J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource… WAT??


WAT? This hilarious talk about the incredible quirks of JavaScript had been going around on Twitter and other media. In case you haven’t already, take a look at it here:

https://www.destroyallsoftware.com/talks/wat

Speaking of WAT, let’s talk about Spring Security. Spring has undertaken great effort to replace the clumsy, verbose parts of J2EE to replace them with straightforward and intuitive APIs. In Spring Security, you will find great features like the eraseCredentialsAfterAuthentication property, which keeps you from accidentally letting credentials lie around. Accidentally. What, like printing them to the standard out, or to the HTML document?? If this happens to you accidentally, then you might have a lot of other problems, too. Frameworks helping people to avoid such accidents remind me of PHP and this interesting post about how fundamentally broken PHP is:

http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/

If you’ve ever heard about PHP’s abominable “magic quotes”, you’ll understand what I mean.

More examples

There’s more. Spring has incredibly specialised API types, such as:

  • J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
  • PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
  • PreAuthenticatedGrantedAuthoritiesAuthenticationDetails
  • GrantedAuthorityFromAssertionAttributesUserDetailsService
  • MutableGrantedAuthoritiesContainer
  • MethodSecurityMetadataSourceBeanDefinitionParser
  • AbstractUserDetailsServiceBeanDefinitionParser

Wow. I didn’t know Java identifiers were even allowed to be that long. And there’s more. Consider the package names (line break introduced artificially for improved readability):

org.springframework.security.web
   .authentication.preauth.websphere
   .WebSpherePreAuthenticatedWebAuthenticationDetailsSource

Note the repetition of concepts in both package and class names:

  • 2x “web”
  • 4x “authentication” (out of which 2x “pre-authenticated”)
  • 2x “websphere

For all of you who weren’t aware that the class browsing frame in the regular Javadoc frameset has a horizontal scrollbar, I invite you to navigate through the incredible verbosity of Spring Security:

http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/index.html

</rant>

Tags: , , , , , , ,

9 responses to “J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource… WAT??”

  1. Gary Fleming says :

    I’d be willing to bet that a Markov-chain generated class name (based on Spring Security) would be indistinguishable from the real thing.

    • lukaseder says :

      Haha, very nice. You can calculate the probability of such a generator to produce an AuthenticatorAuthenticatedAuthenticationAuthenticatingAuthenticatorCator

  2. Eric Schwarzenbach says :

    Ah Spring security. Last time I tried to use it I was trying to figure out how to do something relatively simple (I thought) but which was not exactly like anything the manual showed. I kept finding explanations on the web and example code, and would find that they did not work, because they were for different versions of it. That’s the nice thing about Spring, I guess. Don’t like their recommended way of doing something? No problem, wait a release or two, and it will surely be different…

    I think next time I may try Shiro: http://shiro.apache.org/

  3. moondowner says :

    It get’s the job done? Yes.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 1,838 other followers

%d bloggers like this: