svn commit: r1174235 - in /shindig/trunk/java: common/src/main/java/org/apache/shindig/auth/ common/src/test/java/org/apache/shindig/auth/ gadgets/src/main/java/org/apache/shindig/gadgets/servlet/

hsaputra Thu, 22 Sep 2011 09:04:21 -0700

Author: hsaputra
Date: Thu Sep 22 16:03:56 2011
New Revision: 1174235

URL: http://svn.apache.org/viewvc?rev=1174235&view=rev
Log:
SHINDIG-1626 | BlobCrypterSecurityTokenCodec tries to use "instanceof" when the 
parameter is a Proxied object | Patch from Stanton Sievers. Thanks


Please see CR: https://reviews.apache.org/r/1981/


Modified:
    
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityToken.java
    
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java
    
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java
    
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java
    
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerApi.java

Modified: 
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityToken.java
URL: 
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityToken.java?rev=1174235&r1=1174234&r2=1174235&view=diff
==============================================================================
--- 
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityToken.java
 (original)
+++ 
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityToken.java
 Thu Sep 22 16:03:56 2011
@@ -43,7 +43,6 @@ public class BlobCrypterSecurityToken ex
   protected static final String TRUSTED_JSON_KEY = "j";
   protected static final String EXPIRES_KEY = "x";
 
-  protected final BlobCrypter crypter;
   protected final String container;
   protected final String domain;
 
@@ -63,8 +62,7 @@ public class BlobCrypterSecurityToken ex
    * @param container container that is issuing the token
    * @param domain domain to use for signed fetch with default signed fetch 
key.
    */
-  public BlobCrypterSecurityToken(BlobCrypter crypter, String container, 
String domain) {
-    this.crypter = crypter;
+  public BlobCrypterSecurityToken(String container, String domain) {
     this.container = container;
     this.domain = domain;
   }
@@ -84,7 +82,7 @@ public class BlobCrypterSecurityToken ex
   public static BlobCrypterSecurityToken decrypt(BlobCrypter crypter, String 
container, String domain,
         String token, String activeUrl) throws BlobCrypterException {
     Map<String, String> values = crypter.unwrap(token, 
MAX_TOKEN_LIFETIME_SECS);
-    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, 
container, domain);
+    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(container, 
domain);
     setTokenValues(t, values);
     t.setActiveUrl(activeUrl);
     return t;
@@ -109,30 +107,30 @@ public class BlobCrypterSecurityToken ex
    * Encrypt and sign the token.  The returned value is *not* web safe, it 
should be URL
    * encoded before being used as a form parameter.
    */
-  public String encrypt() throws BlobCrypterException {
-    Map<String, String> values = buildValuesMap();
-    return container + ':' + crypter.wrap(values);
+  public static String encrypt(SecurityToken token, BlobCrypter crypter) 
throws BlobCrypterException {
+    Map<String, String> values = buildValuesMap(token);
+    return token.getContainer() + ':' + crypter.wrap(values);
   }
 
-  protected Map<String, String> buildValuesMap() {
+  protected static Map<String, String> buildValuesMap(SecurityToken token) {
     Map<String, String> values = Maps.newHashMap();
-    if (ownerId != null) {
-      values.put(OWNER_KEY, ownerId);
+    if (token.getOwnerId() != null) {
+      values.put(OWNER_KEY, token.getOwnerId());
     }
-    if (viewerId != null) {
-      values.put(VIEWER_KEY, viewerId);
+    if (token.getViewerId() != null) {
+      values.put(VIEWER_KEY, token.getViewerId());
     }
-    if (appUrl != null) {
-      values.put(GADGET_KEY, appUrl);
+    if (token.getAppUrl() != null) {
+      values.put(GADGET_KEY, token.getAppUrl());
     }
-    if (moduleId != 0) {
-      values.put(GADGET_INSTANCE_KEY, Long.toString(moduleId));
+    if (token.getModuleId() != 0) {
+      values.put(GADGET_INSTANCE_KEY, Long.toString(token.getModuleId()));
     }
-    if (expiresAt != null) {
-      values.put(EXPIRES_KEY, Long.toString(expiresAt));
+    if (token.getExpiresAt() != null) {
+      values.put(EXPIRES_KEY, Long.toString(token.getExpiresAt()));
     }
-    if (trustedJson != null) {
-      values.put(TRUSTED_JSON_KEY, trustedJson);
+    if (token.getTrustedJson() != null) {
+      values.put(TRUSTED_JSON_KEY, token.getTrustedJson());
     }
     return values;                                                             
                              
    }

Modified: 
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java
URL: 
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java?rev=1174235&r1=1174234&r2=1174235&view=diff
==============================================================================
--- 
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java
 (original)
+++ 
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java
 Thu Sep 22 16:03:56 2011
@@ -160,14 +160,18 @@ public class BlobCrypterSecurityTokenCod
   }
 
   public String encodeToken(SecurityToken token) throws SecurityTokenException 
{
-    if (! (token instanceof BlobCrypterSecurityToken)) {
+    if (!token.getAuthenticationMode().equals(
+            AuthenticationMode.SECURITY_TOKEN_URL_PARAMETER.name())) {
       throw new SecurityTokenException("Can only encode 
BlogCrypterSecurityTokens");
     }
 
-    BlobCrypterSecurityToken t = (BlobCrypterSecurityToken)token;
-
+    BlobCrypter crypter = crypters.get(token.getContainer());
+    if (crypter == null) {
+      throw new SecurityTokenException("Unknown container " + 
token.getContainer());
+    }
+    
     try {
-      return t.encrypt();
+      return BlobCrypterSecurityToken.encrypt(token, crypter);
     } catch (BlobCrypterException e) {
       throw new SecurityTokenException(e);
     }

Modified: 
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java
URL: 
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java?rev=1174235&r1=1174234&r2=1174235&view=diff
==============================================================================
--- 
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java
 (original)
+++ 
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java
 Thu Sep 22 16:03:56 2011
@@ -106,14 +106,14 @@ public class BlobCrypterSecurityTokenCod
 
   @Test
   public void testCreateToken() throws Exception {
-    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(
-        getBlobCrypter(getContainerKey("container")), "container", null);
+    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken("container", 
null);
     t.setAppUrl("http://www.example.com/gadget.xml";);
     t.setModuleId(12345L);
     t.setOwnerId("owner");
     t.setViewerId("viewer");
     t.setTrustedJson("trusted");
-    String encrypted = t.encrypt();
+    String encrypted = BlobCrypterSecurityToken.encrypt(t,
+            getBlobCrypter(getContainerKey("container")));
 
     SecurityToken t2 = codec.createToken(
         ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted));
@@ -129,14 +129,14 @@ public class BlobCrypterSecurityTokenCod
 
   @Test
   public void testUnknownContainer() throws Exception {
-    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(
-        getBlobCrypter(getContainerKey("container")), "container", null);
+    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken("container", 
null);
     t.setAppUrl("http://www.example.com/gadget.xml";);
     t.setModuleId(12345L);
     t.setOwnerId("owner");
     t.setViewerId("viewer");
     t.setTrustedJson("trusted");
-    String encrypted = t.encrypt();
+    String encrypted = BlobCrypterSecurityToken.encrypt(t,
+            getBlobCrypter(getContainerKey("container")));
     encrypted = encrypted.replace("container:", "other:");
 
     try {
@@ -149,14 +149,14 @@ public class BlobCrypterSecurityTokenCod
 
   @Test
   public void testWrongContainer() throws Exception {
-    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(
-        getBlobCrypter(getContainerKey("container")), "container", null);
+    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken("container", 
null);
     t.setAppUrl("http://www.example.com/gadget.xml";);
     t.setModuleId(12345L);
     t.setOwnerId("owner");
     t.setViewerId("viewer");
     t.setTrustedJson("trusted");
-    String encrypted = t.encrypt();
+    String encrypted = BlobCrypterSecurityToken.encrypt(t,
+            getBlobCrypter(getContainerKey("container")));
     encrypted = encrypted.replace("container:", "example:");
 
     try {
@@ -169,14 +169,14 @@ public class BlobCrypterSecurityTokenCod
 
   @Test
   public void testExpired() throws Exception {
-    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(
-        getBlobCrypter(getContainerKey("container")), "container", null);
+    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken("container", 
null);
     t.setAppUrl("http://www.example.com/gadget.xml";);
     t.setModuleId(12345L);
     t.setOwnerId("owner");
     t.setViewerId("viewer");
     t.setTrustedJson("trusted");
-    String encrypted = t.encrypt();
+    String encrypted = BlobCrypterSecurityToken.encrypt(t,
+            getBlobCrypter(getContainerKey("container")));
 
     timeSource.incrementSeconds(3600 + 181); // one hour plus clock skew
     try {
@@ -223,14 +223,14 @@ public class BlobCrypterSecurityTokenCod
   @Test
   public void testChangingContainers() throws Exception {
     String newContainer = "newcontainer";
-    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(
-        getBlobCrypter(getContainerKey(newContainer)), newContainer, null);
+    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(newContainer, 
null);
     t.setAppUrl("http://www.example.com/gadget.xml";);
     t.setModuleId(12345L);
     t.setOwnerId("owner");
     t.setViewerId("viewer");
     t.setTrustedJson("trusted");
-    String encrypted = t.encrypt();
+    String encrypted = BlobCrypterSecurityToken.encrypt(t,
+            getBlobCrypter(getContainerKey(newContainer)));
 
     // fails when trying to create a token for a non-existing container
     try {

Modified: 
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java
URL: 
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java?rev=1174235&r1=1174234&r2=1174235&view=diff
==============================================================================
--- 
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java
 (original)
+++ 
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java
 Thu Sep 22 16:03:56 2011
@@ -50,8 +50,8 @@ public class BlobCrypterSecurityTokenTes
 
   @Test(expected=UnsupportedOperationException.class)
   public void testNullValues() throws Exception {
-    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, 
CONTAINER, DOMAIN);
-    String token = t.encrypt();
+    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(CONTAINER, 
DOMAIN);
+    String token = BlobCrypterSecurityToken.encrypt(t, crypter);
     assertTrue("should start with container: " + token, 
token.startsWith("container:"));
     String[] fields = StringUtils.split(token, ':');
     BlobCrypterSecurityToken t2 =
@@ -72,13 +72,13 @@ public class BlobCrypterSecurityTokenTes
 
   @Test
   public void testRealValues() throws Exception {
-    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, 
CONTAINER, DOMAIN);
+    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(CONTAINER, 
DOMAIN);
     t.setAppUrl("http://www.example.com/gadget.xml";);
     t.setModuleId(12345L);
     t.setOwnerId("owner");
     t.setViewerId("viewer");
     t.setTrustedJson("trusted");
-    String token = t.encrypt();
+    String token = BlobCrypterSecurityToken.encrypt(t, crypter);
     assertTrue("should start with container: " + token, 
token.startsWith("container:"));
     String[] fields = StringUtils.split(token, ':');
     BlobCrypterSecurityToken t2 =
@@ -96,8 +96,8 @@ public class BlobCrypterSecurityTokenTes
 
   @Test(expected=BlobExpiredException.class)
   public void testExpired() throws Exception {
-    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, 
CONTAINER, DOMAIN);
-    String token = t.encrypt();
+    BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(CONTAINER, 
DOMAIN);
+    String token = BlobCrypterSecurityToken.encrypt(t, crypter);
     // one hour plus clock skew
     timeSource.incrementSeconds(3600 + 181);
     String[] fields = StringUtils.split(token, ':');

Modified: 
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerApi.java
URL: 
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerApi.java?rev=1174235&r1=1174234&r2=1174235&view=diff
==============================================================================
--- 
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerApi.java
 (original)
+++ 
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerApi.java
 Thu Sep 22 16:03:56 2011
@@ -88,6 +88,9 @@ public class GadgetsHandlerApi {
     public String getViewerId();
     public String getDomain();
     public long getModuleId();
+    public String getAuthenticationMode();
+    public Long getExpiresAt();
+    public String getTrustedJson();
   }
 
   public interface MetadataResponse extends BaseResponse {

svn commit: r1174235 - in /shindig/trunk/java: common/src/main/java/org/apache/shindig/auth/ common/src/test/java/org/apache/shindig/auth/ gadgets/src/main/java/org/apache/shindig/gadgets/servlet/

Reply via email to