Hi,
I know I'm a bit late in the party to propose a change like this, but I
don't like the IdentityStore returning an enum to specify wether it does
authentication or authorization.
Would be a lot more OOP to split the interface into
AuthenticationIdentityStore and AuthorizationIdentityStore, each one with
its particular methods. The IdentityStore interface could be retained
extending the other two. The implementation would just do an instanceof
check.
A similar pattern is used on JAX-RS filters, with a ContainerRequestFilter
and a ContainerResponseFilter.
The only drawback of this proposal would be that a class extending an
identity store that is capable both of authentication and authorization
would have no way to express that now is capable of only one.
But I don't think the API is designed to work that way and anyway, thar
wouldn't ve very correct OOP (an extender should not restrict the features
of the extended).
What do you think about this?
Regards,
Guillermo González de Agüero