Doug, your vote count, thanks =) Any review to help patches better is welcomed.
- Henry On Wed, Sep 21, 2011 at 1:13 PM, daviesd <[email protected]> wrote: > Not that I'm allowd to vote, but yes I'd love to have this in the next build > asap. > > doug > > > On 9/21/11 2:13 PM, "Henry Saputra" <[email protected]> wrote: > >> >> ----------------------------------------------------------- >> This is an automatically generated e-mail. To reply, visit: >> https://reviews.apache.org/r/1981/#review2005 >> ----------------------------------------------------------- >> >> Ship it! >> >> >> +1 >> >> LGTM, thanks Stanton. >> >> We have to add the new getter methods to AuthContext, I dont see other way >> >> - Henry >> >> >> On 2011-09-21 16:28:56, Stanton Sievers wrote: >>> >>> ----------------------------------------------------------- >>> This is an automatically generated e-mail. To reply, visit: >>> https://reviews.apache.org/r/1981/ >>> ----------------------------------------------------------- >>> >>> (Updated 2011-09-21 16:28:56) >>> >>> >>> Review request for shindig and Henry Saputra. >>> >>> >>> Summary >>> ------- >>> >>> See the JIRA for a description of the problem: >>> https://issues.apache.org/jira/browse/SHINDIG-1626 >>> >>> This fix is based off a fix Doug Davies implemented with some changes around >>> the parameter checking in BlobCrypterSecurityToken.encodeToken. The check >>> is >>> sufficient because DefaultSecurityTokenCodec creates the correct >>> SecurityTokenCode (Basic or Blob) depending on the container config values >>> of >>> "insecure" or "secure", respectively. We should never get into this code if >>> we're not using a secure configuration; therefore, an authentication mode of >>> SECURITY_TOKEN_URL_PARAMETER implies that we have a BlobCrypterSecurityToken >>> and not some other token, such as Anonymous. >>> >>> >>> This addresses bug SHINDIG-1626. >>> https://issues.apache.org/jira/browse/SHINDIG-1626 >>> >>> >>> Diffs >>> ----- >>> >>> >>> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/a >>> pache/shindig/auth/BlobCrypterSecurityToken.java 1173205 >>> >>> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/a >>> pache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1173205 >>> >>> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/a >>> pache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1173205 >>> >>> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/a >>> pache/shindig/auth/BlobCrypterSecurityTokenTest.java 1173205 >>> >>> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/ >>> apache/shindig/gadgets/servlet/GadgetsHandlerApi.java 1173205 >>> >>> Diff: https://reviews.apache.org/r/1981/diff >>> >>> >>> Testing >>> ------- >>> >>> Tested with a sample gadget that utilizes the osapi feature to print the >>> viewer's name in a secure configuration. The security token is encoded >>> properly in the modified code. >>> >>> Any other testing recommendations are welcome. :) >>> >>> >>> Thanks, >>> >>> Stanton >>> >>> >> > > >
