Doug, We are running with secure tokens and though I tried it and it appeared to be working, it couldn't work and its failing for me now ..
I'll post a revision shortly for review brian From: daviesd <[email protected]> To: <[email protected]>, Date: 06/14/2012 12:04 PM Subject: Re: Pass token on listMethods to enable allowUnauthenticated=false (issue 6306074) Ya, I tried this with shindig trunk (and not my stuff). If you set shindig.allowUnauthenticated=false In shindig.properties and "gadgets.securityTokenType" : "secure", "gadgets.securityTokenKey" : "NotGonnaShowYouMyKey=", In container.js It blows up. I think this change needs to be reworked. You cannot encrypt an Anonymous token. You probably were just setting allowUnauthenticated but never really telling your container to use encrypted tokens. The way I solved this was in AnonymousAuthenticationHandler. public SecurityToken getSecurityTokenFromRequest(final HttpServletRequest request) { String uri = request.getRequestURI(); String method = request.getParameter("method"); if (allowUnauthenticated || (uri.endsWith("/rpc") && method != null && method.equals("system.listMethods"))) { return new AnonymousSecurityToken(); } return null; } Thanks, doug On 6/14/12 12:29 PM, "daviesd" <[email protected]> wrote: > I'm a little bit confused on this. I'm trying it and I'm getting an exception > (it could be because I provide my own BlobCrypterSecurityTokenCodec and maybe > I have some work to do here). > > When DefaultServiceFetcher creates an AnonymousSecurityToken and then calls > encodeToken, won't that throw an exception because encodeToken doesn't support > AnonymousSecurityTokens? > > doug > > > On 6/13/12 1:50 PM, "[email protected]" <[email protected]> wrote: > >> Updated patch to use Anonymous Security Token >> >> http://codereview.appspot.com/6306074/ >>
