Uploaded image for project: 'Apache Roller'
  1. Apache Roller
  2. ROL-1798

Support for OAuth authentication for AtomPub and other resources

    Details

    • Level of effort:
      2 weeks, but work is already done

      Description

      Add support for OAuth authentication, supporting these requirements:

      a) - Support for three standard OAuth URIs
      1) - request token URI
      2) - authorization URI, presents authorization page if appropriate
      3) - access token servlet URI

      b) - Support for OAuth authentication in AtomPub servlet

      c) - Ability to enable and disable AtomPut from Server Admin page

      d) - Ability to choose either OAuth, BASIC, WSSE or authentication for AtomPub

      e) - Addition of an OAuth page that appears when OAuth is enabled
      1) allows users to access the key and secret they need to authorized AtomPub clients
      2) allows admins to access the site-wide key and secret needed to authorize 3rd party sites

      The implementation creates these new tables:

      – each record is an OAuth consumer key and secret, can be tied to just one user
      create table rol_oauthconsumer (
      consumerkey varchar(48) not null primary key,
      consumersecret varchar(48) not null,
      username varchar(48)
      );
      create index oc_username_idx on rol_oauthconsumer( username$!db.INDEXSIZE );
      create index oc_consumerkey_idx on rol_oauthconsumer( consumerkey$!db.INDEXSIZE );

      – each record is an OAuth accessor, always tied to just one user
      create table rol_oauthaccessor (
      consumerkey varchar(48) not null primary key,
      requesttoken varchar(48),
      accesstoken varchar(48),
      tokensecret varchar(48),
      created $db.TIMESTAMP_SQL_TYPE not null,
      updated $db.TIMESTAMP_SQL_TYPE not null,
      username varchar(48) not null,
      authorized $db.BOOLEAN_SQL_TYPE_FALSE
      );
      create index oa_consumerkey_idx on rol_oauthaccessor( consumerkey$!db.INDEXSIZE );

      The implementation adds these new jars:
      commons-httpclient-3.1.jar
      httpclient-4.0-beta1.jar
      httpcore-4.0-beta2.jar
      oauth-core-20090121.jar

        Attachments

        1. rol1798-20090313.patch
          148 kB
          David Johnson
        2. OAuth enable.jpg
          20 kB
          David Johnson
        3. OAuth creds link.jpg
          43 kB
          David Johnson
        4. OAuth credentials page.jpg
          102 kB
          David Johnson
        5. OAuth authorize.jpg
          36 kB
          David Johnson

          Activity

            People

            • Assignee:
              djohnson David Johnson
              Reporter:
              djohnson David Johnson
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: