[gatein-issues] [JBoss JIRA] Updated: (GTNPORTAL-314) Fixing oAuth in gadgets

Thomas Heute (JIRA) jira-events at lists.jboss.org
Fri Nov 27 12:39:40 EST 2009 

     [ https://jira.jboss.org/jira/browse/GTNPORTAL-314?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Thomas Heute updated GTNPORTAL-314:
-----------------------------------

    Fix Version/s: 3.0.0-CR01
                       (was: 3.0.0-Beta03)


> Fixing oAuth in gadgets
> -----------------------
>
>                 Key: GTNPORTAL-314
>                 URL: https://jira.jboss.org/jira/browse/GTNPORTAL-314
>             Project: GateIn Portal
>          Issue Type: Bug
>    Affects Versions: 3.0.0-Beta02
>            Reporter: jerem j
>             Fix For: 3.0.0-CR01
>
>
> Right now in the gadgets, it is not possible to use backend that use an oAuth authentication. 
> We need to implement the oAuth Store to store the tokens into the JCR and not in memory as it is done in the default implementation (BasicOAuthStore.java)
> http://fisheye6.atlassian.com/browse/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthStore.java?r=HEAD
> the default implementation :
> http://fisheye6.atlassian.com/browse/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/BasicOAuthStore.java?r=HEAD
> In this class there is 2 different things to store :
> * Consumer key and secret
> getConsumerKeyAndSecret()
> Right now in the default implementation it is stored in a file oauth.json. This is information a user or an admin can set. I think, only admins have to set this key, so we can keep the storage in the oauth.json. If we find later that we need to often set new keys, it might be a good idea to create a specific UI for this and store it in the JCR.
> If stored in the JCR, it has to be indexed by : 
> gadget and server
> * Tokens
> getTokenInfo()
> setTokenInfo()
> removeToken()
> The default implementation store them in memory, so everytime the object is recreated, we loose the information, and so the user has to authenticate again.
> We should store the information of TokenInfo into the JCR indexed by owner, viewer, gadget, server.
> Be careful tokens have an expiration date, so when getting a token, we should make sure it did not expire.
> To test if the implementation is working, you can try with any jira gadget that require authentication such as the watch gadget. This jira server has been configured to work with the dev version of gatein 1.0b2 :
> http://jira4j.exoplatform.org/secure/Dashboard.jspa

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the gatein-issues mailing list