Hi everyone.
I had three big doubts in my mind, two of them I found answered here on Ranch, specifically to my assignment.
But I didn't see any
thread on the third one, maybe it's a problem just for me.
Here it goes:
In each Use Case's description, the first step is: The user enters username and password. Seriously, I've never worked in this way, I've always used container managed authentication and when the user has logged one time, there is no need to log again unless the session expires of course.
If I create the login mechanisms by myself, I could force authentication in every screen, but I'd be breaking the best practices. By other side, if I use container managed authentication, I'd be breaking the first step of all use cases. I did a good research here and I saw that most of times they describe the authentication as a global service and it's not my case.
I thought about writing a assumption, saying that the username and pass wouldn't be requested if the user was authenticated already. But I'd be breaking my own rules: "Stay true to the use cases."
Do you think it's acceptable to make this assumption?
Thanks in advance.