Uploaded image for project: 'Wookie'
  1. Wookie
  2. WOOKIE-392

Replace persistent "WidgetInstance" with transient "AuthToken" similar to Shindig

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 2.0.0
    • Component/s: None
    • Labels:
      None

      Description

      Hi everyone,

      Ate suggested a while back the idea of making core Wookie capabilities work in an "SPI" fashion,
      i.e. make it possible for the container to inject its own implementations of core services
      such as "Preferences" etc., so these can be integrated with the container backend rather than
      managed separately by Wookie.

      However, the way we handle Widget instantiation (widget user sessions, in effect) in Wookie
      by using persistent IWidgetInstance beans isn't really compatible with this approach, as it
      prevents decoupling things like Preferences, OAuth tokens, and Widget metadata into discrete
      services.

      One solution is to adopt the model used by Shindig and inject an encrypted token into the
      Widget and use that for subsequent requests. The token is then unwrapped by Wookie and used
      to verify the request, and obtain the parameters to be used in relevant calls (e.g. to get/set
      preferences, get the referenced Widget metadata etc).

      I've done some experiments with reusing the OpenSocial Token algorithm used in Shindig to
      see how this could work, and it looks like it would be OK. However, it would mean another
      big refactoring of the backend.

      PROs:

      • more consistent with Shindig and OpenSocial model
      • one less thing to manage as a persistent bean class
      • decouples Preferences, Widget metadata, Shared Data, Participants and oAuth Tokens, making
        them capable of being wrapped with SPIs

      CONs:

      • yet more refactoring
      • will not be backwards compatible

      If we do decide this is a good idea, it may be worth creating a branch for it as it would
      touch ~30 classes.

      See http://mail-archives.apache.org/mod_mbox/incubator-wookie-dev/201206.mbox/%3c48F3D140-9C46-429B-AA55-6A2729FC3057@gmail.com%3e

        Attachments

        1. AuthTokenUtilsTest.java
          3 kB
          Scott Wilson
        2. AuthTokenUtils.java
          4 kB
          Scott Wilson
        3. AuthTokenCrypter.java
          12 kB
          Scott Wilson
        4. AuthToken.java
          2 kB
          Scott Wilson

          Activity

            People

            • Assignee:
              scottbw Scott Wilson
              Reporter:
              scottbw Scott Wilson
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: