Configuring multiple Cred2PrincipalResolver
Stephen A. Cochran
stephen.a.cochran at Dartmouth.EDU
Thu Feb 1 16:41:50 EST 2007
On Feb 1, 2007, at 3:33 PM, Scott Battaglia wrote:
> Would your DartmouthUserPassCred2PrincipalResolver be able to
> return a principal for the types of users that the new
> CredentialsToPrincipalResolver would be able to handle? If it
> doesn't recognize those users and would return null, then the chain
> would continue until it found one that did not return null.
I *think* it should fail, the backend data source it would be trying
to pull from is very different, and there would be no overlap of
users. I wasn't sure what would happen if the first UserPass resolver
failed, but sounds like it will do what we need.
> I am looking at creating a more optimized algorithm (an alternative
> AuthenticationManager) that would allow you to specify a one-to-one
> mapping of authentication handlers and
> CredentialsToPrincipalResolvers. We do it the way we do now as it
> covers both scenarios where people have the mapping (its just less
> efficient) and people don't have the mapping.
>
> Thoughts?
Might make it simpler, I can't ever see a need for an AuthHanlder to
work with more than one Resolver. One C2PResolver should be able to
support mulitple Handlers though. It is more to configure, but I
don't know if it makes it easier in the actual code.
As long as the fall-through is fast and well-defined, I don't see a
strong preference. One question would be what happens with 25 auth
handlers and say 20 C2PResolvers?
Steve
More information about the cas
mailing list