org.forgerock / org.forgerock.openig

08 Sep, 2014

1 commit

05 Sep, 2014

1 commit

  • 7a460545   Introduce HeapletFactory service support ... Browse Dir » 
    When a new heap object instance has to be created, we first have to
find a Heaplet instance that will create the required object from the
given JSON configuration.
Heaplet instances are linked to the single object they created: they
manage the heap object lifecycle with the start() and destroy() methods.
The old behaviour was using Heaplet instances directly loaded and
instantiated, meaning that a single Heaplet instance could be used to
create multiple heap objects, somehow mixing states, which was very
wrong.

Now, HeapletFactory (instead of direct Heaplet) are found using the
ServiceLoader discovery mechanism. They are responsible to create new
Heaplet instances, meaning that we cannot anymore share a Heaplet
instance for 2 or more heap objects.

Heaplet class does not extends Indexed<Class> anymore (was only used
because of the way Heaplets was looking for Heaplet instances).
NestedHeaplet is now deprecated since its only duty was to implement the
Indexed interface. All references to NestedHeaplet were replaced to
GenericHeaplet (its parent class) in our code base to avoid ugly
compiler warnings.

As per OPENIG-302 comments, the HeapletFactory will be a short-lived
concept since this additional layer introduction was the straw that broke
the camel's back :)

Issues: OPENIG-302
Reviews: CR-4457

git-svn-id: https://svn.forgerock.org/openig/trunk@555 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

02 Sep, 2014

1 commit

29 Aug, 2014

1 commit

26 Aug, 2014

1 commit

21 Aug, 2014

1 commit

05 Aug, 2014

1 commit

03 Aug, 2014

4 commits

  • fd6ca7b4   Fix minor compiler warnings. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@446 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    matthew
     
  • c924f8d4   Fix OPENIG-195: Implement OAuth 2.0 Client support ... Browse Dir » 
    Minor enhancement: provide the ability to configure per-provider scopes. Scopes are also no longer required since defaults can be configured at the IdP. See Javadoc for more detail.

git-svn-id: https://svn.forgerock.org/openig/trunk@445 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    matthew
     
  • c9d5329e   OPENIG-243 (CR-4178) Introduce a MutableUri construct to ease URI modifications ... Browse Dir » 
    * Request.uri is now a MutableUri
* Removed UriResolver since it was useless with both this new feature and the BeanResolver

git-svn-id: https://svn.forgerock.org/openig/trunk@444 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 2e89d62e   Partial fix for OPENIG-235: Add better encapsulation of exchange object model in… ... Browse Dir » 
    … order to add addition "enhanced" getters and setters for fields

Provide better APIs for interacting with Message entities. Previously we were stuck with the esoteric BranchingInputStream which makes entities very hard (impossible?) to use in expressions and Groovy.

* methods for getting the entity's content as JSON or as a plain String
* methods for setting the entity's content to JSON or String data
* simplification (I hope) of the branch life-cycle management
* make Message closeable, delegating close to the entity and onto the branching input stream, allowing us to avoid alot of null-checking boilerplace.


git-svn-id: https://svn.forgerock.org/openig/trunk@443 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    matthew
     

31 Jul, 2014

3 commits

30 Jul, 2014

3 commits

  • 5e953753   Fix OPENIG-195: Implement OAuth 2.0 Client support ... Browse Dir » 
    Main entry point is OAuth2ClientFilter

Supports:

* OAuth 2.0 "authorization code" grant type
* automatic token refresh
* proactive and reactive authorization for SSO
* user initiated login / logout
* OpenID Connect Relying Party
* OpenID Connect discovery via "well-known configuration"
* multiple providers and optional "Nascar" page
* session based persistence
* CSRF prevention via 160 bit state nonces
* manually tested against OpenAM 11 and Google.

TODO:

* more unit testing
* cookie based session management via encrypted JWT tokens
* attribute mappings per provider? (TBD)
* consider replacing default login/logout URLs with handlers?


git-svn-id: https://svn.forgerock.org/openig/trunk@424 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    matthew
     
  • ea66dbdb   Renamed OAuth2ValidationTokenFilter to OAuth2ResourceServerFilter to better show… ... Browse Dir » 
    … the role used by this filter
* Also aligned with filter names that will come for OpenIDConnect support

git-svn-id: https://svn.forgerock.org/openig/trunk@422 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • b7aac5ee   Minor fix for checkstyle errors and IDE warnings. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@421 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    matthew
     

29 Jul, 2014

1 commit

24 Jul, 2014

2 commits

  • d4da80dc   Added some tests around BearerTokenExtractor ... Browse Dir » 
    * Some cases are not covered yet, needs to re-think the header parsing to be more strict

git-svn-id: https://svn.forgerock.org/openig/trunk@383 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • e1c5ec74   OPENIG-176 (CR-3939 && CR-4049) Implement OAuth 2.0 Resource Server support ... Browse Dir » 
    * Introduced openig-oauth2 maven module
* AccessTokenResolver is producing an AccessToken
** OpenAm resolver is provided
* Token extraction and validation against a token info endpoint
** Expiry is verified
** Scope compatibility is verified
** In case of errors, standard RFC 6750 compliant error responses are returned
* AccessToken are cached
** Expiration delay is configurable
* Provided an EnforcerFilter that enforce a condition before delegating the execution

git-svn-id: https://svn.forgerock.org/openig/trunk@382 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

18 Jul, 2014

1 commit

11 Jul, 2014

4 commits

  • b63eb4f7   Remove step that is unnecessary for getting started with the simple minimal HTTP… ... Browse Dir » 
    … server now provided.

Note that this does not remove the step entirely from the documentation, just from the simplified "getting started" procedure. This topic is still covered in the full installation instructions at http://openig.forgerock.org/doc/gateway-guide/#jetty-cookie-domains

git-svn-id: https://svn.forgerock.org/openig/trunk@359 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    mark
     
  • 3958a129   CR-4001 Fixes for ... Browse Dir » 
    OPENIG-185: Document how to configure containers for TLS
OPENIG-186: Merge chapters on configuring deployment containers & installing OpenIG


git-svn-id: https://svn.forgerock.org/openig/trunk@358 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    mark
     
  • f3f3d8c1   Typo ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@357 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    mark
     
  • 240a534f   Editorial fix ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@356 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    mark
     

10 Jul, 2014

1 commit

09 Jul, 2014

3 commits

08 Jul, 2014

1 commit

07 Jul, 2014

1 commit

  • be9c6012   Updated all copyrights for correctness: ... Browse Dir » 
    Replaced Copyrighted with Copyright
removed the (c) character not required
removed All rights reserved from Apex Identity copyrights. The code is open source, thus rights are no longer reserved.

git-svn-id: https://svn.forgerock.org/openig/trunk@345 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    ludo
     

04 Jul, 2014

1 commit

02 Jul, 2014

1 commit

01 Jul, 2014

2 commits

30 Jun, 2014

2 commits

27 Jun, 2014

2 commits

25 Jun, 2014

1 commit