Direkt zum Hauptbereich

Create a Bearer token in Scala

Bearer tokens are a standard which is used in OAuth 2.0. Although there have been discussions if the security mechanisms are significantly weaker than the use of using signatures as many implementations of OAuth 1.0 did (see http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-00), bearer tokens are part of the OAuth 2.0 specification and therefore widely adopted in nearly all implementations.

The syntax of Bearer tokens is specified in RFC6750 (http://http://tools.ietf.org/html/rfc6750)

This is a lean utils object to create specification compliant Bearers in Scala using the java.security.SecureRandom implementation as a randomizer.

The standard generate function returns a token of 32 byte length. A second polymorphic functions allows for the generation of a token of individual size.


import scala.util._
import java.security.SecureRandom

/*
 * Generates a Bearer Token with the length of 32 characters according to the
 * specification RFC6750 (http://http://tools.ietf.org/html/rfc6750)
 */
object BearerTokenGenerator {
  
  val TOKEN_LENGTH = 32
  val TOKEN_CHARS = 
     "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-._"
  val secureRandom = new SecureRandom()
    
  def generateToken:String =  
    generateToken(TOKEN_LENGTH)   
  
  def generateToken(tokenLength: Int): String =
    if(tokenLength == 0) "" else TOKEN_CHARS(secureRandom.nextInt(TOKEN_CHARS.length())) + 
     generateToken(tokenLength - 1)
  
}

Kommentare

Kommentar veröffentlichen

Beliebte Posts aus diesem Blog

CQRS - Command Query Responsibility Segregation

A lot of information systems have been built with a data manipulation focus in mind. Often CRUD (create, read, update delete) operations built on top of a predefined relational data model are the first functionalities that are implemented and lay out as a foundation for the rest of an application. This is mainly because when we think about information systems we have a mental model of some record structure where we can create new records, read records, update existing records, and delete records. This had been learned throughout the last decade of data centric and transaction oriented IT systems. This approach often leads to shortcomings when it comes to query and analyze the system's data. Classical layered architecture This is where CQRS comes into the game. CQRS stands for Command Query Responsibility Segregation and has been first described by Greg Young and later on by Martin Fowler. This architectural pattern calls for dividing the software architecture into two parts...
Kommentar veröffentlichen
Mehr anzeigen

Add an existing Grails project to Bitbucket using Git

I just started using Bitbucket as a new service to host masters of my source code repositories using Git. If you develop with Grails (like I also do more often) and ever asked yourself how to create a Git repository out of an existing project, here is the solution. Prerequisits Of course you need to have Git installt locally on your machine. If you haven't here are instructions on how to do it (if your a Mac user, I find this Mac OS X installer very useful). Of course you also need an account for bitbucket.org . It's free and easy to set up. In addition to your account you need to create an empty repository. Follow the guidance on the Bitbucket site, it's quite easy. Prepare your grails project As you do not want to store all your files in the repository, you need to create a so called .gitignore file. To do so, you can use a grails command: > grails integrate-with --git Afterwards, the .gitignore file has been created. If you are using the Grovy & Gr...
2 Kommentare
Mehr anzeigen