[Yanel-dev] [Bug 7164] handle forgotten passwords

[Michael Wechner]

Michael Wechner schrieb:
>>> How can I access a single repository so that
>>> multiple boxes can access the same data? I would like to have a central
>>> repository where I can store random generated id, email, expiration 
>>> date/time
>>> to manage the forgot pw.
>>
>> You could use the data repository of the realm your resource-type is 
>> running in, see 
>> org.wyona.yanel.core.Resource.getRealm().getRepository().
>> Or maybe as was said as the info really does not need to be persisted 
>> long-term we could use the HTTP session if we can bear that 
>> session-replication would have to be activated in a clustered setup 
>> just for that.
>>
>> WDYOT?
>
> I think it should be persistent (even if we have session replication), 
> whereas I would not use the default data repository, but rather the 
> access control identities repository:
>
> Resource.getRealm().getIdentityManager().getRepository()
>
> but for a good reason the method getIdentityManager().getRepository() 
> does not exist ;-)
>
> because the IdentityManager API should not depend on Yarep.
>
> Any suggestions ;-)
>
> (I will also think some more about it)


btw org.wyona.security.core.api.PolicyManager.getPoliciesRepository()

exists, whereas I think this is bad. It seems to be used by

src/contributions/resources/yanel-user/src/java/org/wyona/yanel/impl/resources/YanelUserResource.java
src/core/java/org/wyona/yanel/core/Yanel.java

whereas in the case of Yanel.java it is part of  a  code block which is 
commented.

We cannot remove, because it  is a  public method and probably third 
parties are using this method, but
I think we should deprecate it and introduce methods which make it 
independent of a Yarep repository.

Cheers

Michael