Hi,
On Wed, Sep 30, 2015 at 7:05 AM, Rudy De Busscher <rdebusscher_at_gmail.com> wrote:
>> I do wonder if the getCallerGroups() and getCallerRoles() methods are
>> needed here. An authentication mechanism would not likely use these,
>> right?
>
>
> Is indeed a good remark. What if some of those application don't need any
> authorization, but just authentication.
A main distinction is that CredentialValidationResult
validate(Credential credential); works for the "current" caller (the
caller currently providing credentials).
Groups are available from CredentialValidationResult, which the
authorization system can then use or not use.
The getCallerGroups(String) and getCallerRoles(String) methods however
now work for "every" caller name passed in, so unless they're solely
intended for the static helper method shown above, it's more something
that an admin UI or so may use instead of the
authentication/authorization system. Or am I missing something?
Kind regards,
Arjan