You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Felix Meschberger (Created) (JIRA)" <ji...@apache.org> on 2011/12/01 08:59:39 UTC
[jira] [Created] (JCR-3164) Add minimal maintenance API to
TokenBasedAuthentication
Add minimal maintenance API to TokenBasedAuthentication
-------------------------------------------------------
Key: JCR-3164
URL: https://issues.apache.org/jira/browse/JCR-3164
Project: Jackrabbit Content Repository
Issue Type: Improvement
Components: jackrabbit-core
Affects Versions: 2.3.4
Reporter: Felix Meschberger
Currently the TokenBasedAuthentication class creates token nodes on demand and will only remove a token's node if the token is used after it has expired. To be able to do some token maintenance in down stream code (for example in a Sling Authentication Handler), some maintenance API would be helpful:
String createToken(String username, long initialExpiry, Session session) throws RepositoryException;
void removeToken(String token, Session session) throws RepositoryException;
Will attach a proposed patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (JCR-3164) Add minimal maintenance API to
TokenBasedAuthentication
Posted by "angela (Assigned) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3164?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela reassigned JCR-3164:
---------------------------
Assignee: angela
hi felix
i have a major refactoring of the internal token handing in
progress... unfortunately it's not realistic any more for 2.4 (for reasons you are perfectly aware of, aren't you?).
i would therefore not spent too much effort in such an API at this moment.
what i would propose you to use for the time being is:
TokenBasedAuthentication.getTokenNode(TokenCredentials, Session) and take care of the node removal youself.
> Add minimal maintenance API to TokenBasedAuthentication
> -------------------------------------------------------
>
> Key: JCR-3164
> URL: https://issues.apache.org/jira/browse/JCR-3164
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core
> Affects Versions: 2.3.4
> Reporter: Felix Meschberger
> Assignee: angela
>
> Currently the TokenBasedAuthentication class creates token nodes on demand and will only remove a token's node if the token is used after it has expired. To be able to do some token maintenance in down stream code (for example in a Sling Authentication Handler), some maintenance API would be helpful:
> String createToken(String username, long initialExpiry, Session session) throws RepositoryException;
> void removeToken(String token, Session session) throws RepositoryException;
> Will attach a proposed patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (JCR-3164) Add minimal maintenance API to
TokenBasedAuthentication
Posted by "Felix Meschberger (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3164?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved JCR-3164.
------------------------------------
Resolution: Won't Fix
Thanks for the quick reply.
Reconsidering this idea, I think the minimal API would not make much sense. For real management you might also want to query existing tokens etc.
So lets drop this for now and pick it up on a real "Token Administration API" level after the refactoring.
> Add minimal maintenance API to TokenBasedAuthentication
> -------------------------------------------------------
>
> Key: JCR-3164
> URL: https://issues.apache.org/jira/browse/JCR-3164
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core
> Affects Versions: 2.3.4
> Reporter: Felix Meschberger
> Assignee: angela
>
> Currently the TokenBasedAuthentication class creates token nodes on demand and will only remove a token's node if the token is used after it has expired. To be able to do some token maintenance in down stream code (for example in a Sling Authentication Handler), some maintenance API would be helpful:
> String createToken(String username, long initialExpiry, Session session) throws RepositoryException;
> void removeToken(String token, Session session) throws RepositoryException;
> Will attach a proposed patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira