You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wink.apache.org by Raymond Feng <en...@gmail.com> on 2011/03/03 17:56:04 UTC
Adding oAuth support for Wink
Hi,
I'm exploring the opportunity to add oAuth support into Wink based on the oAuth 1.0 and 2.0 implementation from Apache Amber project [1].
The rough idea is:
1) Integrate the Amber server filter as a Wink server handler that deals with server-side oAuth
2) Integrate the Amber client as a Wink client handler to handle the the client-side oAuth
3) Provide JAX-RS resources that serves as the authorization and resource server
For 1 &2, what's the pluggability story to add new handlers?
Thoughts?
Thanks,
Raymond
[1] http://incubator.apache.org/amber/
________________________________________________________________
Raymond Feng
rfeng@apache.org
Apache Tuscany PMC member and committer: tuscany.apache.org
Co-author of Tuscany SCA In Action book: www.tuscanyinaction.com
Personal Web Site: www.enjoyjava.com
________________________________________________________________
Re: Adding oAuth support for Wink
Posted by Raymond Feng <en...@gmail.com>.
Are you concerned about the following config?
Consumer key, sometimes called API key.
Consumer secret key
Callback URL
Raymond
________________________________________________________________
Raymond Feng
rfeng@apache.org
Apache Tuscany PMC member and committer: tuscany.apache.org
Co-author of Tuscany SCA In Action book: www.tuscanyinaction.com
Personal Web Site: www.enjoyjava.com
________________________________________________________________
On Mar 3, 2011, at 9:55 AM, Bryant Luk wrote:
> Sounds interesting.
>
> For the pluggability story for adding new handlers, you could create a
> HandlersFactory which adds custom handlers to the chain. If that's
> not enough, I think you'd have to write a custom
> DeploymentConfiguration.
>
> My only concern right now about oAuth has been the configuration
> management of it. Are there any thoughts around that in Amber?
>
> On Thu, Mar 3, 2011 at 10:56 AM, Raymond Feng <en...@gmail.com> wrote:
>> Hi,
>>
>> I'm exploring the opportunity to add oAuth support into Wink based on the oAuth 1.0 and 2.0 implementation from Apache Amber project [1].
>>
>> The rough idea is:
>> 1) Integrate the Amber server filter as a Wink server handler that deals with server-side oAuth
>> 2) Integrate the Amber client as a Wink client handler to handle the the client-side oAuth
>> 3) Provide JAX-RS resources that serves as the authorization and resource server
>>
>> For 1 &2, what's the pluggability story to add new handlers?
>>
>> Thoughts?
>>
>> Thanks,
>> Raymond
>> [1] http://incubator.apache.org/amber/
>> ________________________________________________________________
>> Raymond Feng
>> rfeng@apache.org
>> Apache Tuscany PMC member and committer: tuscany.apache.org
>> Co-author of Tuscany SCA In Action book: www.tuscanyinaction.com
>> Personal Web Site: www.enjoyjava.com
>> ________________________________________________________________
>>
>>
>
>
>
> --
>
> http://www.twitter.com/bluk
Re: Adding oAuth support for Wink
Posted by Raymond Feng <en...@gmail.com>.
It seems Spring has a way to manage the config via XML. See:
http://static.springsource.org/spring-security/oauth/oauth1.html
http://static.springsource.org/spring-security/oauth/oauth2.html
http://www.springframework.org/schema/security/spring-security-oauth2.xsd
Thanks,
Raymond
________________________________________________________________
Raymond Feng
rfeng@apache.org
Apache Tuscany PMC member and committer: tuscany.apache.org
Co-author of Tuscany SCA In Action book: www.tuscanyinaction.com
Personal Web Site: www.enjoyjava.com
________________________________________________________________
On Mar 3, 2011, at 9:55 AM, Bryant Luk wrote:
> Sounds interesting.
>
> For the pluggability story for adding new handlers, you could create a
> HandlersFactory which adds custom handlers to the chain. If that's
> not enough, I think you'd have to write a custom
> DeploymentConfiguration.
>
> My only concern right now about oAuth has been the configuration
> management of it. Are there any thoughts around that in Amber?
>
> On Thu, Mar 3, 2011 at 10:56 AM, Raymond Feng <en...@gmail.com> wrote:
>> Hi,
>>
>> I'm exploring the opportunity to add oAuth support into Wink based on the oAuth 1.0 and 2.0 implementation from Apache Amber project [1].
>>
>> The rough idea is:
>> 1) Integrate the Amber server filter as a Wink server handler that deals with server-side oAuth
>> 2) Integrate the Amber client as a Wink client handler to handle the the client-side oAuth
>> 3) Provide JAX-RS resources that serves as the authorization and resource server
>>
>> For 1 &2, what's the pluggability story to add new handlers?
>>
>> Thoughts?
>>
>> Thanks,
>> Raymond
>> [1] http://incubator.apache.org/amber/
>> ________________________________________________________________
>> Raymond Feng
>> rfeng@apache.org
>> Apache Tuscany PMC member and committer: tuscany.apache.org
>> Co-author of Tuscany SCA In Action book: www.tuscanyinaction.com
>> Personal Web Site: www.enjoyjava.com
>> ________________________________________________________________
>>
>>
>
>
>
> --
>
> http://www.twitter.com/bluk
Re: Adding oAuth support for Wink
Posted by Bryant Luk <br...@gmail.com>.
Sounds interesting.
For the pluggability story for adding new handlers, you could create a
HandlersFactory which adds custom handlers to the chain. If that's
not enough, I think you'd have to write a custom
DeploymentConfiguration.
My only concern right now about oAuth has been the configuration
management of it. Are there any thoughts around that in Amber?
On Thu, Mar 3, 2011 at 10:56 AM, Raymond Feng <en...@gmail.com> wrote:
> Hi,
>
> I'm exploring the opportunity to add oAuth support into Wink based on the oAuth 1.0 and 2.0 implementation from Apache Amber project [1].
>
> The rough idea is:
> 1) Integrate the Amber server filter as a Wink server handler that deals with server-side oAuth
> 2) Integrate the Amber client as a Wink client handler to handle the the client-side oAuth
> 3) Provide JAX-RS resources that serves as the authorization and resource server
>
> For 1 &2, what's the pluggability story to add new handlers?
>
> Thoughts?
>
> Thanks,
> Raymond
> [1] http://incubator.apache.org/amber/
> ________________________________________________________________
> Raymond Feng
> rfeng@apache.org
> Apache Tuscany PMC member and committer: tuscany.apache.org
> Co-author of Tuscany SCA In Action book: www.tuscanyinaction.com
> Personal Web Site: www.enjoyjava.com
> ________________________________________________________________
>
>
--
http://www.twitter.com/bluk