...
I do not understand what is the advantage of giving up SWF/MVC capability to deal with lower level concerns like state management, http request binding and validation over re-inventing custom mechanisms to do essentially the same. I'd rather concentrate on the business domain of authentication/assurance than re-inventing the wheel. (Dmitriy Kopylenko)
From Jérôme Leleu : I'd like to avoid pollution on this document, but this requires an answer. I may not have been very clear, but this document must be cross-read with the first LOA spec and for both, the reader must focus on concepts more than on technical implementations details which may be discussed futher. Last tuesday, we had a conf call and this point (using or not SWF) was a key discussion : if I understood everything clearly, we came to the loose agreement of using SWF.
An CredentialsGatherer is a way to get Credentials. Each CredentialsGatherer is defined to support a kind of Credentials it will return when called.
This concept replaces the AuthenticationViaFormAction and AbstractNonInteractiveCredentialsAction.
...