Uploaded image for project: 'Trusted authentication framework'
  1. Trusted authentication framework
  2. TRUSTAUTH-8

When the persistence store is trusted, there is no easy way to switch to another user

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1
    • Fix Version/s: 1.2
    • Component/s: API
    • Labels:
      None
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      When the persistent store contains an authenticated user, and the store is configured as trusted, receiving a different user authentication from the trusted adapter is not possible, since the adapter is not even asked.

      I propose to implement an intermediary solution, where the persistent store is partially trusted. In this mode, the adapter is asked for the userId at every request, and if it return a not null value, this value is compared to the store. If the value match, the user is authenticated, if not, a new authentication occurs as usual.

      So this is basically like the NOT trusted persistent store, except that if the adapter return null, the previously authenticated user is kept.

        Attachments

          Activity

            People

            • Assignee:
              softec Denis Gervalle
              Reporter:
              softec Denis Gervalle
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: