[jira] [Updated] (CAUSEWAY-3939) Viewmodel Bookmark Overhaul

[Andi Huber (Jira)]

     [ 
https://issues.apache.org/jira/browse/CAUSEWAY-3939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andi Huber updated CAUSEWAY-3939:
---------------------------------
    Description: 
Adds digital signing to _viewmodel_ bookmark identifiers as well as 
value-mementos when encoding these into URL fragments.

Client requests are now verified against a server-side private key. On 
verification failure a *DigitalVerificationException* gets thrown.

We introduced a *HmacAuthority* bean, that is responsible for the signing and 
verifying. A default/auto-configured implementation is provided, that generates 
an application scoped random secret. However, framework consumers may register 
their own variant with Spring.

Implementation Details:

The framework has 5 *ViewmodelFacet* implementations which act as converters 
from _viewmodel_ instance to URL fragment and vice versa. This conversions do 
now honor digital signing and verification by delegating the low level byte 
array processing to the registered *HmacAuthority* bean.

The framework has an internal utility that allows to exchange named values 
between server and client. The underlying data structure is a Java 
HashMap<String, Serializable>, wrapped by a so called *Memento* record.

Those Mementos now also honor digital signing and verification similar to the 
ViewmodelFacets.

 

  was:Just a thought.


> Viewmodel Bookmark Overhaul
> ---------------------------
>
>                 Key: CAUSEWAY-3939
>                 URL: https://issues.apache.org/jira/browse/CAUSEWAY-3939
>             Project: Causeway
>          Issue Type: Improvement
>            Reporter: Andi Huber
>            Assignee: Andi Huber
>            Priority: Minor
>             Fix For: 3.5.0
>
>
> Adds digital signing to _viewmodel_ bookmark identifiers as well as 
> value-mementos when encoding these into URL fragments.
> Client requests are now verified against a server-side private key. On 
> verification failure a *DigitalVerificationException* gets thrown.
> We introduced a *HmacAuthority* bean, that is responsible for the signing and 
> verifying. A default/auto-configured implementation is provided, that 
> generates an application scoped random secret. However, framework consumers 
> may register their own variant with Spring.
> Implementation Details:
> The framework has 5 *ViewmodelFacet* implementations which act as converters 
> from _viewmodel_ instance to URL fragment and vice versa. This conversions do 
> now honor digital signing and verification by delegating the low level byte 
> array processing to the registered *HmacAuthority* bean.
> The framework has an internal utility that allows to exchange named values 
> between server and client. The underlying data structure is a Java 
> HashMap<String, Serializable>, wrapped by a so called *Memento* record.
> Those Mementos now also honor digital signing and verification similar to the 
> ViewmodelFacets.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)