I'm wondering, if I'm writing my implementation of IHybridRealm, is the AppServer thread (or agent) locked for the duration of the authentication process or do I have to assume that every step (usernumber, pwd validation) is on a different thread/agent. In the latter case I have to refetch the user for every step and that's potentially costly in an OERA environment.
The OERealm client makes a Session-Free connection to the AppServer, and like all Session-Free clients each request will get dispatched to a different [Agent] ABL session to execute in. So your IHybridRealm interface's implementation has to refetch the user account information each time.
I'm wondering, if I'm writing my implementation of IHybridRealm, is the AppServer thread (or agent) locked for the duration of the authentication process or do I have to assume that every step (usernumber, pwd validation) is on a different thread/agent. In the latter case I have to refetch the user for every step and that's potentially costly in an OERA environment.
Flag this post as spam/abuse.
Well that's not entirely what I meant.
If one tries to authenticate via IHybridRealm, first the ValidateUser method is called. This ValidateUser method is supposed to return and integer representing the user (so, username in, integer out). The second step of the process is that the method ValidatePassword is called with inputs: usernumber (the integer you just returned) and the password.
I suppose it's done this way so the usercode and password don't have to be sent from the REST adapter to the AppServer in one go (and assumes the underlying database has a user number for Id and is not using a guid for that, but that's a different story.
So in short, the methods ValidateUser and ValidatePassword are called. My question was if this is done in the same thread/agent.
The OERealm client makes a Session-Free connection to the AppServer, and like all Session-Free clients each request will get dispatched to a different [Agent] ABL session to execute in. So your IHybridRealm interface's implementation has to refetch the user account information each time.
Or in other words, is the AppServer bound (yikes) between calling ValidateUser & ValidatePassword.
Our post crossed, thanks Michael. Although from a performance point of view that's not what I hoped for, it's logical.
And the implementation of IHybridRealm, is that a singleton?
to answer my own question, yes this is a singleton.