Hi Arjan,
> it's more something
> that an admin UI or so may use instead of the
> authentication/authorization system.
That was my intent. But per the earlier response, we should remove
getCallerGroups(String) and getCallerRoles(String) from IdentityStore.
Regards,
Alex
On 9/30/15 3:18 AM, arjan tijms wrote:
> Hi,
>
> On Wed, Sep 30, 2015 at 7:05 AM, Rudy De Busscher<rdebusscher_at_gmail.com> wrote:
>>> I do wonder if the getCallerGroups() and getCallerRoles() methods are
>>> needed here. An authentication mechanism would not likely use these,
>>> right?
>>
>> Is indeed a good remark. What if some of those application don't need any
>> authorization, but just authentication.
> A main distinction is that CredentialValidationResult
> validate(Credential credential); works for the "current" caller (the
> caller currently providing credentials).
>
> Groups are available from CredentialValidationResult, which the
> authorization system can then use or not use.
>
> The getCallerGroups(String) and getCallerRoles(String) methods however
> now work for "every" caller name passed in, so unless they're solely
> intended for the static helper method shown above, it's more something
> that an admin UI or so may use instead of the
> authentication/authorization system. Or am I missing something?
>
> Kind regards,
> Arjan