You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "Felix Meschberger (Created) (JIRA)" <ji...@apache.org> on 2011/12/01 08:59:39 UTC

[jira] [Created] (JCR-3164) Add minimal maintenance API to TokenBasedAuthentication

Add minimal maintenance API to TokenBasedAuthentication
-------------------------------------------------------

                 Key: JCR-3164
                 URL: https://issues.apache.org/jira/browse/JCR-3164
             Project: Jackrabbit Content Repository
          Issue Type: Improvement
          Components: jackrabbit-core
    Affects Versions: 2.3.4
            Reporter: Felix Meschberger


Currently the TokenBasedAuthentication class creates token nodes on demand and will only remove a token's node if the token is used after it has expired. To be able to do some token maintenance in down stream code (for example in a Sling Authentication Handler), some maintenance API would be helpful:

  String createToken(String username, long initialExpiry, Session session) throws RepositoryException;
  void removeToken(String token, Session session) throws RepositoryException;

Will attach a proposed patch.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Assigned] (JCR-3164) Add minimal maintenance API to TokenBasedAuthentication

Posted by "angela (Assigned) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JCR-3164?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela reassigned JCR-3164:
---------------------------

    Assignee: angela

hi felix

i have a major refactoring of the internal token handing in
progress... unfortunately it's not realistic any more for 2.4 (for reasons you are perfectly aware of, aren't you?).

i would therefore not spent too much effort in such an API at this moment.

what i would propose you to use for the time being is:
TokenBasedAuthentication.getTokenNode(TokenCredentials, Session) and take care of the node removal youself.
                
> Add minimal maintenance API to TokenBasedAuthentication
> -------------------------------------------------------
>
>                 Key: JCR-3164
>                 URL: https://issues.apache.org/jira/browse/JCR-3164
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-core
>    Affects Versions: 2.3.4
>            Reporter: Felix Meschberger
>            Assignee: angela
>
> Currently the TokenBasedAuthentication class creates token nodes on demand and will only remove a token's node if the token is used after it has expired. To be able to do some token maintenance in down stream code (for example in a Sling Authentication Handler), some maintenance API would be helpful:
>   String createToken(String username, long initialExpiry, Session session) throws RepositoryException;
>   void removeToken(String token, Session session) throws RepositoryException;
> Will attach a proposed patch.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (JCR-3164) Add minimal maintenance API to TokenBasedAuthentication

Posted by "Felix Meschberger (Resolved) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JCR-3164?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger resolved JCR-3164.
------------------------------------

    Resolution: Won't Fix

Thanks for the quick reply.

Reconsidering this idea, I think the minimal API would not make much sense. For real management you might also want to query existing tokens etc.

So lets drop this for now and pick it up on a real "Token Administration API" level after the refactoring.
                
> Add minimal maintenance API to TokenBasedAuthentication
> -------------------------------------------------------
>
>                 Key: JCR-3164
>                 URL: https://issues.apache.org/jira/browse/JCR-3164
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-core
>    Affects Versions: 2.3.4
>            Reporter: Felix Meschberger
>            Assignee: angela
>
> Currently the TokenBasedAuthentication class creates token nodes on demand and will only remove a token's node if the token is used after it has expired. To be able to do some token maintenance in down stream code (for example in a Sling Authentication Handler), some maintenance API would be helpful:
>   String createToken(String username, long initialExpiry, Session session) throws RepositoryException;
>   void removeToken(String token, Session session) throws RepositoryException;
> Will attach a proposed patch.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira