[DERBY-3335] Allow UserAuthenticator.authenticateUser to work with authorization identifiers and not user name. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Services
Labels:
None

Bug behavior facts:

Security

Description

Add a new method to UserAuthenticator that allows the authentication scheme to request that the user name passed into authenticateUser is an authentication identifier. This would absolve authentication schemes from each implementing the mapping from user name to authorization identifier. Implementing the logic in each scheme is pointless and subject to errors if a different set of rules is implemented by the scheme (say by a coding bug).

Signature could be

/**
Return true if the identifier argument to authenticateUser is to represent an authorization identifier,
false if it is to represent the user name.

Note the identifier argument passed into authenticateUser is provided by the database engine.

@since 10.x If this method does exist then a return of false is assumed.
*/
public boolean authenticateUsingAuthorizationId();

The first argument to authenticateUser would change for userName to identifier with appropriate comment changes.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Daniel John Debrunner

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 18/Jan/08 21:20

Updated:: 30/Jun/09 14:12