[jira] [Commented] (SHINDIG-1859) Make gadget token TTL configurable

Sun, 26 Aug 2012 14:10:12 -0700 

    [ 
https://issues.apache.org/jira/browse/SHINDIG-1859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442189#comment-13442189
 ] 

Stanton Sievers commented on SHINDIG-1859:
------------------------------------------

I started looking at how this could be implemented and I think the problem is 
going to be non-trivial.  The difficulty arises because it's unclear where the 
responsibility of knowing a token's TTL falls: the SecurityTokenCodec or the 
SecurityToken.  

Here's the current state of things:
- The SecurityTokenCodec currently has a method on the interface for getting 
the TTL.  
- The SecurityToken, on the other hand, does not such an method.
- The SecurityToken does not know about codecs.
- The AbstractSecurityToken utilizes a hard-coded TTL when determining its 
expire time.  
- GadgetHandlerService uses the SecurityTokenCodec's TTL when providing the TTL 
in metadata reponses.  It does something similar for token refresh requests.

The last point is really where things get tricky.  During a metadata request, 
we don't have a handle to a SecurityToken object at all, as it has already been 
encoded and stuck on the iframeurl by the IframeUriManager.  Thus, even if the 
token were to know about its TTL, we wouldn't be able to get at it in this case.

If the SecurityTokenCodec is to be solely responsible for TTL then it will need 
to tell the tokens their TTL at create time and the current API on the 
SecurityTokenCodec interface will need to be updated to take a container 
reference, since the TTL should really be in the container config and not a 
server-wide config.


                
> Make gadget token TTL configurable
> ----------------------------------
>
>                 Key: SHINDIG-1859
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1859
>             Project: Shindig
>          Issue Type: Improvement
>          Components: Java
>    Affects Versions: 2.5.0-beta3
>            Reporter: Dan Dumont
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to