Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
None
-
Security
Description
Add a new method to UserAuthenticator that allows the authentication scheme to request that the user name passed into authenticateUser is an authentication identifier. This would absolve authentication schemes from each implementing the mapping from user name to authorization identifier. Implementing the logic in each scheme is pointless and subject to errors if a different set of rules is implemented by the scheme (say by a coding bug).
Signature could be
/**
Return true if the identifier argument to authenticateUser is to represent an authorization identifier,
false if it is to represent the user name.
Note the identifier argument passed into authenticateUser is provided by the database engine.
@since 10.x If this method does exist then a return of false is assumed.
*/
public boolean authenticateUsingAuthorizationId();
The first argument to authenticateUser would change for userName to identifier with appropriate comment changes.