Not that I'm allowd to vote, but yes I'd love to have this in the next build asap.
doug On 9/21/11 2:13 PM, "Henry Saputra" <[email protected]> wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/1981/#review2005 > ----------------------------------------------------------- > > Ship it! > > > +1 > > LGTM, thanks Stanton. > > We have to add the new getter methods to AuthContext, I dont see other way > > - Henry > > > On 2011-09-21 16:28:56, Stanton Sievers wrote: >> >> ----------------------------------------------------------- >> This is an automatically generated e-mail. To reply, visit: >> https://reviews.apache.org/r/1981/ >> ----------------------------------------------------------- >> >> (Updated 2011-09-21 16:28:56) >> >> >> Review request for shindig and Henry Saputra. >> >> >> Summary >> ------- >> >> See the JIRA for a description of the problem: >> https://issues.apache.org/jira/browse/SHINDIG-1626 >> >> This fix is based off a fix Doug Davies implemented with some changes around >> the parameter checking in BlobCrypterSecurityToken.encodeToken. The check is >> sufficient because DefaultSecurityTokenCodec creates the correct >> SecurityTokenCode (Basic or Blob) depending on the container config values of >> "insecure" or "secure", respectively. We should never get into this code if >> we're not using a secure configuration; therefore, an authentication mode of >> SECURITY_TOKEN_URL_PARAMETER implies that we have a BlobCrypterSecurityToken >> and not some other token, such as Anonymous. >> >> >> This addresses bug SHINDIG-1626. >> https://issues.apache.org/jira/browse/SHINDIG-1626 >> >> >> Diffs >> ----- >> >> >> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/a >> pache/shindig/auth/BlobCrypterSecurityToken.java 1173205 >> >> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/a >> pache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1173205 >> >> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/a >> pache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1173205 >> >> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/a >> pache/shindig/auth/BlobCrypterSecurityTokenTest.java 1173205 >> >> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/ >> apache/shindig/gadgets/servlet/GadgetsHandlerApi.java 1173205 >> >> Diff: https://reviews.apache.org/r/1981/diff >> >> >> Testing >> ------- >> >> Tested with a sample gadget that utilizes the osapi feature to print the >> viewer's name in a secure configuration. The security token is encoded >> properly in the modified code. >> >> Any other testing recommendations are welcome. :) >> >> >> Thanks, >> >> Stanton >> >> >
