You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by sc...@apache.org on 2014/03/04 14:15:43 UTC

svn commit: r1574091 - /wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/SecurityTokenController.java

Author: scottbw
Date: Tue Mar  4 13:15:43 2014
New Revision: 1574091

URL: http://svn.apache.org/r1574091
Log:
Added an API for requesting a new token, either on first render to exchange a single-use token for a session token, or periodically to avoid token expiry.

Added:
    wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/SecurityTokenController.java

Added: wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/SecurityTokenController.java
URL: http://svn.apache.org/viewvc/wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/SecurityTokenController.java?rev=1574091&view=auto
==============================================================================
--- wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/SecurityTokenController.java (added)
+++ wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/SecurityTokenController.java Tue Mar  4 13:15:43 2014
@@ -0,0 +1,68 @@
+/*
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wookie.controller;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.wookie.auth.AuthToken;
+import org.apache.wookie.auth.AuthTokenUtils;
+import org.apache.wookie.exceptions.InvalidParametersException;
+import org.apache.wookie.exceptions.ResourceDuplicationException;
+import org.apache.wookie.exceptions.ServiceUnavailableException;
+import org.apache.wookie.exceptions.UnauthorizedAccessException;
+
+/**
+ * API called by widgets to refresh an authtoken. Called periodically from wookie.js
+ */
+public class SecurityTokenController extends Controller {
+
+	private static final long serialVersionUID = 1L;
+
+	/* (non-Javadoc)
+	 * @see org.apache.wookie.controller.Controller#create(java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	protected boolean create(String resourceId, HttpServletRequest request,
+			HttpServletResponse response) throws ResourceDuplicationException,
+			InvalidParametersException, UnauthorizedAccessException,
+			ServiceUnavailableException {
+		
+		//
+		// Get the AuthToken from the request
+		//
+		AuthToken oldToken = (AuthToken) request.getAttribute("org.apache.wookie.auth.AuthToken");
+		if (oldToken == null) throw new UnauthorizedAccessException();
+		
+		//
+		// Create a new AuthToken. The new token has a new
+		// TTL expiry.
+		//
+		AuthToken newToken = AuthToken.STANDARD_LIFESPAN_TOKEN(oldToken);
+		
+		try {
+			String securityToken = AuthTokenUtils.encryptAuthToken(newToken);
+			returnJson("{\"token\":\""+securityToken+"\"}", response);
+			return true;
+		} catch (Exception e) {
+			throw new ServiceUnavailableException(e);
+		}
+		
+	}
+	
+	
+	
+	
+
+}