Hi guys,
I'd like to simplify the Identity Management API a bit
where credentials are concerned. At the moment we have
the following methods defined by the IdentityManager
interface:
// Password Management
boolean validatePassword(User user, String
password);
void updatePassword(User user, String password);
void setPasswordEncoder(PasswordEncoder encoder);
// Certificate Management
boolean validateCertificate(User user,
X509Certificate certificate);
boolean updateCertificate(User user, X509Certificate
certificate);
Furthermore, in IdentityStore we have these methods
which are essentially identical:
boolean validatePassword(User user, String
password);
void updatePassword(User user, String password);
// Certificate Management
boolean validateCertificate(User user,
X509Certificate certificate);
boolean updateCertificate(User user, X509Certificate
certificate);
What I'd like to do is make this a little more abstract
(and more future proof) by replacing these methods (in
both interfaces) with the following two methods:
boolean validateCredential(User user, Credential
credential);
void updateCredential(User user, Credential
credential);
Once the method invocation hits the IdentityStore
implementation, we have a choice as to what we want to
do here. I think the best option is to go with a
credential encoding API based on the work that Pedro has
already done (see [1] and [2]). My only suggestion
would be to:
a) make it a little more generic (we should use a
factory object or something to provide the IdentityStore
implementation with the correct encoder based on the
type of credential)
b) provide the encoder implementation with an invocation
context containing a reference back to the calling
IdentityStore to allow access to its internal methods
and/or other state, and
c) provide pluggable access to the encoding process, to
allow the developer to provide custom behaviour for the
encoding.
Does anyone have any suggestions or thoughts on this?
Shane
[1]
https://github.com/picketlink/picketlink/blob/master/idm/api/src/main/java/org/picketlink/idm/password/PasswordEncoder.java
[2]
https://github.com/picketlink/picketlink/blob/master/idm/impl/src/main/java/org/picketlink/idm/password/internal/SHASaltedPasswordEncoder.java