roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Johnson (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (ROL-1798) Support for OAuth authentication for AtomPub and other resources
Date Mon, 16 Mar 2009 20:46:08 GMT

     [ https://issues.apache.org/roller/browse/ROL-1798?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Johnson resolved ROL-1798.
--------------------------------

    Resolution: Fixed

Done. Also upgraded to ROME 1.0.

I tested the new AtomPub OAuth with the ROME Propono AtomPub client.

And I tested the OAuth Authorize page with Apache Shindig's OAuth client.

> Support for OAuth authentication for AtomPub and other resources
> ----------------------------------------------------------------
>
>                 Key: ROL-1798
>                 URL: https://issues.apache.org/roller/browse/ROL-1798
>             Project: Roller
>          Issue Type: New Feature
>          Components: Authentication, Roles and Access Controls
>            Reporter: David Johnson
>            Assignee: David Johnson
>             Fix For: 5.0
>
>         Attachments: OAuth authorize.jpg, OAuth credentials page.jpg, OAuth creds link.jpg,
OAuth enable.jpg, rol1798-20090313.patch
>
>
> Add support for OAuth authentication, supporting these requirements:
> a) - Support for three standard OAuth URIs
>   1) - request token URI
>   2) - authorization URI, presents authorization page if appropriate
>   3) - access token servlet URI
> b) - Support for OAuth authentication in AtomPub servlet
> c) - Ability to enable and disable AtomPut from Server Admin page
> d) - Ability to choose either OAuth, BASIC, WSSE or  authentication for AtomPub
> e) - Addition of an OAuth page that appears when OAuth is enabled
>    1) allows users to access the key and secret they need to authorized AtomPub clients
>    2) allows admins to access the site-wide key and secret needed to authorize 3rd party
sites
> The implementation creates these new tables:
>     -- each record is an OAuth consumer key and secret, can be tied to just one user
>    create table rol_oauthconsumer (
>       consumerkey varchar(48) not null primary key,
>       consumersecret varchar(48) not null,
>       username varchar(48)
>   );
>   create index oc_username_idx  on rol_oauthconsumer( username$!db.INDEXSIZE );
>   create index oc_consumerkey_idx  on rol_oauthconsumer( consumerkey$!db.INDEXSIZE );
>   -- each record is an OAuth accessor, always tied to just one user
>   create table rol_oauthaccessor (
>       consumerkey varchar(48) not null primary key,
>       requesttoken varchar(48),
>       accesstoken varchar(48),
>       tokensecret varchar(48),
>       created $db.TIMESTAMP_SQL_TYPE not null,
>       updated $db.TIMESTAMP_SQL_TYPE not null,
>       username varchar(48) not null,
>       authorized $db.BOOLEAN_SQL_TYPE_FALSE
>   );
>   create index oa_consumerkey_idx  on rol_oauthaccessor( consumerkey$!db.INDEXSIZE );
> The implementation adds these new jars:
>     commons-httpclient-3.1.jar
>     httpclient-4.0-beta1.jar
>     httpcore-4.0-beta2.jar
>     oauth-core-20090121.jar

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message