You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Thorsten Hoeger (JIRA)" <ji...@apache.org> on 2012/10/09 10:16:03 UTC
[jira] [Created] (CXF-4548) Enable use of customized session
provider in OAuth2 GrantService
Thorsten Hoeger created CXF-4548:
------------------------------------
Summary: Enable use of customized session provider in OAuth2 GrantService
Key: CXF-4548
URL: https://issues.apache.org/jira/browse/CXF-4548
Project: CXF
Issue Type: Improvement
Components: JAX-RS Security
Affects Versions: 2.6.2, 2.7.0
Reporter: Thorsten Hoeger
In the AuthorizationCodeGrantService there are two private methods
using sessions to store and retrieve the sessionAuthenticityToken. It
would be nice to be able to change the storage.
I had to create a deep copy of this class to use some other session store.
Patch will be provided soon.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4548) Enable use of customized session
provider in OAuth2 GrantService
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13474061#comment-13474061 ]
Sergey Beryozkin commented on CXF-4548:
---------------------------------------
Hi Thorsten, thanks for the patch, I applied with minor modifications.
The problem with HttpSession class is that it does not return an object in removeAttribute, so we have to make a duplicate call, once - getAttribute and then removeAttribute. So I updated SessionAuthenticityTokenProvider to return the value from removeToken and updated the service to call this method immediately, instead of doing a sequence of getToken and then removeToken. That should be faster, especially if a custom provider has not been optimized to cache the token which was just retrieved.
Hope you OK with this update - I'll keep this JIRA open for a bit just in case
> Enable use of customized session provider in OAuth2 GrantService
> ----------------------------------------------------------------
>
> Key: CXF-4548
> URL: https://issues.apache.org/jira/browse/CXF-4548
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.6.2, 2.7.0
> Reporter: Thorsten Hoeger
> Fix For: 2.6.4, 2.7.1
>
> Attachments: 0001-refs-CXF-4548-Enable-use-of-customized-session-provi.patch
>
>
> In the AuthorizationCodeGrantService there are two private methods
> using sessions to store and retrieve the sessionAuthenticityToken. It
> would be nice to be able to change the storage.
> I had to create a deep copy of this class to use some other session store.
> Patch will be provided soon.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (CXF-4548) Enable use of customized session
provider in OAuth2 GrantService
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4548?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin reassigned CXF-4548:
-------------------------------------
Assignee: Sergey Beryozkin
> Enable use of customized session provider in OAuth2 GrantService
> ----------------------------------------------------------------
>
> Key: CXF-4548
> URL: https://issues.apache.org/jira/browse/CXF-4548
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.6.2, 2.7.0
> Reporter: Thorsten Hoeger
> Assignee: Sergey Beryozkin
> Fix For: 2.6.4, 2.7.1
>
> Attachments: 0001-refs-CXF-4548-Enable-use-of-customized-session-provi.patch
>
>
> In the AuthorizationCodeGrantService there are two private methods
> using sessions to store and retrieve the sessionAuthenticityToken. It
> would be nice to be able to change the storage.
> I had to create a deep copy of this class to use some other session store.
> Patch will be provided soon.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CXF-4548) Enable use of customized session
provider in OAuth2 GrantService
Posted by "Thorsten Hoeger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4548?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thorsten Hoeger updated CXF-4548:
---------------------------------
Attachment: 0001-refs-CXF-4548-Enable-use-of-customized-session-provi.patch
> Enable use of customized session provider in OAuth2 GrantService
> ----------------------------------------------------------------
>
> Key: CXF-4548
> URL: https://issues.apache.org/jira/browse/CXF-4548
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.6.2, 2.7.0
> Reporter: Thorsten Hoeger
> Attachments: 0001-refs-CXF-4548-Enable-use-of-customized-session-provi.patch
>
>
> In the AuthorizationCodeGrantService there are two private methods
> using sessions to store and retrieve the sessionAuthenticityToken. It
> would be nice to be able to change the storage.
> I had to create a deep copy of this class to use some other session store.
> Patch will be provided soon.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CXF-4548) Enable use of customized session
provider in OAuth2 GrantService
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4548?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin updated CXF-4548:
----------------------------------
Fix Version/s: 2.7.1
2.6.4
> Enable use of customized session provider in OAuth2 GrantService
> ----------------------------------------------------------------
>
> Key: CXF-4548
> URL: https://issues.apache.org/jira/browse/CXF-4548
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.6.2, 2.7.0
> Reporter: Thorsten Hoeger
> Assignee: Sergey Beryozkin
> Fix For: 2.6.4, 2.7.1
>
> Attachments: 0001-refs-CXF-4548-Enable-use-of-customized-session-provi.patch
>
>
> In the AuthorizationCodeGrantService there are two private methods
> using sessions to store and retrieve the sessionAuthenticityToken. It
> would be nice to be able to change the storage.
> I had to create a deep copy of this class to use some other session store.
> Patch will be provided soon.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4548) Enable use of customized session
provider in OAuth2 GrantService
Posted by "Thorsten Hoeger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13474075#comment-13474075 ]
Thorsten Hoeger commented on CXF-4548:
--------------------------------------
I really like this as it was my first thought but I wasn't sure why therew was this call sequence so I just rebuilt it.
Thanks for using the patch.
> Enable use of customized session provider in OAuth2 GrantService
> ----------------------------------------------------------------
>
> Key: CXF-4548
> URL: https://issues.apache.org/jira/browse/CXF-4548
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.6.2, 2.7.0
> Reporter: Thorsten Hoeger
> Assignee: Sergey Beryozkin
> Fix For: 2.6.4, 2.7.1
>
> Attachments: 0001-refs-CXF-4548-Enable-use-of-customized-session-provi.patch
>
>
> In the AuthorizationCodeGrantService there are two private methods
> using sessions to store and retrieve the sessionAuthenticityToken. It
> would be nice to be able to change the storage.
> I had to create a deep copy of this class to use some other session store.
> Patch will be provided soon.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4548) Enable use of customized session
provider in OAuth2 GrantService
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13474078#comment-13474078 ]
Sergey Beryozkin commented on CXF-4548:
---------------------------------------
Cool, thanks again
> Enable use of customized session provider in OAuth2 GrantService
> ----------------------------------------------------------------
>
> Key: CXF-4548
> URL: https://issues.apache.org/jira/browse/CXF-4548
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.6.2, 2.7.0
> Reporter: Thorsten Hoeger
> Assignee: Sergey Beryozkin
> Fix For: 2.6.4, 2.7.1
>
> Attachments: 0001-refs-CXF-4548-Enable-use-of-customized-session-provi.patch
>
>
> In the AuthorizationCodeGrantService there are two private methods
> using sessions to store and retrieve the sessionAuthenticityToken. It
> would be nice to be able to change the storage.
> I had to create a deep copy of this class to use some other session store.
> Patch will be provided soon.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CXF-4548) Enable use of customized session
provider in OAuth2 GrantService
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4548?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin resolved CXF-4548.
-----------------------------------
Resolution: Fixed
> Enable use of customized session provider in OAuth2 GrantService
> ----------------------------------------------------------------
>
> Key: CXF-4548
> URL: https://issues.apache.org/jira/browse/CXF-4548
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.6.2, 2.7.0
> Reporter: Thorsten Hoeger
> Assignee: Sergey Beryozkin
> Fix For: 2.6.4, 2.7.1
>
> Attachments: 0001-refs-CXF-4548-Enable-use-of-customized-session-provi.patch
>
>
> In the AuthorizationCodeGrantService there are two private methods
> using sessions to store and retrieve the sessionAuthenticityToken. It
> would be nice to be able to change the storage.
> I had to create a deep copy of this class to use some other session store.
> Patch will be provided soon.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira