+1 JIRA has been created.
https://wso2.org/jira/browse/IDENTITY-2771 On Mon, Oct 6, 2014 at 10:06 AM, Darshana Gunawardana <[email protected]> wrote: > Better to create JIRA and attach the suggested refactored code as a patch.. > > On Mon, Oct 6, 2014 at 10:02 AM, Gayan Gunawardana <[email protected]> wrote: > >> AccessTokenIssuer >> >> *Current Implementation* >> >> boolean isAuthenticated; >> if(clientAuthHandler != null){ >> isAuthenticated = >> clientAuthHandler.authenticateClient(tokReqMsgCtx); >> } else { >> isAuthenticated = true; >> } >> >> >> boolean isValidGrant = authzGrantHandler.validateGrant(tokReqMsgCtx); >> boolean isAuthorized = >> authzGrantHandler.authorizeAccessDelegation(tokReqMsgCtx); >> boolean isValidScope = authzGrantHandler.validateScope(tokReqMsgCtx); >> >> if (!isAuthenticated) { >> //handle error >> } >> if (!isValidGrant) { >> //handle error >> } >> if (!isAuthorized) { >> //handle error >> } >> if (!isValidScope) { >> //handle error >> } >> >> In this case even authentication fails it goes to grant validation even >> grant validation fails it goes to authorized validation and even all three >> fails it goes to scope validation. As an improvement proposed solution >> would be handle errors at the movement they have detected. >> >> *Re-factored Code * >> >> boolean isAuthenticated; >> if(clientAuthHandler != null){ >> isAuthenticated = >> clientAuthHandler.authenticateClient(tokReqMsgCtx); >> } else { >> isAuthenticated = true; >> } >> >> if (!isAuthenticated) { >> //handle error >> } >> >> boolean isValidGrant = authzGrantHandler.validateGrant(tokReqMsgCtx); >> if (!isValidGrant) { >> //handle error >> } >> >> boolean isAuthorized = >> authzGrantHandler.authorizeAccessDelegation(tokReqMsgCtx); >> if (!isAuthorized) { >> //handle error >> } >> >> boolean isValidScope = authzGrantHandler.validateScope(tokReqMsgCtx); >> if (!isValidScope) { >> //handle error >> } >> >> Thanks, >> Gayan >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: [email protected] >> Mobile: +94 (71) 8020933 >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Regards, > > > *Darshana Gunawardana*Software Engineer > WSO2 Inc.; http://wso2.com > > *E-mail: [email protected] <[email protected]>* > *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
