New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TASK: Separate security context and authentication manager #1407

Merged
merged 6 commits into from Nov 5, 2018

Conversation

Projects
None yet
4 participants
@kitsunet
Copy link
Member

kitsunet commented Oct 10, 2018

This contains a break up of the cross-dependency between
AuthenticationProviderManager and Security context.

First, a new TokenAndProviderFactory (with an interface) is
introduced to serve both the constructed tokens and providers
from the configuration. Additionally the session persistent
data was moved from the Context to the new SessionDataContainer
(marked internal). This makes the context a simple singleton to
the outside, avoiding duplication (security context injected
before the session was started would create a duplicate instance
without the session data (most notably some SQL security could
have that).

Additionally, it fixes ONE_PER_REQUEST CSRF protection tokens
which wouldn't correctly behave.

TASK: Separate security context and authentication manager
This contains a break up of the cross dependency between
AuthenticationProviderManager and Security context.

First a new TokenAndProviderFactory (with interface) is
introduced to serve both the constructed tokens and providers
from the configuration. Additionally the session persistent
data was moved from the Context to the new SessionDataContainer
(marked internal). This makes the context a simple singleton to
the outside, avoiding duplication (security context injected
before the session was started would create a duplicate instance
without the session data (most notably some SQL security could
have that).

Additionally it fixes ONE_PER_REQUEST CSRF protection tokens
which wouldn't correctly behave.
@kitsunet

This comment has been minimized.

Copy link
Member

kitsunet commented Oct 10, 2018

@bwaidelich This is the behaviour-changing part of the refactoring broken up :)

@albe
Copy link
Member

albe left a comment

Looks mostly good by reading. Good move once again Christian!

kitsunet added some commits Oct 24, 2018

@kdambekalns kdambekalns self-requested a review Nov 5, 2018

kitsunet and others added some commits Nov 5, 2018

Tweak method signatures a bit
Add void return type declarations and some throws tags.

@kdambekalns kdambekalns merged commit 7525737 into neos:master Nov 5, 2018

2 checks passed

continuous-integration/styleci/pr The analysis has passed
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@kdambekalns kdambekalns deleted the kitsunet:task/decouple-context-authenticationprovidermanager branch Nov 5, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment