[jira] [Commented] (DIRKRB-651) Add support to send a JWT AccessToken via the GSS API
[ https://issues.apache.org/jira/browse/DIRKRB-651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16153485#comment-16153485 ] Kai Zheng commented on DIRKRB-651: -- The latest patch LGTM and +1. Thanks Colm for the great update! By the way, you wouldn't trouble to delete the previous patch when providing a new revision. > Add support to send a JWT AccessToken via the GSS API > - > > Key: DIRKRB-651 > URL: https://issues.apache.org/jira/browse/DIRKRB-651 > Project: Directory Kerberos > Issue Type: Improvement >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0 > > Attachments: DIRKRB-651.patch > > > This task is to add support to send a JWT AccessToken via the GSS API. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-651) Add support to send a JWT AccessToken via the GSS API
[ https://issues.apache.org/jira/browse/DIRKRB-651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16153481#comment-16153481 ] Colm O hEigeartaigh commented on DIRKRB-651: Thanks for the review, I'll merge the patch then. > Add support to send a JWT AccessToken via the GSS API > - > > Key: DIRKRB-651 > URL: https://issues.apache.org/jira/browse/DIRKRB-651 > Project: Directory Kerberos > Issue Type: Improvement >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0 > > Attachments: DIRKRB-651.patch > > > This task is to add support to send a JWT AccessToken via the GSS API. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-651) Add support to send a JWT AccessToken via the GSS API
[ https://issues.apache.org/jira/browse/DIRKRB-651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16153480#comment-16153480 ] Kai Zheng commented on DIRKRB-651: -- bq. why should we maintain two separate constructors when both are private and wouldn't be used outside the class anyway? Ok, as it's private and wouldn't be used outside, modifying it shouldn't be concerned. Agree with your point. > Add support to send a JWT AccessToken via the GSS API > - > > Key: DIRKRB-651 > URL: https://issues.apache.org/jira/browse/DIRKRB-651 > Project: Directory Kerberos > Issue Type: Improvement >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0 > > Attachments: DIRKRB-651.patch > > > This task is to add support to send a JWT AccessToken via the GSS API. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-651) Add support to send a JWT AccessToken via the GSS API
[
https://issues.apache.org/jira/browse/DIRKRB-651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16153053#comment-16153053
]
Kai Zheng commented on DIRKRB-651:
--
Thanks Jiajia for the taking.
Another comment:
Could we add another constructor method with the new {{krbToken}} parameter
instead of modifying the existing one?
{code}
-private GssInitCred(GSSCaller caller, GssNameElement name, KerberosTicket
ticket, int lifeTime) {
+private GssInitCred(GSSCaller caller, GssNameElement name,
+KerberosTicket ticket, KrbToken krbToken, int
lifeTime) {
super(caller, name);
this.ticket = ticket;
this.initLifeTime = lifeTime;
+this.krbToken = krbToken;
}
{code}
> Add support to send a JWT AccessToken via the GSS API
> -
>
> Key: DIRKRB-651
> URL: https://issues.apache.org/jira/browse/DIRKRB-651
> Project: Directory Kerberos
> Issue Type: Improvement
>Reporter: Colm O hEigeartaigh
>Assignee: Colm O hEigeartaigh
> Fix For: 1.1.0
>
> Attachments: DIRKRB-651.patch
>
>
> This task is to add support to send a JWT AccessToken via the GSS API.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (DIRKRB-651) Add support to send a JWT AccessToken via the GSS API
[ https://issues.apache.org/jira/browse/DIRKRB-651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16153031#comment-16153031 ] Jiajia Li commented on DIRKRB-651: -- bq. Instead we can do it via Service Loader I think it's a good idea. I will create the jira to improve it. > Add support to send a JWT AccessToken via the GSS API > - > > Key: DIRKRB-651 > URL: https://issues.apache.org/jira/browse/DIRKRB-651 > Project: Directory Kerberos > Issue Type: Improvement >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0 > > Attachments: DIRKRB-651.patch > > > This task is to add support to send a JWT AccessToken via the GSS API. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (DIRKRB-651) Add support to send a JWT AccessToken via the GSS API
[
https://issues.apache.org/jira/browse/DIRKRB-651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16152549#comment-16152549
]
Kai Zheng commented on DIRKRB-651:
--
Thanks Colm for the nice work! Sorry for the late review. Some minor comments,
overall looking great.
1. Could we have a new test class for token related, like {{TokenAppTest}},
letting the existing {{AppTest}} keep simpler for Kerberos related?
{code}
-public abstract class AppTest extends LoginTestBase {
+public abstract class AppTest extends TokenLoginTestBase {
{code}
2. This was from existing codes, but I wonder if we could have a separate issue
to improve on this. It's rather boring to have to remember we need to set up a
token provider before we use it. Instead we can do it via {{Service Loader}}.
[~jiajia] sounds good?
{code}
+static {
+KrbRuntime.setTokenProvider(new JwtTokenProvider());
+}
{code}
3. Minor, testJWTAccessToken => testJwtAccessToken, for consistency.
4. Not sure if we could get an InputStream from the class resource directly,
getting rid of the File step, for more robust.
{code}
+File signKeyFile = new
File(this.getClass().getResource("/private_key.pem").getPath());
+InputStream is = Files.newInputStream(signKeyFile.toPath());
+PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
{code}
> Add support to send a JWT AccessToken via the GSS API
> -
>
> Key: DIRKRB-651
> URL: https://issues.apache.org/jira/browse/DIRKRB-651
> Project: Directory Kerberos
> Issue Type: Improvement
>Reporter: Colm O hEigeartaigh
>Assignee: Colm O hEigeartaigh
> Fix For: 1.1.0
>
> Attachments: DIRKRB-651.patch
>
>
> This task is to add support to send a JWT AccessToken via the GSS API.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (DIRKRB-651) Add support to send a JWT AccessToken via the GSS API
[ https://issues.apache.org/jira/browse/DIRKRB-651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16143542#comment-16143542 ] Colm O hEigeartaigh commented on DIRKRB-651: Could someone review please? > Add support to send a JWT AccessToken via the GSS API > - > > Key: DIRKRB-651 > URL: https://issues.apache.org/jira/browse/DIRKRB-651 > Project: Directory Kerberos > Issue Type: Improvement >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.1.0 > > Attachments: DIRKRB-651.patch > > > This task is to add support to send a JWT AccessToken via the GSS API. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
