Redoing the OAuth Filter for java social

[Cassie <do...@google.com>]

Just a heads up that I'm tearing apart the current Auth filter for the java
social code and putting it back in an easier to use format. Some highlights:

- I've changed the DataServiceServlet to get the security token from the
filter so we actually use it.

- I've changed the filter to take in a list of AuthenticationHandlers which
it tries in order to get a security token from.
-- The default handlers will be UrlParameterAH for the basic st param.
OAuthConsumerRequestAH - this would be two legged oauth. Probably everyone's
first goal for oauth support. AnonymousAH - for allowing requests which
don't have an st if a flag is set that says anon requests are allowed.

- When we want to add full (ie three legged) OAuth support or if a container
has some independant auth mechanism you can simply inject different handlers
according to your own needs.



Note: I have not tested the OAuth stuff yet... because I don't have a server
side setup that can try to hit shindig with an oauth request. Does anyone
out there have something coded up to test restful Shindig w/oauth yet? If
not, I'm sure someone will get to it soon but help would be awesome.

(The implementation of the oauth stuff is just a little simpler because i
got rid of some concepts we don't need - like the principal stuff. The basic
code structure is the same though - so I hope I preserved the correctness.)


- Cassie

Re: Redoing the OAuth Filter for java social

[Astha Saxena <as...@gmail.com>]

Hi Cassie,

I tested the Shindig-php as an Oauth consumer on , by using the Google's
contact gadget at http://dirk.balfanz.googlepages.com/contacts.xml
It has the test consumer secret key and secret provided by google,
http://dirk.balfanz.googlepages.com/oauth.json
This is a good test for verifying the Oauth implementation..!


Thanks,
Astha
On Fri, Aug 8, 2008 at 1:19 AM, Cassie <do...@google.com> wrote:

> Just a heads up that I'm tearing apart the current Auth filter for the java
> social code and putting it back in an easier to use format. Some
> highlights:
>
> - I've changed the DataServiceServlet to get the security token from the
> filter so we actually use it.
>
> - I've changed the filter to take in a list of AuthenticationHandlers which
> it tries in order to get a security token from.
> -- The default handlers will be UrlParameterAH for the basic st param.
> OAuthConsumerRequestAH - this would be two legged oauth. Probably
> everyone's
> first goal for oauth support. AnonymousAH - for allowing requests which
> don't have an st if a flag is set that says anon requests are allowed.
>
> - When we want to add full (ie three legged) OAuth support or if a
> container
> has some independant auth mechanism you can simply inject different
> handlers
> according to your own needs.
>
>
>
> Note: I have not tested the OAuth stuff yet... because I don't have a
> server
> side setup that can try to hit shindig with an oauth request. Does anyone
> out there have something coded up to test restful Shindig w/oauth yet? If
> not, I'm sure someone will get to it soon but help would be awesome.
>
> (The implementation of the oauth stuff is just a little simpler because i
> got rid of some concepts we don't need - like the principal stuff. The
> basic
> code structure is the same though - so I hope I preserved the correctness.)
>
>
> - Cassie
>