> On 2012-04-23 18:48:33, Henry Saputra wrote: > > How would the isInternalRequest() method is being used with the new flow? I > > only saw that its used in the test file? > > BrianLillie wrote: > We are using the security token and the additional isInternalRequest in > our fetcher implementation to make further determinations on the suitability > of requests. Other than tagging the request, there is no current usage of > the internalRequest within the flows. > > Henry Saputra wrote: > What is the difference between setting AnonymousSecurityToken and call > setInternalRequest() to the HttpRequest? Looks like both indicating the > request could come from internal Shindig code.
The difference between the two was that setInternalRequest() was used when it wasn't really associated with a gadget initiated request. For example, the rpc to listMethods, and feature loads, which would be done by the server independent of the gadgets that are being deployed. The AnonymousSecurityToken was used to identify that the request is really on behalf of the gadget, for example, a spec request, or a template request. The gray area included the rewriters - where the new HttpRequests appeared to be going back through the server to the content proxy to be resolved. These were marked with setInternalRequest for that reason. - BrianLillie ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4750/#review7150 ----------------------------------------------------------- On 2012-04-23 18:22:22, BrianLillie wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/4750/ > ----------------------------------------------------------- > > (Updated 2012-04-23 18:22:22) > > > Review request for shindig. > > > Summary > ------- > > Update HttpRequest objects to identify a request source. For some requests, > SecurityTokens are provided. Others have gadget URI, but this is not always > trustworthy as it is set based upon URL parameters. > For requests where a security token was not sent from the client, create and > set an AnonymousSecurityToken identifying the gadget URI associated with the > request. Also, add a flag to the HttpRequest to indicate a request > generated by the server, where this may be set when requesting services, > retrieving a template library, or during selected rewrites. > > > This addresses bug SHINDIG-1756. > https://issues.apache.org/jira/browse/SHINDIG-1756 > > > Diffs > ----- > > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/AbstractSpecFactory.java > 1326861 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/features/FeatureResourceLoader.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpRequest.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/ClientCredentialsGrantTypeHandler.java > 1326858 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/CodeAuthorizationResponseHandler.java > 1326858 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/CajaResponseRewriter.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/DefaultServiceFetcher.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java > 1311453 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpRequestHandler.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/templates/TemplateLibraryFactory.java > 1304584 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpRequestTest.java > 1304584 > > Diff: https://reviews.apache.org/r/4750/diff > > > Testing > ------- > > Existing tests passed. No tests that I saw specifically examined the request > content & state. Should there be consensus on the patch, then I will look at > providing additional tests to do some request state verification. > > > Thanks, > > BrianLillie > >
