Author: [EMAIL PROTECTED]
Date: Thu Oct 2 05:50:22 2008
New Revision: 3696
Modified:
wiki/RpcAuth.wiki
Log:
Edited wiki page through web user interface.
Modified: wiki/RpcAuth.wiki
==============================================================================
--- wiki/RpcAuth.wiki (original)
+++ wiki/RpcAuth.wiki Thu Oct 2 05:50:22 2008
@@ -66,7 +66,23 @@
// Add additional methods to RemoteServiceServlet
class RemoteServiceServlet {
// May be called only during a request with an AuthToken to send back
- void setAuthToken(AuthToken token);
+ void setReturnAuthToken(AuthToken token);
+}
+
+// A convenience subclass
+class AuthorizedRemoteServiceServlet<T extends AuthToken> extends
RemoteServiceServlet implements RequiresAuthorization<T> {
+ // Gets the AuthToken associated with the current request
+ protected T getRequestAuthToken();
+
+ // Implement the tricky methods, since they require thread-awareness
+ public final void clearAuthToken();
+ public final void setAuthToken(T token, Method m) throws
InvalidAuthException;
+
+ // Post-request cleanup
+ protected void doClearAuthToken();
+
+ // Allow the end-user to inject validation logic
+ protected void doSetAuthToken(T token, Method m) throws
InvalidAuthException;
}
// The developer isn't required to implement this. We'll provide a default
@@ -109,28 +125,22 @@
Define the servlet code:
{{{
-class MyRemoteServiceImpl extends RemoteServiceServlet implements
MyRemoteService, RequiresAuthorization<AuthToken> {
- private AuthToken authToken;
-
- void clearAuthToken() {
- authToken = null;
- }
+class MyRemoteServiceImpl extends
AuthorizedRemoteServiceServlet<AuthToken> implements MyRemoteService {
void login(String username, String password) {
if (username.equals(password)) {
AuthToken authToken = new AuthToken();
// Register authToken.getUUID() in some kind of session-tracking
database
- setAuthToken(authToken);
+ setReturnAuthToken(authToken);
}
}
String restrictedMethod() {
- return authToken.getUUID();
+ return getRequestAuthToken().getUUID();
}
- void setAuthToken(AuthToken t, Method m) throws
InvalidAuthTokenException {
- // Check that the session-tracking db has t.getUUID(), that it's not
expired, etc.
- authToken = t;
+ void doSetAuthToken(AuthToken t, Method m) {
+ // Check token validity
}
}
}}}
@@ -168,29 +178,22 @@
The RemoteServiceServlet definition is similar, but note the differences:
{{{
-class MyRemoteServiceImpl extends RemoteServiceServlet implements
MyRemoteService, RequiresAuthorization<MyAuthToken> {
- private MyAuthToken authToken;
-
- void clearAuthToken() {
- authToken = null;
- }
-
+class MyRemoteServiceImpl extends
AuthorizedRemoteServiceServlet<MyAuthToken> implements MyRemoteService {
void login(String username, String password) {
if (username.equals(password)) {
String customerId = getCustomerIdForUsername(username);
MyAuthToken authToken = new MyAuthToken(customerId);
// Register authToken.getUUID() in some kind of session-tracking
database
- setAuthToken(authToken);
+ setReturnAuthToken(authToken);
}
}
String restrictedMethod() {
- return authToken.getUUID();
+ return getRequestAuthToken().getUUID();
}
- void setAuthToken(MyAuthToken t, Method m) throws
InvalidAuthTokenException {
+ void doSetAuthToken(MyAuthToken t, Method m) throws
InvalidAuthTokenException {
// Check that the session-tracking db has t.getUUID(), that it's not
expired, etc.
- authToken = t;
}
}
}}}
--~--~---------~--~----~------------~-------~--~----~
http://groups.google.com/group/Google-Web-Toolkit-Contributors
-~----------~----~----~----~------~----~------~--~---
