stormpath / stormpath-spring-security Goto Github PK
View Code? Open in Web Editor NEWSpring Security plugin for Stormpath
Spring Security plugin for Stormpath
Currently, the StormpathUserDetails object retains the user's password after a successful authentication, this must be fixed to clear the password and not keeping it in the session.
The logic in lookupPermissionStrings
appears to indicate that the CustomDataPermissionsEditor
expects the CustomData
for a user to include a key named fieldName
whose value is some Collection<String>
, but the verification logic is a bit odd, and it throws an inappropriate exception for the point at which it's validating that assumption.
fieldName
key?Collection
contents of the key have a different contained type, is it better to throw an exception or coerce them all through toString
?I note that your code tends to be space-formatted instead of tab-formatted (Eclipse defaults to 4-space tabs inline). Is this a particular formatting choice for your project that submissions need to match?
This library and the core stormpath libraries are out of sync. With 1.0.beta, there were some interfaces that got broken, namely the client builder.
While the purpose of SpringSecurityResolvedAccountFilter is clear to me, I have a feeling it should not produce a new Authentication every time it runs. Each authentication means reading the Groups the user is member of, and this is very costly as collections are not (yet) cached.
I think the SpringSecurityResolvedAccountFilter should check if the current Authentication (the user href inside the UserDetails) matches the account resolved from request (probably from cookie param). Only if the authentication in the context does not match, or does not exist, a new authentication should be performed.
I've modified the filter to meet those needs and it works quite good, eliminating the communication to Stormpath on every possible request. The performance gains are very noticable, esp. where there are a lot of resources to load (css, js, images)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.