[SHINDIG-1950] Factor out creation of the SecurityToken in OAuth2AuthenticationHandler - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.0-update1
Fix Version/s: 2.5.1
Component/s: Java
Labels:
None

Description

OAuth2AuthenticationHandler handles checks and "only denies authentication when an invalid bearer token is received".

Unfortunately it also creates and returns an AnonymousSecurityToken explicitly, which means that extensions of shindig either reimplement all of the logic, or patch the method to return a more suitable token.

The name implies some generic behavior though, so I think it would be nice if the token creation was done in a separate overridable method. This way extensions could use the OAuth2AuthenticationHandler as a parent class, and just create the proper token by overriding the method.

In our specific case we use Apache Shiro for authentication/authorization purposes.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SHINDIG-1950-securitytoken-creation.diff
11/Nov/13 11:32
1 kB
Andreas Kohn

Activity

People

Assignee:: Unassigned

Reporter:: Andreas Kohn

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Nov/13 11:26

Updated:: 20/Nov/13 00:33

Resolved:: 20/Nov/13 00:33