[cas-dev] CredentialsToPrincipalResolvers

[Stephen A. Cochran]

On Jan 31, 2007, at 1:14 PM, Scott Battaglia wrote:

> The failure of a CredentialsToPrincipalResolver to return a  
> principal will result in an AuthenticationException being thrown.   
> That solution would work.

AFAIK, the new keyword always returns a non-null object, so the only  
way to fail in the constructor for the Principal object would be to  
raise an exception. Should be able to catch it in the Cred-to- 
PrincResolver and then return null to the AuthHandler. Does that  
sound right? (Less experienced with java exceptions)

> I think in the long term though, we've seen a need for people to  
> *mostly* use the supplied handlers (most people never need to  
> modify them).  Sometimes people need pre/post actions, and we  
> should probably create an AbstractAuthenticationHandler that  
> provides these template methods.
>
> Thoughts?

I wonder if whole new classes are needed? Maybe I'm biased since I've  
already created my own resolvers and extended the principal class,  
but seems like there are already many places to extend an auth handler.

What is needed in either case is more documentation on if you have  
need X, extend the Y class. From discussions on the list, I think  
that many sites have very similar use cases that are driving  
customization.

Steve