Just a heads up that I'm tearing apart the current Auth filter for the java social code and putting it back in an easier to use format. Some highlights:
- I've changed the DataServiceServlet to get the security token from the filter so we actually use it. - I've changed the filter to take in a list of AuthenticationHandlers which it tries in order to get a security token from. -- The default handlers will be UrlParameterAH for the basic st param. OAuthConsumerRequestAH - this would be two legged oauth. Probably everyone's first goal for oauth support. AnonymousAH - for allowing requests which don't have an st if a flag is set that says anon requests are allowed. - When we want to add full (ie three legged) OAuth support or if a container has some independant auth mechanism you can simply inject different handlers according to your own needs. Note: I have not tested the OAuth stuff yet... because I don't have a server side setup that can try to hit shindig with an oauth request. Does anyone out there have something coded up to test restful Shindig w/oauth yet? If not, I'm sure someone will get to it soon but help would be awesome. (The implementation of the oauth stuff is just a little simpler because i got rid of some concepts we don't need - like the principal stuff. The basic code structure is the same though - so I hope I preserved the correctness.) - Cassie
