----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/1981/#review2005 -----------------------------------------------------------
Ship it! +1 LGTM, thanks Stanton. We have to add the new getter methods to AuthContext, I dont see other way - Henry On 2011-09-21 16:28:56, Stanton Sievers wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/1981/ > ----------------------------------------------------------- > > (Updated 2011-09-21 16:28:56) > > > Review request for shindig and Henry Saputra. > > > Summary > ------- > > See the JIRA for a description of the problem: > https://issues.apache.org/jira/browse/SHINDIG-1626 > > This fix is based off a fix Doug Davies implemented with some changes around > the parameter checking in BlobCrypterSecurityToken.encodeToken. The check is > sufficient because DefaultSecurityTokenCodec creates the correct > SecurityTokenCode (Basic or Blob) depending on the container config values of > "insecure" or "secure", respectively. We should never get into this code if > we're not using a secure configuration; therefore, an authentication mode of > SECURITY_TOKEN_URL_PARAMETER implies that we have a BlobCrypterSecurityToken > and not some other token, such as Anonymous. > > > This addresses bug SHINDIG-1626. > https://issues.apache.org/jira/browse/SHINDIG-1626 > > > Diffs > ----- > > > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityToken.java > 1173205 > > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java > 1173205 > > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java > 1173205 > > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java > 1173205 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerApi.java > 1173205 > > Diff: https://reviews.apache.org/r/1981/diff > > > Testing > ------- > > Tested with a sample gadget that utilizes the osapi feature to print the > viewer's name in a secure configuration. The security token is encoded > properly in the modified code. > > Any other testing recommendations are welcome. :) > > > Thanks, > > Stanton > >
