org.forgerock / org.forgerock.openig

10 Sep, 2014

2 commits

  • 4e2323f5   OPENIG-279 Fix javadoc that was still referring to 'handlerObject' ... Browse Code » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@566 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 6e705541   OPENIG-278 CR-4474 Implement OpenIG Session using JWT and stores it in a cookie ... Browse Code » 
    OpenIG used to provide a default Session implementation based on the
underlying Servlet container's HttpSession. This changeset intends to
gives to the user the ability to change the session persistence
strategy (in other words: changing the Session implementation).

This can be done at the global level (in the config.json, declaring a
SessionFactory object named 'Session') or on a per-route basis (with the
new 'session' attribute).
When an Exchanges comes into a route that declares a new session type, a new
session is build (no existing session items are propagated) and replace
the old session. When the exchange exits the route, the new session is closed
(notify the session that it's time to persist its content) and is replaced
by the old one. Really like a push/pop stack mechanism.

Notice that the 2 sessions are completely separated (cannot access the old
content from the new and vis-versa). First, that would defeat the purpose of
different session persistence modes (if items are propagated, where should
I persist them ?). Secondly, Session is not intended to share data between
handlers/filters: the Exchange is basically a request-scoped Map that is
designed for that purpose.

The JWT based session is a session implementation whose persistence is done
using an HTTP Cookie, the session's content being serialized as JSON (usable
types are constrained, see list below) and used as the payload of an
encrypted JSON Web Token (JWT).

The use of the JWT session has a few constraints:
 * HTTP Cookies are size-limited to 4K -> Small objects can be stored
 * Only JSON compatible types are supported:
    * null
    * Java primitive types + their boxed equivalent
    * Strings (and any CharSequence)
    * List and Map (of the supported types, recursively)
 * Same client performing concurrent HTTP invocations (so within the
   same HTTP session) that will modify their own session content will
   see inconsistencies in the session. This is due to the fact that the JWT
   session is not shared, each concurrent Thread has its own instance and
   can modify it at will. At the end of the processing, each Thread will
   serialize its own session's content regardless of other Threads.

git-svn-id: https://svn.forgerock.org/openig/trunk@565 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

09 Sep, 2014

1 commit

08 Sep, 2014

3 commits

05 Sep, 2014

6 commits

  • c7a01b21   Use the new KeyManager and TrustManager heap objects in HttpClient ... Browse Code » 
    To keep backward compatibility, 'keystone' and 'truststore' are left
unchanged but have been deprecated.
We've added 2 new attributes to specify reference(s) to TrustManager(s)
and KeyManager(s) declared as heap objects.

Issues: OPENIG-305

git-svn-id: https://svn.forgerock.org/openig/trunk@560 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • c0131ed2   Transform an array of references into objects from the heap ... Browse Code » 
    This change eases references resolution when they are provided as a JSON
String array (like ["RefOne", "RefTwo"]).

git-svn-id: https://svn.forgerock.org/openig/trunk@559 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • dd6ca8df   Remove unused HeapletService service declaration ... Browse Code » 
    The two referenced service implementations do not exist (anymore ?).
And the service file name was incorrect (no HeapletService interface
exist).

git-svn-id: https://svn.forgerock.org/openig/trunk@558 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 8dec1539   Expose new security heap objects (KeyStore, KeyManager and TrustManager) ... Browse Code » 
    KeyStore and related security objects are being more and more central
to OpenIG:
 * Used by HttpClient
 * Needed for encryption / decryption

This patch is a first step to provide a way to configure theses as
usual heap objects (through JSON).

KeyStore heap object is an abstraction around the keystore file (either JKS,
PKCS12 or other depending on the platform capabilities).
Specifying a password or not depends on he usage:
 * If KeyStore will be used to read private credentials (through a
   KeyManager for example), a password is required
 * If not (for a TrustManager), no password is required

KeyManager and TrustManager are using a KeyStore heap object and
are used within SSL mechanism (SSLContext) to provide a view on the KeyStore:
 * KeyManager when private credentials access is required.
 * TrustManager when only public information access is required

Issues: OPENIG-295
Reviews: CR-4441

git-svn-id: https://svn.forgerock.org/openig/trunk@557 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 8cb26e78   Provide the ability to evaluate JsonValue containing expressions 'in place'. ... Browse Code » 
    The previously introduced evaluate() method was a step in the right
direction, allowing resolution of static (no references to ${exchange})
string JsonValue, returning a simple resolved String.
While it works great, it's a shame that we don't benefit anymore of the
JsonValue API, in particular the conversion methods (asURL(), ...).

This fix uses a JsonTransformer to actually resolve any String wrapped
JsonValue and creates a deep copy of the given JsonValue.

git-svn-id: https://svn.forgerock.org/openig/trunk@556 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 7a460545   Introduce HeapletFactory service support ... Browse Code » 
    When a new heap object instance has to be created, we first have to
find a Heaplet instance that will create the required object from the
given JSON configuration.
Heaplet instances are linked to the single object they created: they
manage the heap object lifecycle with the start() and destroy() methods.
The old behaviour was using Heaplet instances directly loaded and
instantiated, meaning that a single Heaplet instance could be used to
create multiple heap objects, somehow mixing states, which was very
wrong.

Now, HeapletFactory (instead of direct Heaplet) are found using the
ServiceLoader discovery mechanism. They are responsible to create new
Heaplet instances, meaning that we cannot anymore share a Heaplet
instance for 2 or more heap objects.

Heaplet class does not extends Indexed<Class> anymore (was only used
because of the way Heaplets was looking for Heaplet instances).
NestedHeaplet is now deprecated since its only duty was to implement the
Indexed interface. All references to NestedHeaplet were replaced to
GenericHeaplet (its parent class) in our code base to avoid ugly
compiler warnings.

As per OPENIG-302 comments, the HeapletFactory will be a short-lived
concept since this additional layer introduction was the straw that broke
the camel's back :)

Issues: OPENIG-302
Reviews: CR-4457

git-svn-id: https://svn.forgerock.org/openig/trunk@555 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

04 Sep, 2014

3 commits

03 Sep, 2014

3 commits

02 Sep, 2014

1 commit

01 Sep, 2014

1 commit

29 Aug, 2014

3 commits

28 Aug, 2014

3 commits

  • 011fe306   More typos ... Browse Code » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@543 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    mark
     
  • f70a676d   More typos ... Browse Code » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@542 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    mark
     
  • 0ed9af7a   Typos ... Browse Code » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@541 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    mark
     

27 Aug, 2014

3 commits

26 Aug, 2014

2 commits

25 Aug, 2014

5 commits

22 Aug, 2014

2 commits

21 Aug, 2014

2 commits