You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by sc...@apache.org on 2014/03/04 14:15:43 UTC
svn commit: r1574091 -
/wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/SecurityTokenController.java
Author: scottbw
Date: Tue Mar 4 13:15:43 2014
New Revision: 1574091
URL: http://svn.apache.org/r1574091
Log:
Added an API for requesting a new token, either on first render to exchange a single-use token for a session token, or periodically to avoid token expiry.
Added:
wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/SecurityTokenController.java
Added: wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/SecurityTokenController.java
URL: http://svn.apache.org/viewvc/wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/SecurityTokenController.java?rev=1574091&view=auto
==============================================================================
--- wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/SecurityTokenController.java (added)
+++ wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/SecurityTokenController.java Tue Mar 4 13:15:43 2014
@@ -0,0 +1,68 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wookie.controller;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.wookie.auth.AuthToken;
+import org.apache.wookie.auth.AuthTokenUtils;
+import org.apache.wookie.exceptions.InvalidParametersException;
+import org.apache.wookie.exceptions.ResourceDuplicationException;
+import org.apache.wookie.exceptions.ServiceUnavailableException;
+import org.apache.wookie.exceptions.UnauthorizedAccessException;
+
+/**
+ * API called by widgets to refresh an authtoken. Called periodically from wookie.js
+ */
+public class SecurityTokenController extends Controller {
+
+ private static final long serialVersionUID = 1L;
+
+ /* (non-Javadoc)
+ * @see org.apache.wookie.controller.Controller#create(java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ protected boolean create(String resourceId, HttpServletRequest request,
+ HttpServletResponse response) throws ResourceDuplicationException,
+ InvalidParametersException, UnauthorizedAccessException,
+ ServiceUnavailableException {
+
+ //
+ // Get the AuthToken from the request
+ //
+ AuthToken oldToken = (AuthToken) request.getAttribute("org.apache.wookie.auth.AuthToken");
+ if (oldToken == null) throw new UnauthorizedAccessException();
+
+ //
+ // Create a new AuthToken. The new token has a new
+ // TTL expiry.
+ //
+ AuthToken newToken = AuthToken.STANDARD_LIFESPAN_TOKEN(oldToken);
+
+ try {
+ String securityToken = AuthTokenUtils.encryptAuthToken(newToken);
+ returnJson("{\"token\":\""+securityToken+"\"}", response);
+ return true;
+ } catch (Exception e) {
+ throw new ServiceUnavailableException(e);
+ }
+
+ }
+
+
+
+
+
+}