[jboss-jira] [JBoss JIRA] (ELY-249) verifyCredential method(s) misleading
David Lloyd (JIRA)
issues at jboss.org
Tue Oct 20 12:09:00 EDT 2015
[ https://issues.jboss.org/browse/ELY-249?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Lloyd resolved ELY-249.
-----------------------------
Assignee: David Lloyd
Resolution: Done
> verifyCredential method(s) misleading
> -------------------------------------
>
> Key: ELY-249
> URL: https://issues.jboss.org/browse/ELY-249
> Project: WildFly Elytron
> Issue Type: Bug
> Components: API / SPI, Realms
> Reporter: David Lloyd
> Assignee: David Lloyd
> Priority: Critical
> Fix For: 1.1.0.Alpha2
>
>
> The {{verifyCredential(Object credential)}} method is misleading. It is in fact not generally possible or practical to verify a credential; rather what is being done is verifying a guess.
> I propose a couple changes. First, the argument to the method should be renamed "guess" to indicate that the object being passed in isn't a credential, but rather a credential-specific guess.
> Second, I propose that Password no longer be considered a valid argument to this method. The only use that serves is to extract a clear password guess anyway.
> Finally, I think we should consider renaming the method to something else, like:
> * verifyCredentialGuess
> * verifyGuess
> * checkCredentialGuess
> * etc.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list