Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [es-dev] Redundant getCallerName and getCallerGroups in OpenIdContext?
What's the value of getCallerName over getCallerPrincipal and have something proprietaty if the standard offers a unified way that supports multiple Authentication mechanisms, not just OpenID Connect?

There seems more value in the getCallerGroups method as at least SecurityContext one of has to query a little more complex, but e.g. Spring Security does not duplicate things either.
Spring relies a lot on inheritence so the OicdUser is just a subclass of its Principal element but there is no redundant method name there either.

The whole groups Design also looks different via just claims, so the getCallerGroups can be seen as a convenience method.

I highly recommend avoiding redundancies. You can always add things later but it's very hard to remove something from a standard.

Not offering it in 10, well it's been in Spring for over 3 years now, so how long should we wait?
Plus wasn't it in 9 already or did TomEe put something premature into 9?
https://tomee.apache.org/jakartaee-9.0/javadoc/jakarta/security/enterprise/identitystore/openid/OpenIdContext.html#getCallerName--



Rudy De Busscher <rdebusscher@xxxxxxxxx> schrieb am Do., 17. März 2022, 22:38:
They return the callerName and Groups for the OpenId since they are located in the OpenIdContext class. Having it not in OpenIdContext means that developers also need the SecurityContext to retrieve all the info, even in the case when they just want to use OpenIdConnect.

But we never had any discussion in this group about what OpenId integration should look like. And thus I stand by my statement I made before, Openid Connect should not have been part of Jakarta EE 10 release as there was no proper discussion and we will release something that is not validated by a wider group of people.

Rudy.

On Thu, 17 Mar 2022 at 21:00, arjan tijms <arjan.tijms@xxxxxxxxx> wrote:
Hi,

In the OpenIdContext there are the two following methods:

  /**
     * @return the caller name of the validated caller
     */
    String getCallerName();

    /**
     * @return the groups associated with the caller
     */
    Set<String> getCallerGroups();

These methods are somewhat redundant, as the SecurityContext is the central place for this. They are also not giving back the actual callerName or groups when, for instance, additional identity stores are used.

As it stands now, they only return what the OpenID Provider returned. Whas that the intention of these methods? If so, we probably should clarify their limited usage. If not, we may better remove them.

Thoughts?

Kind regards,
Arjan

 
_______________________________________________
es-dev mailing list
es-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/es-dev
_______________________________________________
es-dev mailing list
es-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/es-dev

Back to the top