Posted: Wed Aug 02, 2006 6:42 pm
I'm not sure what need the user id, but I would hope it would it would be contained in the Credential and accessed only by the Authenticator (I think I misnamed in Authorizor which is incorrect) If the system needs to save information in the session, and I don't think this code would, then probably you would pass the Credential to the Access Control system which is a whole separate thing from this Authentication stuff.Ambush Commander wrote:The first trouble is establishing the session, since as it stands right now, there's no facility for making sure that the user doesn't have to log in every page request. I would say that the return value isAuthorized(), but we'll also need a user id. There's two ways to go about doing this:
I think Captcha would just add another Term to the Credential/Authenticator. An alternative would be to have a chain of Authenticators, so you could add a username/password Authenticator and a Capcha Authenticator to the chain. Again, the Authenticate class would just me a generic manager.Ambush Commander wrote:1. Simple (and hacky): Have isAuthorized() return the user ID: it still works as a boolean but also tells us who the user is.
2. Complicated (but extensible): Create an AuthorizationStatus object that holds the user ID, as well as anything else that could possibly be useful for authorization (like whether or not the user logged in via a real login or remember me).
Let's add a Captcha now. Say instead of a regular User Password login, now we need a Captcha to be verified too (we'll assume that some other part of the application automatically changes the authorizer). While we could extend the Authorizor_UsernamePassword class, I think creating an Authorizor_Composite and Authorizor_Captcha would be far more reusable. The composite authorizor would require that all the authorizors it consists of pass for it to say "authorized!" while the Captcha authorizor would solely check whether or not the Captcha works. We'd also need a CompositeCredential class.
But perhaps I am not understanding you.