[Yanel-dev] [Bug 7164] handle forgotten passwords
Michael Wechner
michael.wechner at wyona.com
Fri Jun 26 11:23:22 CEST 2009
Michael Wechner schrieb:
>>> How can I access a single repository so that
>>> multiple boxes can access the same data? I would like to have a central
>>> repository where I can store random generated id, email, expiration
>>> date/time
>>> to manage the forgot pw.
>>
>> You could use the data repository of the realm your resource-type is
>> running in, see
>> org.wyona.yanel.core.Resource.getRealm().getRepository().
>> Or maybe as was said as the info really does not need to be persisted
>> long-term we could use the HTTP session if we can bear that
>> session-replication would have to be activated in a clustered setup
>> just for that.
>>
>> WDYOT?
>
> I think it should be persistent (even if we have session replication),
> whereas I would not use the default data repository, but rather the
> access control identities repository:
>
> Resource.getRealm().getIdentityManager().getRepository()
>
> but for a good reason the method getIdentityManager().getRepository()
> does not exist ;-)
>
> because the IdentityManager API should not depend on Yarep.
>
> Any suggestions ;-)
>
> (I will also think some more about it)
btw org.wyona.security.core.api.PolicyManager.getPoliciesRepository()
exists, whereas I think this is bad. It seems to be used by
src/contributions/resources/yanel-user/src/java/org/wyona/yanel/impl/resources/YanelUserResource.java
src/core/java/org/wyona/yanel/core/Yanel.java
whereas in the case of Yanel.java it is part of a code block which is
commented.
We cannot remove, because it is a public method and probably third
parties are using this method, but
I think we should deprecate it and introduce methods which make it
independent of a Yarep repository.
Cheers
Michael
More information about the Yanel-development
mailing list