>-----Original Message----- >From: Robert O'neill [mailto:[email protected]] >Sent: Tuesday, November 27, 2012 2:51 PM >To: Rave Dev >Subject: Generating a security token in rave > > > >In EncryptedBlobSecurityTokenService, the method >getBlobCrypterSecurityToken contains the lines: > >values.put(AbstractSecurityToken.Keys.OWNER.getKey(), > String.valueOf(userService.getUserById(regionWidget.getRegion >().getPage().getOwnerId()).getUsername())); >values.put(AbstractSecurityToken.Keys.VIEWER.getKey(), String.valueOf >(user.getUsername())); > >Is there ever a situation where the owner of the page is not the current >user? If not, the calls > >userService.getUserById(regionWidget.getRegion().getPage().getOwnerId >()).getUsername()) > >and > >User user = userService.getAuthenticatedUser(); > >should be identical. > >I am running into an issue generating a security token where I pass in a >dummy RegionWidget that has no associated region. If the 'OWNER' and >'VIEWER' properties are always set to the current authenticated user, the >getBlobCrypterSecurityToken can be safely modified to accommodate passing >in a dummy RegionWidget. > >Let me know if this is the case.
This is only the case when viewing dashboard pages that you created. In profiles, the owner is the subject of the page. You could autowire in the PageService instance into your new endpoint and lookup the page by id (assuming you pass that in the REST call).
