Author: scottbw
Date: Tue Mar 4 13:06:17 2014
New Revision: 1574082
URL: http://svn.apache.org/r1574082
Log:
Added a nonce to AuthToken; this is needed as when creating a new instance, the
token must never be the same even when the "content" of the token is identical.
Modified:
wookie/trunk/wookie-server/src/main/java/org/apache/wookie/auth/AuthToken.java
Modified:
wookie/trunk/wookie-server/src/main/java/org/apache/wookie/auth/AuthToken.java
URL:
http://svn.apache.org/viewvc/wookie/trunk/wookie-server/src/main/java/org/apache/wookie/auth/AuthToken.java?rev=1574082&r1=1574081&r2=1574082&view=diff
==============================================================================
---
wookie/trunk/wookie-server/src/main/java/org/apache/wookie/auth/AuthToken.java
(original)
+++
wookie/trunk/wookie-server/src/main/java/org/apache/wookie/auth/AuthToken.java
Tue Mar 4 13:06:17 2014
@@ -18,6 +18,7 @@
package org.apache.wookie.auth;
import org.apache.wookie.server.security.ApiKey;
+import org.apache.wookie.w3c.util.RandomGUID;
/**
* An AuthToken used to pass contextual information about an instance of a
@@ -34,6 +35,7 @@ public class AuthToken {
private String contextId;
private String lang;
private boolean singleUse = false;
+ private String nonce;
public static final int DEFAULT_MAX_TOKEN_TTL = 3600; // 1 hour
private static final long CLOCK_SKEW_ALLOWANCE = 180; // allow three
minutes for clock skew
@@ -43,7 +45,7 @@ public class AuthToken {
/**
* Default constructor
*/
- protected AuthToken(){
+ private AuthToken(){
}
/**
@@ -56,6 +58,7 @@ public class AuthToken {
AuthToken authToken = new AuthToken();
authToken.setExpires(300); // 5 minutes
authToken.setSingleUse(true);
+ authToken.nonce = new RandomGUID(true).toString();
authToken.setApiKey(oldToken.getApiKeyInstance());
authToken.setContextId(oldToken.getContextId());
authToken.setWidgetId(oldToken.getWidgetId());
@@ -70,6 +73,7 @@ public class AuthToken {
*/
public static AuthToken SHORT_LIFESPAN_TOKEN(){
AuthToken authToken = new AuthToken();
+ authToken.nonce = new RandomGUID(true).toString();
authToken.setExpires(300); // 5 minutes
return authToken;
}
@@ -81,6 +85,7 @@ public class AuthToken {
*/
public static AuthToken SHORT_LIFESPAN_TOKEN(AuthToken oldToken){
AuthToken authToken = new AuthToken();
+ authToken.nonce = new RandomGUID(true).toString();
authToken.setExpires(300); // 5 minutes
authToken.setApiKey(oldToken.getApiKeyInstance());
authToken.setContextId(oldToken.getContextId());
@@ -96,6 +101,7 @@ public class AuthToken {
*/
public static AuthToken STANDARD_LIFESPAN_TOKEN(){
AuthToken authToken = new AuthToken();
+ authToken.nonce = new RandomGUID(true).toString();
authToken.setExpires();
return authToken;
}
@@ -107,6 +113,7 @@ public class AuthToken {
*/
public static AuthToken STANDARD_LIFESPAN_TOKEN(AuthToken oldToken){
AuthToken authToken = new AuthToken();
+ authToken.nonce = new RandomGUID(true).toString();
authToken.setExpires();
authToken.setApiKey(oldToken.getApiKeyInstance());
authToken.setContextId(oldToken.getContextId());
@@ -279,6 +286,20 @@ public class AuthToken {
this.singleUse = singleUse;
}
+ /**
+ * @return the nonce
+ */
+ public String getNonce() {
+ return nonce;
+ }
+
+ /**
+ * @param nonce the nonce to set
+ */
+ public void setNonce(String nonce) {
+ this.nonce = nonce;
+ }
+
/* (non-Javadoc)
* @see java.lang.Object#toString()
*/
