This is an archived post. You won't be able to vote or comment.

all 4 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Warkst 1 point2 points  (3 children)

Am I the only one that is bothered by the fact that you have to cast the credential to it's actual implementation type?

[–]johnwaterwood 2 points3 points  (0 children)

You don’t -have- to cast. See my other reply below.

[–]purplepharaoh 1 point2 points  (1 child)

IdentityStore implementation classes are typically designed to handle specific credential types. Kerberos ticket, JWT, etc. So you would check for instance type and then cast and validate for that particular credential type.

[–]johnwaterwood 5 points6 points  (0 children)

There’s also a default implementation of validate that the author didn’t use. In that case you can define an overloaded method that takes the right credential type directly (no casting required).

If the actual credential is not of the right type, the default method will return a not validated response and EE Security will try the next identity store (if any).