[jboss-jira] [JBoss JIRA] (ELY-249) verifyCredential method(s) misleading
David Lloyd (JIRA)
issues at jboss.org
Fri Jul 31 09:57:02 EDT 2015
David Lloyd created ELY-249:
-------------------------------
Summary: verifyCredential method(s) misleading
Key: ELY-249
URL: https://issues.jboss.org/browse/ELY-249
Project: WildFly Elytron
Issue Type: Bug
Components: API / SPI, Realms
Reporter: David Lloyd
The {{verifyCredential(Object credential)}} method is misleading. It is in fact not generally possible or practical to verify a credential; rather what is being done is verifying a guess.
I propose a couple changes. First, the argument to the method should be renamed "guess" to indicate that the object being passed in isn't a credential, but rather a credential-specific guess.
Second, I propose that Password no longer be considered a valid argument to this method. The only use that serves is to extract a clear password guess anyway.
Finally, I think we should consider renaming the method to something else, like:
* verifyCredentialGuess
* verifyGuess
* checkCredentialGuess
* etc.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list