| Proves that a user has successfully logged in. The existence of an
Authorization object indicates that a person has logged in correctly
and has authentication to act as the user associated with the
authentication. An instance of this object can be obtained from an
AuthorizationFactory and must be passed in to to get an intstance of
ForumFactory.
In the case of using the core forum services through a web interface, the
expected behavior is to have a user login and then store the Authorization
object in their session.
(Note by Matt) It's my opinion that this authorization method needs better
security. At the moment, this method is certainly ok if forum skins
can be trusted. However, the security goal has always been to protect as
much as possible against malicious skins. Therefore, the implementation of
this class will be changed in the near future to use signed objects. Some
thought will have to be given to a public/private key management system, so
I'm going to delay implementing it for now. This means -- be sure you can
trust your skins!!
See Also: AuthorizationFactory See Also: ForumFactory |