----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2362/ -----------------------------------------------------------
(Updated 2011-10-24 20:26:34.157165) Review request for shindig, Ryan Baxter, Dan Dumont, and Jesse Ciancetta. Changes ------- Adding the dev list. Pardon the large backlog of discussion. I wanted to make sure this approach was sane before getting everyone involved. Summary ------- Currently, org.apache.shindig.auth.BlobCrypterSecurityTokenCodec.loadContainers(ContainerConfig, Collection<String>, Map<String, BlobCrypter>, Map<String, String>) reads an encryption key from a keyfile to instantiate the BlobCrypter. The keyfile is defined in the container.js. An improvement to this behavior would be to provide an injectable KeyProvider class that can return the key. This would allow the key to reside anywhere instead of in a static keyfile. Initial review to Dan, Ryan, and Jesse. Once we've decided that this seems like a rational approach, I'll add the dev list. This patch depends on https://reviews.apache.org/r/2467/ This addresses bug SHINDIG-1636. https://issues.apache.org/jira/browse/SHINDIG-1636 Diffs ----- http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BasicSecurityTokenCodec.java 1187375 http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1187375 http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/DefaultSecurityTokenCodec.java 1187375 http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/KeyFileKeyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/KeyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1187375 http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/DefaultSecurityTokenCodecTest.java 1187375 http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/KeyFileKeyProviderTest.java PRE-CREATION Diff: https://reviews.apache.org/r/2362/diff Testing ------- Updated and ran existing JUnits. Created new JUnits for the new KeyFileKeyProvider. Performed manual functional tests with encrypted security tokens in the sample common container. Thanks, Stanton
