Andreas Kohn created SHINDIG-1950:
-------------------------------------
Summary: Factor out creation of the SecurityToken in
OAuth2AuthenticationHandler
Key: SHINDIG-1950
URL: https://issues.apache.org/jira/browse/SHINDIG-1950
Project: Shindig
Issue Type: Improvement
Components: Java
Affects Versions: 2.5.0-update1
Reporter: Andreas Kohn
OAuth2AuthenticationHandler handles checks and "only denies authentication when
an invalid bearer token is received".
Unfortunately it also creates and returns an AnonymousSecurityToken explicitly,
which means that extensions of shindig either reimplement all of the logic, or
patch the method to return a more suitable token.
The name implies some generic behavior though, so I think it would be nice if
the token creation was done in a separate overridable method. This way
extensions could use the OAuth2AuthenticationHandler as a parent class, and
just create the proper token by overriding the method.
In our specific case we use Apache Shiro for authentication/authorization
purposes.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
