[jira] [Commented] (SHINDIG-1645) Refactor security token implementation to utilize existing APIs for expires and clean up code.

[jirapos...@reviews.apache.org (Commented) (JIRA)]

    [ 
https://issues.apache.org/jira/browse/SHINDIG-1645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13131658#comment-13131658
 ] 

jirapos...@reviews.apache.org commented on SHINDIG-1645:
--------------------------------------------------------



bq.  On 2011-10-19 21:05:16, Matt Marum wrote:
bq.  > 
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java,
 line 22
bq.  > <https://reviews.apache.org/r/2396/diff/6/?file=51209#file51209line22>
bq.  >
bq.  >     Import flux.  Eclipse likes to reorder the imports when you organize 
them.  Adds unnecessary changes.
bq.  
bq.  Dan Dumont wrote:
bq.      Thanks for the review!  Does eclipse randomly reorder them or are they 
reordered the same way generally for everyone?
bq.      If it's somewhat standard, I may just leave it this way.   I 
constantly tell eclipse to organize imports as I change things, and usually 
ignore the flux in reviews.

I use Eclipse and do the same thing.  I've been dinged in previous reviews so 
I'm just spreading the love. :)

Eclipse has preferences that affects the order of imports when you organize 
them.  However, not everybody working on Shindig is using Eclipse.


- Matt


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2396/#review2676
-----------------------------------------------------------


On 2011-10-20 12:56:57, Dan Dumont wrote:
bq.  
bq.  -----------------------------------------------------------
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/2396/
bq.  -----------------------------------------------------------
bq.  
bq.  (Updated 2011-10-20 12:56:57)
bq.  
bq.  
bq.  Review request for shindig, Matt Marum, Ryan Baxter, Eric Woods, li xu, 
Jesse Ciancetta, and Stanton Sievers.
bq.  
bq.  
bq.  Summary
bq.  -------
bq.  
bq.  Long diffs... but before I make any more progress, I want to make sure 
that everyone agrees that this cleanup is sound.
bq.  
bq.  Major things of note:
bq.  SecurityToken interface has token expiration built into it, yet crypters 
were timestamping maps before encoding them and throwing exceptions during 
decrypt if the timestamp was too old.  This bypassed the meaning of the 
expiration values in the tokens.  It also seemed like the crypter was a 
terrible place to be doing this.  Now, all tokens that claim support for the 
expire key will now have actual expire times instead of timestamps tacked on to 
the tokens.
bq.  
bq.  Expiration setting and checking has been moved into the token.  
bq.  Codecs are now responsible for enforcing token expirations, not crypters.
bq.  AbstractSecurityToken has gotten a major face-lift.  It now includes an 
Enum for various popular token keys and many utility methods for handling token 
to Map and Map to token conversions.
bq.  
bq.  Some OAuth code changes were necessary as they depended on former crypter 
token timestamping.  For the most part, I tried to leave the code alone because 
I'm not familiar with it.  This has meant that an awkward, but functional 
implementation of an OAuthClientState is actually an extention of 
AbstractSecurityToken...   It seemed to almost make sense for all the work it 
was doing...
bq.  
bq.  I'll make a jira before this gets submitted, as I'm not sure how close to 
the final design this will be.
bq.  
bq.  
bq.  This addresses bug SHINDIG-1645.
bq.      https://issues.apache.org/jira/browse/SHINDIG-1645
bq.  
bq.  
bq.  Diffs
bq.  -----
bq.  
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AbstractSecurityToken.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AnonymousSecurityToken.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BasicSecurityToken.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BasicSecurityTokenCodec.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityToken.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/DefaultSecurityTokenCodec.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/SecurityToken.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/SecurityTokenCodec.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BlobCrypter.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BlobExpiredException.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BasicSecurityTokenCodecTest.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/DefaultSecurityTokenCodecTest.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/UrlParameterAuthenticationHandlerTest.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/testing/FakeGadgetToken.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/config/ShindigAuthConfigContributor.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthCallbackState.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthCallbackStateToken.java
 PRE-CREATION 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthClientState.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerService.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthClientStateTest.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/MockUtils.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerServiceTest.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerTest.java
 1184753 
bq.    
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthSecurityToken.java
 1184753 
bq.  
bq.  Diff: https://reviews.apache.org/r/2396/diff
bq.  
bq.  
bq.  Testing
bq.  -------
bq.  
bq.  Tests have been updated with the interface changes and all currently pass.
bq.  
bq.  Tests that tested crypter expiration/timestamp enforcement have been 
removed.
bq.  
bq.  
bq.  Thanks,
bq.  
bq.  Dan
bq.  
bq.


                
> Refactor security token implementation to utilize existing APIs for expires 
> and clean up code.
> ----------------------------------------------------------------------------------------------
>
>                 Key: SHINDIG-1645
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1645
>             Project: Shindig
>          Issue Type: Improvement
>            Reporter: Dan Dumont
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira