[
https://issues.apache.org/jira/browse/SHINDIG-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12663177#action_12663177
]
Henning Schmiedehausen commented on SHINDIG-811:
------------------------------------------------
I use the provided Eclipse formatters (in site/eclipse), though I am always
tempted to set the line wrapping higher than 80 (mainly because my current
monitor has a linewrapping of 360 chars...).
The Provider comment was pretty much a brain fart along the follwing lines:
Currently the BasicBlobCrypter uses a file as C'tor argument. E.g. in the
OAuthCrypterProvider, there is simply a
crypter = new BasicBlobCrypter(new File(stateCrypterPath));
in there. Which means, you are pretty much tied in. How about loading it from
JNDI?
consider
public static class BlobCrypterProvider implements Provider<BlobCrypter> {
private final BlobCrypter crypter;
@Inject
public BlobCrypterProvider(@Named("blobcrypter-key") byte [] key)
crypter = new BasicBlobCrypter(key);
}
}
public BlobCrypter get() {
return crypter;
}
}
public static class KeyFileProvider implements Provider<byte []> {
private final byte [] fileValue;
@Inject
public KeyFileProvider(@Named("blobcrypter-key.file") String fileName)
fileValue = FileUtils.readFileToByteArray(new File(fileName));
}
public byte [] get() {
return fileValue;
}
}
and you would bind this together with Guice:
binder.bind(String.class).annotatedWith(Names.named("blobcrypter-key")).toProvider(KeyFileProvider.class)
There is a drawback to his, however, as currently the encryption key is loaded
from the config and is container specific. So there might be a layer needed
that looks at the container. I somewhat got lost in a maze of twisty little
providers all alike and looking for a way out. ;-)
However, as I have might have a use case where there are a "few" containers to
manage I will need to revisit this again. I'll let you know how it works out...
> Allow loading key for BlobCrypter security from resources or file
> -----------------------------------------------------------------
>
> Key: SHINDIG-811
> URL: https://issues.apache.org/jira/browse/SHINDIG-811
> Project: Shindig
> Issue Type: Improvement
> Components: Common Components (Java)
> Reporter: Arnaud Bailly
> Priority: Minor
> Attachments: key-in-classpath.patch
>
>
> Loading a key from resources makes it simpler to 1) parameterize a shindig
> server for deployment (ie. filteringthe container.js with maven or ant) and
> 2) share the key with other servers/containers. There is already a
> ResourceLoader that can load files or resources if the naem is prefixed by
> 'res://', so just use it in BlobCrypterSecurityTokenDecoder.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
