Hi,
On Thu, Oct 15, 2015 at 8:05 PM, Rudy De Busscher <rdebusscher_at_gmail.com> wrote:
> Is my assumption correct that (in most cases) you would use the 'read-only
> identity store' to determine the correctness of the credentials?
It's to perform the "credentials in, caller data out" function by the
authentication mechanism. So it's not just a correctness check, but of
course the correctness check is part of the lookup.
As an example, it's what Tomcat's Form authentication mechanism does here:
http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina/8.0.20/org/apache/catalina/authenticator/FormAuthenticator.java#272
> Is the use of CDI.current() then the only option to get a reference to the
> store, or what is the relation between these 2 concepts.
Indeed, CDI.current().select(...), the equivalent code using
BeanManager, or @Inject for those cases where the code wanting to
obtain a reference is already a managed bean, is the way to get a
reference to the identity store.
Kind regards,
Arjan Tijms