[
https://issues.apache.org/jira/browse/SHINDIG-792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12658413#action_12658413
]
Kevin Brown commented on SHINDIG-792:
-------------------------------------
You shouldn't have to extend it. Providing your own AuthenticationModule is a
the recommended practice. The only reason for AuthenticationHandlerProvider's
existence is that we're still on guice 1.0 and it doesn't support
multibindings. You can certainly bind your own List<AuthenticationHandler>
without having to use the default in AuthenticationModule.
In fact, the gadget rendering component provides a different authentication
module than that used in the combined gadget renderer + social data server to
avoid the extra oauth dependencies using this approach.
I'm not a big fan of SecurityTokenDecoder as a whole. With all of the security
token creation delegated to the auth handlers, it seems like an unnecessary
interface to me.
If you write your own AuthenticationHandler, you can extract whatever you want
from the HTTP request and not have to worry about the rest.
> UrlParameterAuthenticationHandler is not extensible
> ---------------------------------------------------
>
> Key: SHINDIG-792
> URL: https://issues.apache.org/jira/browse/SHINDIG-792
> Project: Shindig
> Issue Type: Improvement
> Components: Gadget Rendering Server (Java)
> Affects Versions: 1.0.x-incubating
> Reporter: Henning Schmiedehausen
> Attachments: SHINDIG-792.patch
>
>
> The URLParameterAuthenticationHandler is injected at some places inside the
> Shindig codebase (AuthenticationModule, AuthenticationHandlerProvider) so to
> override it, one must extend it. However, the class itself is not really
> extensible. With this patch, it is possible to do e.g. the following thing:
> --- cut ---
> public class MyAuthenticationHandler extends UrlParameterAuthenticationHandler
> {
> @Inject
> public NingAuthenticationHandler(SecurityTokenDecoder
> securityTokenDecoder)
> {
> super(securityTokenDecoder);
> }
> @Override
> protected Map<String, String> getMappedParameters(final
> HttpServletRequest req) {
> final Map<String, String> params = new HashMap<String,
> String>(super.getMappedParameters(req));
> params.put("param1", req.getParameter("param1"));
> params.put("param2", req.getParameter("param2"));
> params.put("param3", req.getParameter("param3"));
> return params;
> }
> }
> --- cut ---
> Which in concert with the injected SecurityTokenDecoder allows custom
> decoding. Else, the whole injection of the token decoder is moot because you
> can't pass additional parameters into it.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
