> On 2012-04-23 18:48:33, Henry Saputra wrote: > > How would the isInternalRequest() method is being used with the new flow? I > > only saw that its used in the test file? > > BrianLillie wrote: > We are using the security token and the additional isInternalRequest in > our fetcher implementation to make further determinations on the suitability > of requests. Other than tagging the request, there is no current usage of > the internalRequest within the flows.
What is the difference between setting AnonymousSecurityToken and call setInternalRequest() to the HttpRequest? Looks like both indicating the request could come from internal Shindig code. - Henry ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4750/#review7150 ----------------------------------------------------------- On 2012-04-23 18:22:22, BrianLillie wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/4750/ > ----------------------------------------------------------- > > (Updated 2012-04-23 18:22:22) > > > Review request for shindig. > > > Summary > ------- > > Update HttpRequest objects to identify a request source. For some requests, > SecurityTokens are provided. Others have gadget URI, but this is not always > trustworthy as it is set based upon URL parameters. > For requests where a security token was not sent from the client, create and > set an AnonymousSecurityToken identifying the gadget URI associated with the > request. Also, add a flag to the HttpRequest to indicate a request > generated by the server, where this may be set when requesting services, > retrieving a template library, or during selected rewrites. > > > This addresses bug SHINDIG-1756. > https://issues.apache.org/jira/browse/SHINDIG-1756 > > > Diffs > ----- > > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/AbstractSpecFactory.java > 1326861 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/features/FeatureResourceLoader.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpRequest.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/ClientCredentialsGrantTypeHandler.java > 1326858 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/CodeAuthorizationResponseHandler.java > 1326858 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/CajaResponseRewriter.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/DefaultServiceFetcher.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java > 1311453 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpRequestHandler.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/templates/TemplateLibraryFactory.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpRequestTest.java > 1304584 > > Diff: https://reviews.apache.org/r/4750/diff > > > Testing > ------- > > Existing tests passed. No tests that I saw specifically examined the request > content & state. Should there be consensus on the patch, then I will look at > providing additional tests to do some request state verification. > > > Thanks, > > BrianLillie > >
