<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">Ok. We throw an exception now if there

      is a second login() call on an already authenticated session.<br>

      <br>

      On 01/31/2013 07:25 AM, Bruno Oliveira wrote:<br>

    </div>

    <blockquote

      cite="mid:1773A6AF54BA452F9593A18531CD58B8@abstractj.org"

      type="cite">

      <div class="moz-text-plain" wrap="true" graphical-quote="true"

        style="font-family: -moz-fixed; font-size: 12px;"

        lang="x-western">

        <pre wrap="">Exactly! That's my point! 

Thanks Marek. 

<div class="moz-txt-sig">-- 

"The measure of a man is what he does with power" - Plato

-

@abstractj

-

Volenti Nihil Difficile

On Thursday, January 31, 2013 at 8:40 AM, Marek Posolda wrote:

</div></pre>

        <blockquote type="cite" style="color: #C0C0C0;">

          <pre wrap=""><span class="moz-txt-citetags">&gt; </span>In Servlet 3.0 specification, method HttpServletRequest.login(username, 

<span class="moz-txt-citetags">&gt; </span>password) stated in javadoc that it throws exception if someone is 

<span class="moz-txt-citetags">&gt; </span>trying to login on already authenticated session. Javadoc looks like this:

<span class="moz-txt-citetags">&gt; </span>

<span class="moz-txt-citetags">&gt; </span>* @exception ServletException if the configured login mechanism

<span class="moz-txt-citetags">&gt; </span>* does not support username

<span class="moz-txt-citetags">&gt; </span>* password authentication, or 

<span class="moz-txt-citetags">&gt; </span>if a

<span class="moz-txt-citetags">&gt; </span>* non-null caller identity had

<span class="moz-txt-citetags">&gt; </span>* already been established 

<span class="moz-txt-citetags">&gt; </span>(prior

<span class="moz-txt-citetags">&gt; </span>* to the call to login), or if

<span class="moz-txt-citetags">&gt; </span>* validation of the provided

<span class="moz-txt-citetags">&gt; </span>* username and password fails.

<span class="moz-txt-citetags">&gt; </span>

<span class="moz-txt-citetags">&gt; </span>Indeed throwing exception seems to me like best approach in this case. I 

<span class="moz-txt-citetags">&gt; </span>think that if someone wants to login again with different credentials, 

<span class="moz-txt-citetags">&gt; </span>he should first logout before second login. So usecase could be like:

<span class="moz-txt-citetags">&gt; </span>

<span class="moz-txt-citetags">&gt; </span>credential.setCredential(x);

<span class="moz-txt-citetags">&gt; </span>identity.login();

<span class="moz-txt-citetags">&gt; </span>// Do something with identity 'x'

<span class="moz-txt-citetags">&gt; </span>identity.logout();

<span class="moz-txt-citetags">&gt; </span>

<span class="moz-txt-citetags">&gt; </span>credential.setCredential(y);

<span class="moz-txt-citetags">&gt; </span>identity.login();

<span class="moz-txt-citetags">&gt; </span>// Do something with identity 'y'

<span class="moz-txt-citetags">&gt; </span>

<span class="moz-txt-citetags">&gt; </span>

<span class="moz-txt-citetags">&gt; </span>

<span class="moz-txt-citetags">&gt; </span>Marek

<span class="moz-txt-citetags">&gt; </span>

<span class="moz-txt-citetags">&gt; </span>On 31/01/13 01:58, Jess Sightler wrote:

</pre>

          <blockquote type="cite" style="color: #C0C0C0;">

            <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; </span>I see no reason why someone would call login again on an already authenticated session. I believe that Seam 2.x used to catch this and throw an exception (though I could be misremembering). Personally, I would prefer an exception over silently ignoring the call or an option such as the one below.

<span class="moz-txt-citetags">&gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; </span>Unless there is a valid reason to call .login again?

<span class="moz-txt-citetags">&gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; </span>----- Original Message -----

</pre>

            <blockquote type="cite" style="color: #C0C0C0;">

              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; </span>From: "Anil Saldhana" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:Anil.Saldhana@redhat.com%28mailto:Anil.Saldhana@redhat.com%29">&lt;Anil.Saldhana@redhat.com (mailto:Anil.Saldhana@redhat.com)&gt;</a>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>To: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:security-dev@lists.jboss.org">security-dev@lists.jboss.org</a> (<a moz-do-not-send="true" class="moz-txt-link-freetext" href="mailto:security-dev@lists.jboss.org">mailto:security-dev@lists.jboss.org</a>)

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>Sent: Wednesday, January 30, 2013 7:31:33 PM

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>Subject: Re: [security-dev] PLINK-84 - Login can be bypassed with any user after a first successful login

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>Actually, I do not see a problem in customizing the behavior of

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>repeated login() method calls:

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>something like:

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>identity.setOption(Option.LOGIN_REPEAT);

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>credential.setCredential(x);

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>identity.login();

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>credential.setCredential(y);

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>identity.login();

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>If the option is set, then the second call of login() will

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>authenticate again.

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>By default, we want to maintain the session behavior. But if Aerogear

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>wants repeated login() logic, they should be able to set it in the

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>option?

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>Feedback?

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>On 01/30/2013 11:47 AM, Bruno Oliveira wrote:

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>I still don't agree with it, we're giving the benefit of the doubt to

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>developers. If I have a method which is invoked twice for example

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>via HTTP request with the following code:

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

</pre>

              <blockquote type="cite" style="color: #C0C0C0;">

                <blockquote type="cite" style="color: #C0C0C0;">

                  <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>credential.setCredential(x); &gt; &gt; identity.login(); &gt; Login should

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>be validate it again, but if you think that is not a problem,

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>I'm fine.

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>

</pre>

                </blockquote>

                <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; </span>

</pre>

              </blockquote>

              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>Anil, could you please provide the final solution for it? Examples of

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>usage?

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>--

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>"The measure of a man is what he does with power" - Plato

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>-

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>@abstractj

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>-

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>Volenti Nihil Difficile

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>On Wednesday, January 30, 2013 at 1:40 PM, Anil Saldhana wrote:

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

</pre>

              <blockquote type="cite" style="color: #C0C0C0;">

                <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; </span>On 01/30/2013 09:33 AM, Bruno Oliveira wrote:

</pre>

                <blockquote type="cite" style="color: #C0C0C0;">

                  <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>So if I'm a bank where the user account is logged in, this user

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>has just forgot to 'logout'. Another person using his computer

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>can just bypass the login, because the session still exists?

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>Banks get over this by frequently being proactive using

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>Javascript. If the user has been idle for a minute, they give

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>out a warning and if there is no response, they log out the

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>user. &gt; &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>Another scenario, I'm at the same network of John, running my

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>whatever-sniffer, then is just a matter of grab the current

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>session ID and login? Am I wrong? Because If understood

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>correctly, after user login, even if I invoke this method for a

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>second time, what really matters is the session ID. https/ssl

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>should be mandatory for all critical web applications. Just have

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>a HTTP Header agent installed for your browser. Your passwords

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>are in the clear in the http header agent if you do not use

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>https. &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>I'm confused. &gt; &gt; -- "The measure of a man is what he does with

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>power" - Plato - @abstractj - Volenti Nihil Difficile On

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>Wednesday, January 30, 2013 at 1:17 PM, Anil Saldhana wrote: &gt; &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>

</pre>

                </blockquote>

                <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; </span>

</pre>

              </blockquote>

              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

</pre>

              <blockquote type="cite" style="color: #C0C0C0;">

                <blockquote type="cite" style="color: #C0C0C0;">

                  <blockquote type="cite" style="color: #C0C0C0;">

                    <blockquote type="cite" style="color: #C0C0C0;">

                      <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>On 01/29/2013 08:08 PM, Douglas Campos wrote:

</pre>

                    </blockquote>

                  </blockquote>

                </blockquote>

              </blockquote>

              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

</pre>

              <blockquote type="cite" style="color: #C0C0C0;">

                <blockquote type="cite" style="color: #C0C0C0;">

                  <blockquote type="cite" style="color: #C0C0C0;">

                    <blockquote type="cite" style="color: #C0C0C0;">

                      <blockquote type="cite" style="color: #C0C0C0;">

                        <blockquote type="cite" style="color: #C0C0C0;">

                          <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>On Tue, Jan 29, 2013 at 05:19:23PM -0600, Anil Saldhana

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>wrote:

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                        </blockquote>

                        <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                      </blockquote>

                      <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                    </blockquote>

                    <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                  </blockquote>

                  <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>

</pre>

                </blockquote>

                <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; </span>

</pre>

              </blockquote>

              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

</pre>

              <blockquote type="cite" style="color: #C0C0C0;">

                <blockquote type="cite" style="color: #C0C0C0;">

                  <blockquote type="cite" style="color: #C0C0C0;">

                    <blockquote type="cite" style="color: #C0C0C0;">

                      <blockquote type="cite" style="color: #C0C0C0;">

                        <blockquote type="cite" style="color: #C0C0C0;">

                          <blockquote type="cite" style="color:

                            #C0C0C0;">

                            <blockquote type="cite" style="color:

                              #C0C0C0;">

                              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>Shane, &gt; &gt; &gt; this is not a bug rather a feature

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>request. &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                            </blockquote>

                            <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                          </blockquote>

                          <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                        </blockquote>

                        <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                      </blockquote>

                      <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                    </blockquote>

                    <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                  </blockquote>

                  <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>

</pre>

                </blockquote>

                <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; </span>

</pre>

              </blockquote>

              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

</pre>

              <blockquote type="cite" style="color: #C0C0C0;">

                <blockquote type="cite" style="color: #C0C0C0;">

                  <blockquote type="cite" style="color: #C0C0C0;">

                    <blockquote type="cite" style="color: #C0C0C0;">

                      <blockquote type="cite" style="color: #C0C0C0;">

                        <blockquote type="cite" style="color: #C0C0C0;">

                          <blockquote type="cite" style="color:

                            #C0C0C0;">

                            <blockquote type="cite" style="color:

                              #C0C0C0;">

                              <blockquote type="cite" style="color:

                                #C0C0C0;">

                                <blockquote type="cite" style="color:

                                  #C0C0C0;">

                                  <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>it's a bug &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; Aerogear has the

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>following sequence: &gt; &gt; &gt; &gt; &gt; &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>credential.setCredential(x); &gt; &gt; &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>identity.login(); &gt; &gt; &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>credential.setCredential(y); &gt; &gt; &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>identity.login(); &gt; &gt; &gt; &gt; &gt; &gt; Aerogear wants

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>PicketLink to reauthenticate during the second

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>login() &gt; &gt; &gt; call. Currently &gt; &gt; &gt; it will not

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>because the first login() established a User

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>instance and &gt; &gt; &gt; subsequent login() &gt; &gt; &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>calls will just bypass the auth process. &gt; &gt; &gt; &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                                </blockquote>

                                <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                              </blockquote>

                              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                            </blockquote>

                            <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                          </blockquote>

                          <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                        </blockquote>

                        <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                      </blockquote>

                      <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                    </blockquote>

                    <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                  </blockquote>

                  <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>

</pre>

                </blockquote>

                <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; </span>

</pre>

              </blockquote>

              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

</pre>

              <blockquote type="cite" style="color: #C0C0C0;">

                <blockquote type="cite" style="color: #C0C0C0;">

                  <blockquote type="cite" style="color: #C0C0C0;">

                    <blockquote type="cite" style="color: #C0C0C0;">

                      <blockquote type="cite" style="color: #C0C0C0;">

                        <blockquote type="cite" style="color: #C0C0C0;">

                          <blockquote type="cite" style="color:

                            #C0C0C0;">

                            <blockquote type="cite" style="color:

                              #C0C0C0;">

                              <blockquote type="cite" style="color:

                                #C0C0C0;">

                                <blockquote type="cite" style="color:

                                  #C0C0C0;">

                                  <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>If my API doesn't do the login process on the

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>login() call, am I not &gt; &gt; failing with the

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>"least surprise principle"? If it doesn't do all

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>the &gt; &gt; login procedure when called, better

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>rename it then: mayLogin(), &gt; &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>loginWithCaching() or anything like this. &gt; &gt; &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                                </blockquote>

                                <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                              </blockquote>

                              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                            </blockquote>

                            <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                          </blockquote>

                          <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                        </blockquote>

                        <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                      </blockquote>

                      <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                    </blockquote>

                    <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                  </blockquote>

                  <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>

</pre>

                </blockquote>

                <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; </span>

</pre>

              </blockquote>

              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

</pre>

              <blockquote type="cite" style="color: #C0C0C0;">

                <blockquote type="cite" style="color: #C0C0C0;">

                  <blockquote type="cite" style="color: #C0C0C0;">

                    <blockquote type="cite" style="color: #C0C0C0;">

                      <blockquote type="cite" style="color: #C0C0C0;">

                        <blockquote type="cite" style="color: #C0C0C0;">

                          <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>Your usage: &gt; &gt; User user = null; &gt; AuthenticationResult

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>result = identity.login(); &gt; if(result ==

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>AuthenticationResult.SUCCESS){ &gt; user =

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>identity.getUser(); &gt; } else { &gt; throw new

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>RuntimeException("Authentication Failed"); &gt; } &gt; &gt; //Now

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>identity has an user &gt; //Irrespective of what you want

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>to put in credential, you are &gt; authenticated already

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>until you logout &gt; result = identity.login(); &gt; //result

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>is always SUCCESS. &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                        </blockquote>

                        <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                      </blockquote>

                      <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                    </blockquote>

                    <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                  </blockquote>

                  <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>

</pre>

                </blockquote>

                <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; </span>

</pre>

              </blockquote>

              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

</pre>

              <blockquote type="cite" style="color: #C0C0C0;">

                <blockquote type="cite" style="color: #C0C0C0;">

                  <blockquote type="cite" style="color: #C0C0C0;">

                    <blockquote type="cite" style="color: #C0C0C0;">

                      <blockquote type="cite" style="color: #C0C0C0;">

                        <blockquote type="cite" style="color: #C0C0C0;">

                          <blockquote type="cite" style="color:

                            #C0C0C0;">

                            <blockquote type="cite" style="color:

                              #C0C0C0;">

                              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>IMO, this is not only wrong, but I think it can be

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>used as a potential &gt; &gt; attack vector. &gt; &gt; &gt; &gt; &gt; &gt; &gt;

<span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                            </blockquote>

                            <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                          </blockquote>

                          <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                        </blockquote>

                        <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                      </blockquote>

                      <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                    </blockquote>

                    <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; </span>

</pre>

                  </blockquote>

                  <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; </span>

</pre>

                </blockquote>

                <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; </span>

</pre>

              </blockquote>

              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

</pre>

              <blockquote type="cite" style="color: #C0C0C0;">

                <blockquote type="cite" style="color: #C0C0C0;">

                  <blockquote type="cite" style="color: #C0C0C0;">

                    <blockquote type="cite" style="color: #C0C0C0;">

                      <blockquote type="cite" style="color: #C0C0C0;">

                        <blockquote type="cite" style="color: #C0C0C0;">

                          <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>How?

</pre>

                        </blockquote>

                      </blockquote>

                    </blockquote>

                  </blockquote>

                </blockquote>

              </blockquote>

              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; </span>

<span class="moz-txt-citetags">&gt; &gt; &gt; </span>

</pre>

              <blockquote type="cite" style="color: #C0C0C0;">

                <blockquote type="cite" style="color: #C0C0C0;">

                  <blockquote type="cite" style="color: #C0C0C0;">

                    <blockquote type="cite" style="color: #C0C0C0;">

                      <blockquote type="cite" style="color: #C0C0C0;">

                        <blockquote type="cite" style="color: #C0C0C0;">

                          <blockquote type="cite" style="color:

                            #C0C0C0;">

                            <blockquote type="cite" style="color:

                              #C0C0C0;">

                              <pre wrap=""><span class="moz-txt-citetags">&gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; </span>-- qmx &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt; &gt;

 </pre>

                            </blockquote>

                          </blockquote>

                        </blockquote>

                      </blockquote>

                    </blockquote>

                  </blockquote>

                </blockquote>

              </blockquote>

            </blockquote>

          </blockquote>

        </blockquote>

      </div>

    </blockquote>

  </body>

</html>