You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Consider refactoring external authentication implementations out of the user service
definition.
This will eliminate the need for all realm.NNN.backingUserService settings and may
simplify other bits. It may also accommodate multiple, simultaneous authentication
implementations.
Ideas:
1. All of the subclasses of GitblitUserService need to become implementations of com.gitblit.IAuthenticationService.
2. GitblitUserService can likely go away
3. IUserService & ConfigUserService will stay, but IUserService will get a new method
to setAuthenticationServices(List<IAuthenticationService>).
4. ConfigUserService.authenticate will need to check if the account is a local account
and if not cycle through the List<IAuthenticationService> and attempt to authenticate
the credentials.
5. IAuthenticationService should have an authenticate(IUserService service, String
username, char [] password) method. This will allow the authentication service to
callback to the userservice continue creating/updating user models.
There may be some gotchas here - especially supporting multiple authentication services.
I have not thought this all out.
Reported by James.Moger on 2013-07-25 17:02:18
The text was updated successfully, but these errors were encountered:
One question to consider is if the local or the external account should take precedence.
The scenario I have in mind is that I connect Gitblit to an external authentication
service with existing users. Now all users existing in that service could log in, but
without additional permissions. In order to set the permissions, I have to edit them
user within Gitblit.
If the local account takes precedence, I have to wait until the user did log in at
least once before I can edit him and add permissions.
If the external account takes precedence, then I can edit the user at any time, add
permissions and attributes, and when the user logs in for the first time, he can still
use his password stored in the external service.
(See the realm.htpasswd.overrideLocalAuthentication setting.)
Authentication has been removed from the IUserService classes and the existing external
services have been refactored into AuthenticationProviders. There are probably some
scenarios which will need to be accounted for, but I believe the new architecture is
an improvement.
Originally reported on Google Code with ID 281
Reported by
James.Moger
on 2013-07-25 17:02:18The text was updated successfully, but these errors were encountered: