Better to create JIRA and attach the suggested refactored code as a patch..
On Mon, Oct 6, 2014 at 10:02 AM, Gayan Gunawardana <[email protected]> wrote: > AccessTokenIssuer > > *Current Implementation* > > boolean isAuthenticated; > if(clientAuthHandler != null){ > isAuthenticated = > clientAuthHandler.authenticateClient(tokReqMsgCtx); > } else { > isAuthenticated = true; > } > > > boolean isValidGrant = authzGrantHandler.validateGrant(tokReqMsgCtx); > boolean isAuthorized = > authzGrantHandler.authorizeAccessDelegation(tokReqMsgCtx); > boolean isValidScope = authzGrantHandler.validateScope(tokReqMsgCtx); > > if (!isAuthenticated) { > //handle error > } > if (!isValidGrant) { > //handle error > } > if (!isAuthorized) { > //handle error > } > if (!isValidScope) { > //handle error > } > > In this case even authentication fails it goes to grant validation even > grant validation fails it goes to authorized validation and even all three > fails it goes to scope validation. As an improvement proposed solution > would be handle errors at the movement they have detected. > > *Re-factored Code * > > boolean isAuthenticated; > if(clientAuthHandler != null){ > isAuthenticated = > clientAuthHandler.authenticateClient(tokReqMsgCtx); > } else { > isAuthenticated = true; > } > > if (!isAuthenticated) { > //handle error > } > > boolean isValidGrant = authzGrantHandler.validateGrant(tokReqMsgCtx); > if (!isValidGrant) { > //handle error > } > > boolean isAuthorized = > authzGrantHandler.authorizeAccessDelegation(tokReqMsgCtx); > if (!isAuthorized) { > //handle error > } > > boolean isValidScope = authzGrantHandler.validateScope(tokReqMsgCtx); > if (!isValidScope) { > //handle error > } > > Thanks, > Gayan > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Regards, *Darshana Gunawardana*Software Engineer WSO2 Inc.; http://wso2.com *E-mail: [email protected] <[email protected]>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
