On 10/04/2011 03:29 PM, Bill Burke wrote:
Callback handlers would give you a "storage" abstraction
driven by any
arbitrary interface. We'd implement a different SPI for it
One thing this does change is that the location of any caching based on
the authentication needs to be moved to a different location and in a
different context.
In the context of JAAS as we have a username and credential these are
cached and if the same pair are encountered again the details in the
cache can be used - once we switch to different mechanisms we are no
longer sure we have either of these values so caching at the point we
access the storage starts to become the requirement.