[
https://issues.apache.org/jira/browse/SHINDIG-1950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andreas Kohn updated SHINDIG-1950:
----------------------------------
Attachment: SHINDIG-1950-securitytoken-creation.diff
> Factor out creation of the SecurityToken in OAuth2AuthenticationHandler
> -----------------------------------------------------------------------
>
> Key: SHINDIG-1950
> URL: https://issues.apache.org/jira/browse/SHINDIG-1950
> Project: Shindig
> Issue Type: Improvement
> Components: Java
> Affects Versions: 2.5.0-update1
> Reporter: Andreas Kohn
> Attachments: SHINDIG-1950-securitytoken-creation.diff
>
>
> OAuth2AuthenticationHandler handles checks and "only denies authentication
> when an invalid bearer token is received".
> Unfortunately it also creates and returns an AnonymousSecurityToken
> explicitly, which means that extensions of shindig either reimplement all of
> the logic, or patch the method to return a more suitable token.
> The name implies some generic behavior though, so I think it would be nice if
> the token creation was done in a separate overridable method. This way
> extensions could use the OAuth2AuthenticationHandler as a parent class, and
> just create the proper token by overriding the method.
> In our specific case we use Apache Shiro for authentication/authorization
> purposes.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
