Apache Roller
  1. Apache Roller
  2. ROL-1798

Support for OAuth authentication for AtomPub and other resources

    Details

    • Level of effort:
      2 weeks, but work is already done

      Description

      Add support for OAuth authentication, supporting these requirements:

      a) - Support for three standard OAuth URIs
      1) - request token URI
      2) - authorization URI, presents authorization page if appropriate
      3) - access token servlet URI

      b) - Support for OAuth authentication in AtomPub servlet

      c) - Ability to enable and disable AtomPut from Server Admin page

      d) - Ability to choose either OAuth, BASIC, WSSE or authentication for AtomPub

      e) - Addition of an OAuth page that appears when OAuth is enabled
      1) allows users to access the key and secret they need to authorized AtomPub clients
      2) allows admins to access the site-wide key and secret needed to authorize 3rd party sites

      The implementation creates these new tables:

      – each record is an OAuth consumer key and secret, can be tied to just one user
      create table rol_oauthconsumer (
      consumerkey varchar(48) not null primary key,
      consumersecret varchar(48) not null,
      username varchar(48)
      );
      create index oc_username_idx on rol_oauthconsumer( username$!db.INDEXSIZE );
      create index oc_consumerkey_idx on rol_oauthconsumer( consumerkey$!db.INDEXSIZE );

      – each record is an OAuth accessor, always tied to just one user
      create table rol_oauthaccessor (
      consumerkey varchar(48) not null primary key,
      requesttoken varchar(48),
      accesstoken varchar(48),
      tokensecret varchar(48),
      created $db.TIMESTAMP_SQL_TYPE not null,
      updated $db.TIMESTAMP_SQL_TYPE not null,
      username varchar(48) not null,
      authorized $db.BOOLEAN_SQL_TYPE_FALSE
      );
      create index oa_consumerkey_idx on rol_oauthaccessor( consumerkey$!db.INDEXSIZE );

      The implementation adds these new jars:
      commons-httpclient-3.1.jar
      httpclient-4.0-beta1.jar
      httpcore-4.0-beta2.jar
      oauth-core-20090121.jar

      1. rol1798-20090313.patch
        148 kB
        David Johnson
      2. OAuth enable.jpg
        20 kB
        David Johnson
      3. OAuth creds link.jpg
        43 kB
        David Johnson
      4. OAuth credentials page.jpg
        102 kB
        David Johnson
      5. OAuth authorize.jpg
        36 kB
        David Johnson

        Activity

        David Johnson created issue -
        Hide
        David Johnson added a comment -

        Show the new options for enabling AtomPub

        And for selecting the form of authentication to be used

        Show
        David Johnson added a comment - Show the new options for enabling AtomPub And for selecting the form of authentication to be used
        David Johnson made changes -
        Field Original Value New Value
        Attachment OAuth enable.jpg [ 10561 ]
        Hide
        David Johnson added a comment -

        show the new link on the Main Menu page that appears when oauth is enabled

        Show
        David Johnson added a comment - show the new link on the Main Menu page that appears when oauth is enabled
        David Johnson made changes -
        Attachment OAuth creds link.jpg [ 10562 ]
        Hide
        David Johnson added a comment -

        shows the OAuth credentials page

        Show
        David Johnson added a comment - shows the OAuth credentials page
        David Johnson made changes -
        Attachment OAuth credentials page.jpg [ 10563 ]
        Hide
        David Johnson added a comment -

        Patch for OAuth changes. I'm ready to commit this ASAP

        Show
        David Johnson added a comment - Patch for OAuth changes. I'm ready to commit this ASAP
        David Johnson made changes -
        Attachment rol1798-20090313.patch [ 10564 ]
        Hide
        David Johnson added a comment -

        Authorize page that can be used to authorize 3rd party sites to access Roller.

        (This page will not appear in the AtomPub authentication process)

        Show
        David Johnson added a comment - Authorize page that can be used to authorize 3rd party sites to access Roller. (This page will not appear in the AtomPub authentication process)
        David Johnson made changes -
        Attachment OAuth authorize.jpg [ 10565 ]
        David Johnson made changes -
        Description Add support for OAuth authentication, supporting these requirements:

        a) - Support for three standard OAuth URIs
          1) - request token URI
          2) - authorization URI, presents authorization page if appropriate
          3) - access token servlet URI

        b) - Support for OAuth authentication in AtomPub servlet

        c) - Ability to enable and disable AtomPut from Server Admin page

        d) - Ability to choose either OAuth, BASIC, WSSE or authentication for AtomPub

        e) - Addition of an OAuth page that appears when OAuth is enabled
           1) allows users to access the key and secret they need to authorized AtomPub clients
           2) allows admins to access the site-wide key and secret needed to authorize 3rd party sites

        Add support for OAuth authentication, supporting these requirements:

        a) - Support for three standard OAuth URIs
          1) - request token URI
          2) - authorization URI, presents authorization page if appropriate
          3) - access token servlet URI

        b) - Support for OAuth authentication in AtomPub servlet

        c) - Ability to enable and disable AtomPut from Server Admin page

        d) - Ability to choose either OAuth, BASIC, WSSE or authentication for AtomPub

        e) - Addition of an OAuth page that appears when OAuth is enabled
           1) allows users to access the key and secret they need to authorized AtomPub clients
           2) allows admins to access the site-wide key and secret needed to authorize 3rd party sites


        The implementation creates these new tables:

            -- each record is an OAuth consumer key and secret, can be tied to just one user
           create table rol_oauthconsumer (
              consumerkey varchar(48) not null primary key,
              consumersecret varchar(48) not null,
              username varchar(48)
          );
          create index oc_username_idx on rol_oauthconsumer( username$!db.INDEXSIZE );
          create index oc_consumerkey_idx on rol_oauthconsumer( consumerkey$!db.INDEXSIZE );

          -- each record is an OAuth accessor, always tied to just one user
          create table rol_oauthaccessor (
              consumerkey varchar(48) not null primary key,
              requesttoken varchar(48),
              accesstoken varchar(48),
              tokensecret varchar(48),
              created $db.TIMESTAMP_SQL_TYPE not null,
              updated $db.TIMESTAMP_SQL_TYPE not null,
              username varchar(48) not null,
              authorized $db.BOOLEAN_SQL_TYPE_FALSE
          );
          create index oa_consumerkey_idx on rol_oauthaccessor( consumerkey$!db.INDEXSIZE );

        The implementation adds these new jars:
            commons-httpclient-3.1.jar
            httpclient-4.0-beta1.jar
            httpcore-4.0-beta2.jar
            oauth-core-20090121.jar
        Hide
        David Johnson added a comment -

        Just noticed some typos and poor formatting in those screenshots, I'll fix those.

        Show
        David Johnson added a comment - Just noticed some typos and poor formatting in those screenshots, I'll fix those.
        Hide
        David Johnson added a comment -

        Done. Also upgraded to ROME 1.0.

        I tested the new AtomPub OAuth with the ROME Propono AtomPub client.

        And I tested the OAuth Authorize page with Apache Shindig's OAuth client.

        Show
        David Johnson added a comment - Done. Also upgraded to ROME 1.0. I tested the new AtomPub OAuth with the ROME Propono AtomPub client. And I tested the OAuth Authorize page with Apache Shindig's OAuth client.
        David Johnson made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Henri Yandell made changes -
        Project Import Fri Mar 27 23:38:16 PDT 2009 [ 1238222296558 ]
        Mark Thomas made changes -
        Workflow jira [ 12459360 ] Default workflow, editable Closed status [ 12623395 ]
        Hide
        Glen Mazza added a comment -

        Closed issues related to Roller 5.0 release.

        Show
        Glen Mazza added a comment - Closed issues related to Roller 5.0 release.
        Glen Mazza made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        3d 9m 1 David Johnson 16/Mar/09 20:44
        Resolved Resolved Closed Closed
        1386d 21h 9m 1 Glen Mazza 01/Jan/13 17:54

          People

          • Assignee:
            David Johnson
            Reporter:
            David Johnson
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development