[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[jetty-dev] Deferred security
|
David,
I went ahead with removing deferred Authenticator class as we discussed on IRC.
It was a little trickier than I had thought since previouslycalling an
authenticator with mandatory=false meant authenticate if you can, rather
than defer. Now it means defer unless you have other reasons (eg
j_security_check). In order to get the authenticate if you can
semantic, authenticators have to check for a Deferred response
being passed in. This is a bit of a hack and I'll have to
think if we can clean it up... or name things better.
Also by the same logic as was applied to removed the deferredAuthenticator,
I also removed the SessionCachingAuthenticator and now just have a
SessionAuthentication that can be used by multiple Authenticators.
The DelegateAuthenticator class was also then not needed.
I also removed the XD session cache class - which I suspect
you do use, but it can implement it elsewhere as nothing in
jetty uses or even tests it.
I think the result is a little less capable, but a lot simpler.
cheers