svn commit: r1355749 - in /rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src: main/java/org/apache/rave/provider/opensocial/service/impl/ test/java/org/apache/rave/provider/opensocial/service/

mfranklin Sat, 30 Jun 2012 08:43:13 -0700

Author: mfranklin
Date: Sat Jun 30 15:42:46 2012
New Revision: 1355749

URL: http://svn.apache.org/viewvc?rev=1355749&view=rev
Log:
fixed security token bug (RAVE-714)


Modified:
    
rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java
    
rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java

Modified: 
rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java
URL: 
http://svn.apache.org/viewvc/rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java?rev=1355749&r1=1355748&r2=1355749&view=diff
==============================================================================
--- 
rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java
 (original)
+++ 
rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java
 Sat Jun 30 15:42:46 2012
@@ -132,7 +132,7 @@ public class EncryptedBlobSecurityTokenS
         SecurityToken securityToken = 
this.decryptSecurityToken(encryptedSecurityToken);
 
         //Make sure the person is authorized to refresh this token
-        String userId = 
String.valueOf(userService.getAuthenticatedUser().getId());
+        String userId = 
String.valueOf(userService.getAuthenticatedUser().getUsername());
         if (!securityToken.getViewerId().equalsIgnoreCase(userId)) {
             throw new SecurityTokenException("Illegal attempt by user " + 
userId +
                     " to refresh security token with a viewerId of " + 
securityToken.getViewerId());
@@ -141,7 +141,7 @@ public class EncryptedBlobSecurityTokenS
         //Create a new RegionWidget instance from it so we can use it to 
generate a new encrypted token
         RegionWidget regionWidget = new 
RegionWidgetImpl(securityToken.getModuleId(),
                 new WidgetImpl(-1L, securityToken.getAppUrl()),
-                new RegionImpl(-1L, new PageImpl(-1L, new 
UserImpl(Long.valueOf(securityToken.getOwnerId()))), -1));
+                new RegionImpl(-1L, new PageImpl(-1L, 
userService.getUserByUsername(securityToken.getOwnerId())), -1));
 
         //Create and return the newly encrypted token
         return getEncryptedSecurityToken(regionWidget);
@@ -155,8 +155,8 @@ public class EncryptedBlobSecurityTokenS
         values.put(AbstractSecurityToken.Keys.APP_URL.getKey(), 
regionWidget.getWidget().getUrl());
         values.put(AbstractSecurityToken.Keys.MODULE_ID.getKey(), 
String.valueOf(regionWidget.getId()));
         values.put(AbstractSecurityToken.Keys.OWNER.getKey(),
-                
String.valueOf(regionWidget.getRegion().getPage().getOwner().getId()));
-        values.put(AbstractSecurityToken.Keys.VIEWER.getKey(), 
String.valueOf(user.getId()));
+                
String.valueOf(regionWidget.getRegion().getPage().getOwner().getUsername()));
+        values.put(AbstractSecurityToken.Keys.VIEWER.getKey(), 
String.valueOf(user.getUsername()));
         values.put(AbstractSecurityToken.Keys.TRUSTED_JSON.getKey(), "");
 
         BlobCrypterSecurityToken securityToken = new 
BlobCrypterSecurityToken(container, domain, null, values);

Modified: 
rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java
URL: 
http://svn.apache.org/viewvc/rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java?rev=1355749&r1=1355748&r2=1355749&view=diff
==============================================================================
--- 
rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java
 (original)
+++ 
rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java
 Sat Jun 30 15:42:46 2012
@@ -108,13 +108,14 @@ public class SecurityTokenServiceTest {
     @Test
     public void getSecurityToken_validWidget_ownerIsNotViewer() throws 
SecurityTokenException {
         Long expectedOwnerId = 99999L;
-        validPage.setOwner(new UserImpl(expectedOwnerId));
+        String expected = "Expected";
+        validPage.setOwner(new UserImpl(expectedOwnerId, expected));
 
         
expect(userService.getAuthenticatedUser()).andReturn(validPerson).anyTimes();
         replay(userService);
 
         SecurityToken securityToken = 
securityTokenService.getSecurityToken(validRegionWidget);
-        validateSecurityToken(securityToken, expectedOwnerId);
+        validateSecurityToken(securityToken, expected);
     }
 
     @Test
@@ -141,6 +142,7 @@ public class SecurityTokenServiceTest {
     @Test
     public void refreshEncryptedSecurityToken_validTokenString() throws 
SecurityTokenException {
         
expect(userService.getAuthenticatedUser()).andReturn(validPerson).anyTimes();
+        
expect(userService.getUserByUsername(VALID_USER_NAME)).andReturn(validPerson).anyTimes();
         replay(userService);
 
         String encryptedToken = 
securityTokenService.getEncryptedSecurityToken(validRegionWidget);
@@ -153,14 +155,14 @@ public class SecurityTokenServiceTest {
     }
 
     private void validateSecurityToken(SecurityToken securityToken) {
-        validateSecurityToken(securityToken, VALID_USER_ID);
+        validateSecurityToken(securityToken, VALID_USER_NAME);
     }
 
-    private void validateSecurityToken(SecurityToken securityToken, Long 
expectedOwnerId) {
+    private void validateSecurityToken(SecurityToken securityToken, String 
expectedOwnerId) {
         assertNotNull(securityToken);
         assertEquals(VALID_REGION_WIDGET_ID.longValue(), 
securityToken.getModuleId());
-        assertEquals(expectedOwnerId, 
Long.valueOf(securityToken.getOwnerId()));
-        assertEquals(VALID_USER_ID, Long.valueOf(securityToken.getViewerId()));
+        assertEquals(expectedOwnerId, securityToken.getOwnerId());
+        assertEquals(VALID_USER_NAME, securityToken.getViewerId());
         assertEquals(VALID_URL, securityToken.getAppUrl());
     }
 }

svn commit: r1355749 - in /rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src: main/java/org/apache/rave/provider/opensocial/service/impl/ test/java/org/apache/rave/provider/opensocial/service/

Reply via email to