object should have equal hashes The equals check can be easily >> > performed on the hash, HashMap actually uses the hash before it uses >> > the equal, so i do not see much problems here. And it is not like you >> > are gonna have an army of logincontexts in each session. >> > >> > Ill see if i can implement this sometime tomorrow. >> > >> > Thanks again for pointing this out, if you think there are more of >> > this kind of problems just let me know. >> > >> > Maurice >> > >> > P.S. i guess an api for getting the original logincontext is out of >> > the question then :) >> > >> > >> > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote: >> >> >> >> Are you saying then that the instance of LoginContext used to login is >> >> held >> >> onto in the WASPSession, via the security framework? >> >> >> >> If so then this brings up a huge security issue, as least the way the >> API >> >> sits and the examples showing that a LoginContext takes a username and >> >> password in its constructor. This mean that a password(probably plain >> >> text) >> >> is available in the session which is usually a big no no when it comes >> to >> >> a >> >> secure application. I've been through a few security probes from >> banks >> >> on >> >> various online applications that that is one of the first thing they >> look >> >> for / ask. "Are you holding onto the password?" >> >> >> >> -Craig >> >> >> >> >> >> Mr Mean wrote: >> >> > >> >> > There is currently no way to grab the login context, so you could >> >> > store it yourself (there migh be multiple logintexts though). But >> the >> >> > good news is you don't have to store it if you don't want to. The >> >> > logoff performs an equals check and currently every logincontext of >> >> > the same class and level is equal to another. So if you login using >> a >> >> > MySingleLoginContext(username, password) you can logoff with any new >> >> > instance of that class (logoff(new MySingleLoginContext());) >> >> > >> >> > However if you feel you need to have access to the original >> instance, >> >> > for instance because you want to know the username, i can always >> >> > include such a method in the api. >> >> > >> >> > Maurice >> >> > >> >> > On 6/8/07, craigdd <[EMAIL PROTECTED]> wrote: >> >> >> >> >> >> I see that the WASPSession.logout method takes a LoginContext. Is >> >> there >> >> >> somewhere within the SWARM implementation to grab the LoginContext >> >> used >> >> >> to >> >> >> login? Or when logging in is it up to the developer to put the >> >> >> LoginContext >> >> >> somewhere...say maybe the session itself? >> >> >> >> >> >> Thanks >> >> >> Craig >> >> >> -- >> >> >> View this message in context: >> >> >> >> >> >> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11018551 >> >> >> Sent from the Wicket - User mailing list archive at Nabble.com. >> >> >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------- >> >> >> This SF.net email is sponsored by DB2 Express >> >> >> Download DB2 Express C - the FREE version of DB2 express and take >> >> >> control of your XML. No limits. Just data. Click to get it now. >> >> >> http://sourceforge.net/powerbar/db2/ >> >> >> _______________________________________________ >> >> >> Wicket-user mailing list >> >> >> Wicket-user@lists.sourceforge.net >> >> >> https://lists.sourceforge.net/lists/listinfo/wicket-user >> >> >> >> >> > >> >> > >> >> >> ------------------------------------------------------------------------- >> >> > This SF.net email is sponsored by DB2 Express >> >> > Download DB2 Express C - the FREE version of DB2 express and take >> >> > control of your XML. No limits. Just data. Click to get it now. >> >> > http://sourceforge.net/powerbar/db2/ >> >> > _______________________________________________ >> >> > Wicket-user mailing list >> >> > Wicket-user@lists.sourceforge.net >> >> > https://lists.sourceforge.net/lists/listinfo/wicket-user >> >> > >> >> > >> >> >> >> -- >> >> View this message in context: >> >> >> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11033924 >> >> Sent from the Wicket - User mailing list archive at Nabble.com. >> >> >> >> >> >> >> ------------------------------------------------------------------------- >> >> This SF.net email is sponsored by DB2 Express >> >> Download DB2 Express C - the FREE version of DB2 express and take >> >> control of your XML. No limits. Just data. Click to get it now. >> >> http://sourceforge.net/powerbar/db2/ >> >> _______________________________________________ >> >> Wicket-user mailing list >> >> Wicket-user@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/wicket-user >> >> >> > >> > >> ------------------------------------------------------------------------- >> > This SF.net email is sponsored by DB2 Express >> > Download DB2 Express C - the FREE version of DB2 express and take >> > control of your XML. No limits. Just data. Click to get it now. >> > http://sourceforge.net/powerbar/db2/ >> > _______________________________________________ >> > Wicket-user mailing list >> > Wicket-user@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/wicket-user >> > >> > >> >> -- >> View this message in context: >> http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11035304 >> Sent from the Wicket - User mailing list archive at Nabble.com. >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by DB2 Express >> Download DB2 Express C - the FREE version of DB2 express and take >> control of your XML. No limits. Just data. Click to get it now. >> http://sourceforge.net/powerbar/db2/ >> _______________________________________________ >> Wicket-user mailing list >> Wicket-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/wicket-user >> > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > > -- View this message in context: http://www.nabble.com/WASPSession.logout%28object%29-tf3887102.html#a11035497 Sent from the Wicket - User mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user