Hi,
On Fri, Oct 9, 2015 at 6:33 PM, Alex Kosowski <alex.kosowski_at_oracle.com> wrote:
>> Another thing is that a CredentialValidator is another moving part. If
>> I'm reading the proposal correctly I think it's not required to be
>> used, but we may want to clarify that.
>
> [Alex] Correct, not required for the default CallernamePasswordCredential
> support.
I still feel there's perhaps a miscommunication here.
If the CredentialValidator is not a qualifier for the IdentityStore
(as the mail in the other thread suggested), but "something" the store
uses internally, then what does it matter if the credential type is
CallernamePasswordCredential?
Say if the IdentityStore is injected unqualified:
@Inject
IdentityStore identityStore;
...
The used as follows;
identityStore.validate(new FooCredential());
And the one and only IdentityStore on the classpath is implemented as:
@ApplicationScoped
public class MyIdentityStore implements IdentityStore {
public CredentialValidationResult CredentialValidationResult
validate(Credential credential) {
if (credential instanceof FooCredential) {
// ...
}
}
}
Then the Credential type doesn't really matter, does it? It can
literally be anything, so CredentialValidator can never be required
for any type. But since you said; "not required for the default
CallernamePasswordCredential" I feel I'm missing something.
Kind regards,
Arjan Tijms