Project

General

Profile

Feature #7451

authorization token support in libclient

Added by Rob Nahf over 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Rob Nahf
Category:
d1_libclient_java
Target version:
Java Client - CLJ-2.0.0
Start date:
2015-10-22
Due date:
% Done:

100%

Milestone:
None
Product Version:
*
Story Points:
Sprint:

Description

Current libclient_java doesn't support the use of multiple auth tokens via D1Client, as it somewhat does with certificates. That is to say, the header can be added, but it will affect all other clients using the D1Client multipartRestClient.

I propose to add an AuthTokenSession class that can be passed into the Session parameter for API calls.
The AuthTokenSession will not use certificates, so will require I different way to set up the connectionManager for the httpClient. Do we still need to have host verification?

The session passed into the API should know how to switch to using the attached HttpClient

Using a request interceptor to set the Authorization header to prevent it from being messed with by other headers.

Associated revisions

Revision 16743
Added by Rob Nahf over 8 years ago

refs #7451. Added AuthTokenSession class to support use of authorization tokens for client communications. Initial commit.

Revision 16743
Added by Rob Nahf over 8 years ago

refs #7451. Added AuthTokenSession class to support use of authorization tokens for client communications. Initial commit.

Revision 16777
Added by Rob Nahf over 8 years ago

refs #7451. removing setAuthToken method (buggy) now that we have the AuthTokenSession object and logic.

Revision 16777
Added by Rob Nahf over 8 years ago

refs #7451. removing setAuthToken method (buggy) now that we have the AuthTokenSession object and logic.

History

#1 Updated by Rob Nahf over 8 years ago

  • Description updated (diff)

#2 Updated by Matthew Jones over 8 years ago

Do you mean SSL host verification? If so, then yes, you should always enable SSL host verification. Any SSL session set with host verification off would be insecure.

#3 Updated by Rob Nahf over 8 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 30

The AuthTokenSession is designed to establish TLS / SSL connection without a client x509 certificate. This sets up the same host verification as used within CertificateManager. (the authorization token will be used as the client credential material).

#4 Updated by Rob Nahf about 8 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 30 to 100

In production.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)