[
https://issues.apache.org/jira/browse/SHINDIG-1645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13131589#comment-13131589
]
[email protected] commented on SHINDIG-1645:
--------------------------------------------------------
bq. On 2011-10-19 21:05:16, Matt Marum wrote:
bq. > Just some nitpicks. I'm good with the changes.
bq. >
bq. > I wish I knew if there was some special motivation in timestamping the
blobs as the means of enforcing expiration. If anybody has a problem with
changing this, now would be a good time to speak up. :)
bq. >
bq. > Matt
I wish I knew too :)
bq. On 2011-10-19 21:05:16, Matt Marum wrote:
bq. >
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java,
line 22
bq. > <https://reviews.apache.org/r/2396/diff/6/?file=51209#file51209line22>
bq. >
bq. > Import flux. Eclipse likes to reorder the imports when you organize
them. Adds unnecessary changes.
Thanks for the review! Does eclipse randomly reorder them or are they
reordered the same way generally for everyone?
If it's somewhat standard, I may just leave it this way. I constantly tell
eclipse to organize imports as I change things, and usually ignore the flux in
reviews.
- Dan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2396/#review2676
-----------------------------------------------------------
On 2011-10-20 12:56:57, Dan Dumont wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/2396/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2011-10-20 12:56:57)
bq.
bq.
bq. Review request for shindig, Matt Marum, Ryan Baxter, Eric Woods, li xu,
Jesse Ciancetta, and Stanton Sievers.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. Long diffs... but before I make any more progress, I want to make sure
that everyone agrees that this cleanup is sound.
bq.
bq. Major things of note:
bq. SecurityToken interface has token expiration built into it, yet crypters
were timestamping maps before encoding them and throwing exceptions during
decrypt if the timestamp was too old. This bypassed the meaning of the
expiration values in the tokens. It also seemed like the crypter was a
terrible place to be doing this. Now, all tokens that claim support for the
expire key will now have actual expire times instead of timestamps tacked on to
the tokens.
bq.
bq. Expiration setting and checking has been moved into the token.
bq. Codecs are now responsible for enforcing token expirations, not crypters.
bq. AbstractSecurityToken has gotten a major face-lift. It now includes an
Enum for various popular token keys and many utility methods for handling token
to Map and Map to token conversions.
bq.
bq. Some OAuth code changes were necessary as they depended on former crypter
token timestamping. For the most part, I tried to leave the code alone because
I'm not familiar with it. This has meant that an awkward, but functional
implementation of an OAuthClientState is actually an extention of
AbstractSecurityToken... It seemed to almost make sense for all the work it
was doing...
bq.
bq. I'll make a jira before this gets submitted, as I'm not sure how close to
the final design this will be.
bq.
bq.
bq. This addresses bug SHINDIG-1645.
bq. https://issues.apache.org/jira/browse/SHINDIG-1645
bq.
bq.
bq. Diffs
bq. -----
bq.
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AbstractSecurityToken.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AnonymousSecurityToken.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BasicSecurityToken.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BasicSecurityTokenCodec.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityToken.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/DefaultSecurityTokenCodec.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/SecurityToken.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/SecurityTokenCodec.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BlobCrypter.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BlobExpiredException.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BasicSecurityTokenCodecTest.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/DefaultSecurityTokenCodecTest.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/UrlParameterAuthenticationHandlerTest.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/testing/FakeGadgetToken.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/config/ShindigAuthConfigContributor.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthCallbackState.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthCallbackStateToken.java
PRE-CREATION
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthClientState.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerService.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthClientStateTest.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/MockUtils.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerServiceTest.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerTest.java
1184753
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthSecurityToken.java
1184753
bq.
bq. Diff: https://reviews.apache.org/r/2396/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq. Tests have been updated with the interface changes and all currently pass.
bq.
bq. Tests that tested crypter expiration/timestamp enforcement have been
removed.
bq.
bq.
bq. Thanks,
bq.
bq. Dan
bq.
bq.
> Refactor security token implementation to utilize existing APIs for expires
> and clean up code.
> ----------------------------------------------------------------------------------------------
>
> Key: SHINDIG-1645
> URL: https://issues.apache.org/jira/browse/SHINDIG-1645
> Project: Shindig
> Issue Type: Improvement
> Reporter: Dan Dumont
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
