<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi guys,<br>
<br>
I'd like to simplify the Identity Management API a bit where
credentials are concerned. At the moment we have the following
methods defined by the IdentityManager interface:<br>
<br>
// Password Management<br>
boolean validatePassword(User user, String password);<br>
<br>
void updatePassword(User user, String password);<br>
<br>
void setPasswordEncoder(PasswordEncoder encoder);<br>
<br>
// Certificate Management<br>
boolean validateCertificate(User user, X509Certificate
certificate);<br>
<br>
boolean updateCertificate(User user, X509Certificate
certificate);<br>
<br>
Furthermore, in IdentityStore we have these methods which are
essentially identical:<br>
<br>
boolean validatePassword(User user, String password);<br>
<br>
void updatePassword(User user, String password);<br>
<br>
// Certificate Management<br>
boolean validateCertificate(User user, X509Certificate
certificate);<br>
<br>
boolean updateCertificate(User user, X509Certificate
certificate);<br>
<br>
<br>
What I'd like to do is make this a little more abstract (and more
future proof) by replacing these methods (in both interfaces) with
the following two methods:<br>
<br>
boolean validateCredential(User user, Credential credential);<br>
<br>
void updateCredential(User user, Credential credential);<br>
<br>
Once the method invocation hits the IdentityStore implementation, we
have a choice as to what we want to do here. I think the best
option is to go with a credential encoding API based on the work
that Pedro has already done (see [1] and [2]). My only suggestion
would be to:<br>
<br>
a) make it a little more generic (we should use a factory object or
something to provide the IdentityStore implementation with the
correct encoder based on the type of credential) <br>
b) provide the encoder implementation with an invocation context
containing a reference back to the calling IdentityStore to allow
access to its internal methods and/or other state, and<br>
c) provide pluggable access to the encoding process, to allow the
developer to provide custom behaviour for the encoding.<br>
<br>
Does anyone have any suggestions or thoughts on this?<br>
<br>
Shane<br>
<br>
<br>
[1]
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<a
href="https://github.com/picketlink/picketlink/blob/master/idm/api/src/main/java/org/picketlink/idm/password/PasswordEncoder.java">https://github.com/picketlink/picketlink/blob/master/idm/api/src/main/java/org/picketlink/idm/password/PasswordEncoder.java</a><br>
[2]
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<a
href="https://github.com/picketlink/picketlink/blob/master/idm/impl/src/main/java/org/picketlink/idm/password/internal/SHASaltedPasswordEncoder.java">https://github.com/picketlink/picketlink/blob/master/idm/impl/src/main/java/org/picketlink/idm/password/internal/SHASaltedPasswordEncoder.java</a>
</body>
</html>