org.forgerock / org.forgerock.openig

10 Oct, 2014

1 commit

09 Oct, 2014

1 commit

08 Oct, 2014

1 commit

06 Oct, 2014

1 commit

01 Oct, 2014

1 commit

25 Sep, 2014

4 commits

24 Sep, 2014

4 commits

23 Sep, 2014

4 commits

22 Sep, 2014

2 commits

19 Sep, 2014

1 commit

18 Sep, 2014

1 commit

  • 6f608832   CR-4573 OPENIG-275: Document what is needed for load balancing and failover ... Browse Code » 
    If you can store all state on the user-agent,
for example by using the JwtSession implementation,
then perhaps OpenIG can be stateless enough
that there is no need to do anything special when load balancing.

If some of the state is stored on the server,
then you need to configure the load balancer for session stickiness
and to configure the container for session replication.

Neither the load balancer configuration
nor the container configuration
are specific to OpenIG,
so this patch explains what needs doing
and points to the documentation
for supported containers Apache Tomcat & Jetty.

git-svn-id: https://svn.forgerock.org/openig/trunk@582 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    mark
     

17 Sep, 2014

1 commit

16 Sep, 2014

4 commits

15 Sep, 2014

6 commits

  • fc647624   git-svn-id: https://svn.forgerock.org/openig/trunk@576 dbb9e58e-28e6-4ce0-90e8-f11d9605b710 Browse Code »
    matthew
     
  • ac7dbb05   Fix link to download page ... Browse Code » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@575 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • eb870fb6   Simplify default configuration with the help of inline declarations ... Browse Code » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@574 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 11201158   Fix location of default-config.json ... Browse Code » 
    It was misplaced in the openig-core module where it was used in openig-war module.

git-svn-id: https://svn.forgerock.org/openig/trunk@573 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 18535edc   OPENIG-316 (CR-4524) Improve Heap interface usability ... Browse Code » 
    Heap.get(String):Object gains type safety

    Heap.get(String, Class<T>):T

Heap.getRequiredObject(JsonValue, Class<T>) has a shorter name

    Heap.resolve(JsonValue, Class<T>):T

Heap.getObject(JsonValue, Class<T>) is replaced by a resolve
variant that supports optional dependencies:

    Heap.resolve(JsonValue, Class<T>, boolean):T

git-svn-id: https://svn.forgerock.org/openig/trunk@572 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • a6e0cd60   OPENIG-311 OPENIG-316 (CR-4524) Support inlined declaration in the JSON configuration ... Browse Code » 
    Inline object declarations are a mean to ease understanding of
Exchange processing.
They permit to describe anonymously, inner objects when a reference to
another heap object is required. That introduce, in the configuration
files, some hierarchical support, easing the user to mentally
represents his processing chain.

This is done in a fully backward compatible way, without requiring any
changes to existing object declarations (the one that requires other
objects through references or names).

The idea is to automatically extract inline declaration when the Heaplet
is calling the get***Object() methods: if the provided JsonValue is a
String, traditional object lookup is performed, but when the JsonValue
represents a JSONObject (a Map), we try to turn this into a normal
object declaration (just like what is done during heap initialisation).
If the given JsonValue does not describe a valid declaration, a
JsonValueException is thrown (again, just like the heap init process
is doing).

Notice that inline declarations do not require a 'name' attribute to
be specified (like anonymous Java classes), so we generate a unique name
based on the JsonPointer (represents the location of the node in
the JSON structure).

Notice that OPENIG-316 is partly resolved in this commit: HeapUtil methods
have only been moved into the Heap interface: no additional type safety,
no renaming.

git-svn-id: https://svn.forgerock.org/openig/trunk@571 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

12 Sep, 2014

2 commits

11 Sep, 2014

1 commit

10 Sep, 2014

3 commits

  • 2c7a8695   CR-4515 Fix for OPENIG-306: Document key store, key manager, and trust manager configuration ... Browse Code » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@567 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    mark
     
  • 4e2323f5   OPENIG-279 Fix javadoc that was still referring to 'handlerObject' ... Browse Code » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@566 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 6e705541   OPENIG-278 CR-4474 Implement OpenIG Session using JWT and stores it in a cookie ... Browse Code » 
    OpenIG used to provide a default Session implementation based on the
underlying Servlet container's HttpSession. This changeset intends to
gives to the user the ability to change the session persistence
strategy (in other words: changing the Session implementation).

This can be done at the global level (in the config.json, declaring a
SessionFactory object named 'Session') or on a per-route basis (with the
new 'session' attribute).
When an Exchanges comes into a route that declares a new session type, a new
session is build (no existing session items are propagated) and replace
the old session. When the exchange exits the route, the new session is closed
(notify the session that it's time to persist its content) and is replaced
by the old one. Really like a push/pop stack mechanism.

Notice that the 2 sessions are completely separated (cannot access the old
content from the new and vis-versa). First, that would defeat the purpose of
different session persistence modes (if items are propagated, where should
I persist them ?). Secondly, Session is not intended to share data between
handlers/filters: the Exchange is basically a request-scoped Map that is
designed for that purpose.

The JWT based session is a session implementation whose persistence is done
using an HTTP Cookie, the session's content being serialized as JSON (usable
types are constrained, see list below) and used as the payload of an
encrypted JSON Web Token (JWT).

The use of the JWT session has a few constraints:
 * HTTP Cookies are size-limited to 4K -> Small objects can be stored
 * Only JSON compatible types are supported:
    * null
    * Java primitive types + their boxed equivalent
    * Strings (and any CharSequence)
    * List and Map (of the supported types, recursively)
 * Same client performing concurrent HTTP invocations (so within the
   same HTTP session) that will modify their own session content will
   see inconsistencies in the session. This is due to the fact that the JWT
   session is not shared, each concurrent Thread has its own instance and
   can modify it at will. At the end of the processing, each Thread will
   serialize its own session's content regardless of other Threads.

git-svn-id: https://svn.forgerock.org/openig/trunk@565 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

09 Sep, 2014

1 commit

08 Sep, 2014

1 commit