Re: LDAP Annotation and Database Hashing Proposal


Will Hopkins
 

On July 24, 2017 7:52:22 AM EDT, arjan tijms <arjan.tijms@gmail.com> wrote:
Hi,

On Mon, Jul 24, 2017 at 1:40 PM, Will Hopkins <will.hopkins@oracle.com>
wrote:

Could we specify that it's not normal scoped, and inject a new
instance
that we remember and use for the lifetime of the process?
The one in the annotation is basically the base version of that. The
producer could be dependent scoped indeed.
Not sure I follow what you mean.

There's really no need for this to be fancy, it's a low level crypto
operation that will likely always operate one way for the lifetime of
a
given deployment. Doesn't seem like there's a big need for deferred
evaluation, etc.
I'd be okay with that as well, although then we could just as well make
the
producer ApplicationScoped.
I think the value of having it dependent scoped is that there could be more than one instance, each configured with different parameters. For any given instance, the parameters would never change, but if you had multiple identity stores, each one could have an instance of the algorithm that was configured differently, even if they all used the same algorithm. If it was application scoped, then every identity store in the app that wanted to use the same algorithm would have to use the same instance, and therefore the same parameters.


Kind regards,
Arjan Tijms
--
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803

Join javaee-security-spec@javaee.groups.io to automatically receive all group messages.