Details
-
Task
-
Resolution: Done
-
Critical
-
None
-
None
Description
We need to add the ability to plug in custom user store implementations - this will mean that should users and their passwords and roles be stored somewhere that we do not currently integrate with a custom store can be implemented to provide the bridge for username / password authentication.
This should be provided in the form of a SPI as we will need clearly identify what these user stores can access and provide interfaces they can implement while being sure of backwards compatibility.
This task will need to take into account both the loading of passwords based on usernames and realms and separately the loading of the roles. Implementations are free to manage their own connections but this should also contain support for using outbound connections defined in the domain model. The authentication process and role loading process occurs as two steps so this connection management should allow a connection to be shared by both steps.
As a two step process this should also cope with state potentially being passed from step 1 to step 2 - i.e. an implementation may choose to load everything it knows about a user in step 1 and just return it in step 2.
If a pluggable step is used in either step it should still be possible to use an AS provided mech for the other step.
