org.apache.shindig.auth

Class BlobCrypterSecurityTokenCodec

java.lang.Object

org.apache.shindig.auth.BlobCrypterSecurityTokenCodec

All Implemented Interfaces:

SecurityTokenCodec, ContainerConfig.ConfigObserver

public class BlobCrypterSecurityTokenCodec
extends Object
implements SecurityTokenCodec, ContainerConfig.ConfigObserver

Provides security token decoding services. Configuration is via containers.js. Each container should specify (or inherit) securityTokenKeyFile: path to file containing a key to use for verifying tokens. signedFetchDomain: oauth_consumer_key value to use for signed fetch using default key. Creating a key is best done with a command line like this:

     dd if=/dev/random bs=32 count=1  | openssl base64 > /tmp/key.txt
 

Wire format is "<container>:<encrypted-and-signed-token>"

Since:

2.0.0

Field Summary

Fields

Modifier and Type	Field and Description
protected Map<String,BlobCrypter>	crypters Keys are container ids, values are crypters
protected Map<String,String>	domains Keys are container ids, values are domains used for signed fetch.
static String	SECURITY_TOKEN_KEY
static String	SIGNED_FETCH_DOMAIN

Fields inherited from interface org.apache.shindig.auth.SecurityTokenCodec

ACTIVE_URL_NAME, SECURITY_TOKEN_NAME, SECURITY_TOKEN_TTL_CONFIG

Constructor Summary

Constructors

Constructor and Description
BlobCrypterSecurityTokenCodec(ContainerConfig config)

Method Summary

Methods

Modifier and Type	Method and Description
void	containersChanged(ContainerConfig config, Collection<String> changed, Collection<String> removed) Notifies the object that some container configurations have been added or modified.
SecurityToken	createToken(Map<String,String> tokenParameters) Decrypt and verify the provided security token.
String	encodeToken(SecurityToken token) Encrypt and sign the token.
int	getTokenTimeToLive() This method is deprecated in favor of SecurityTokenCodec.getTokenTimeToLive(String).
int	getTokenTimeToLive(String container)
protected BlobCrypter	loadCrypter(String key) Load a BlobCrypter using the specified key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SECURITY_TOKEN_KEY

public static final String SECURITY_TOKEN_KEY

See Also:

Constant Field Values

SIGNED_FETCH_DOMAIN

public static final String SIGNED_FETCH_DOMAIN

See Also:

Constant Field Values

crypters

protected Map<String,BlobCrypter> crypters

Keys are container ids, values are crypters

domains

protected Map<String,String> domains

Keys are container ids, values are domains used for signed fetch.

Constructor Detail

BlobCrypterSecurityTokenCodec

@Inject
public BlobCrypterSecurityTokenCodec(ContainerConfig config)

Method Detail

containersChanged

public void containersChanged(ContainerConfig config,
                     Collection<String> changed,
                     Collection<String> removed)

Description copied from interface: ContainerConfig.ConfigObserver

Notifies the object that some container configurations have been added or modified.

Specified by:

containersChanged in interface ContainerConfig.ConfigObserver

Parameters:

config - The ContainerConfig object where the configuration was changed.

changed - The names of the containers that have been added or modified.

removed - The names of the containers that have been removed.

loadCrypter

protected BlobCrypter loadCrypter(String key)

Load a BlobCrypter using the specified key. Override this if you have your own BlobCrypter implementation.

Parameters:

key - The security token key.

Returns:

The BlobCrypter.

createToken

public SecurityToken createToken(Map<String,String> tokenParameters)
                          throws SecurityTokenException

Decrypt and verify the provided security token.

Specified by:

createToken in interface SecurityTokenCodec

Parameters:

tokenParameters - Map containing a entry 'token' in wire format (probably encrypted.)

Returns:

the decrypted and verified token.

Throws:

SecurityTokenException - If tokenString is not a valid token

encodeToken

public String encodeToken(SecurityToken token)
                   throws SecurityTokenException

Encrypt and sign the token. The returned value is *not* web safe, it should be URL encoded before being used as a form parameter.

Specified by:

encodeToken in interface SecurityTokenCodec

Throws:

SecurityTokenException

getTokenTimeToLive

public int getTokenTimeToLive()

Description copied from interface: SecurityTokenCodec

This method is deprecated in favor of SecurityTokenCodec.getTokenTimeToLive(String). Implementations should only rely on this method to return the default time-to-live of tokens generated by this codec in the case where getTokenTimeToLive(String) fails.

Specified by:

getTokenTimeToLive in interface SecurityTokenCodec

Returns:

The default amount of time a token generated by this codec can be expected to live.

See Also:

SecurityTokenCodec.getTokenTimeToLive(String)

getTokenTimeToLive

public int getTokenTimeToLive(String container)

Specified by:

getTokenTimeToLive in interface SecurityTokenCodec

Parameters:

container - The container the token is for

Returns:

The amount of time a token generated by this codec within the given container can be expected to live.