[
https://issues.apache.org/jira/browse/SHINDIG-1756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13259867#comment-13259867
]
[email protected] commented on SHINDIG-1756:
--------------------------------------------------------
bq. On 2012-04-23 18:48:33, Henry Saputra wrote:
bq. > How would the isInternalRequest() method is being used with the new
flow? I only saw that its used in the test file?
bq.
bq. BrianLillie wrote:
bq. We are using the security token and the additional isInternalRequest
in our fetcher implementation to make further determinations on the suitability
of requests. Other than tagging the request, there is no current usage of the
internalRequest within the flows.
What is the difference between setting AnonymousSecurityToken and call
setInternalRequest() to the HttpRequest? Looks like both indicating the request
could come from internal Shindig code.
- Henry
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/4750/#review7150
-----------------------------------------------------------
On 2012-04-23 18:22:22, BrianLillie wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/4750/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2012-04-23 18:22:22)
bq.
bq.
bq. Review request for shindig.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. Update HttpRequest objects to identify a request source. For some
requests, SecurityTokens are provided. Others have gadget URI, but this is
not always trustworthy as it is set based upon URL parameters.
bq. For requests where a security token was not sent from the client, create
and set an AnonymousSecurityToken identifying the gadget URI associated with
the request. Also, add a flag to the HttpRequest to indicate a request
generated by the server, where this may be set when requesting services,
retrieving a template library, or during selected rewrites.
bq.
bq.
bq. This addresses bug SHINDIG-1756.
bq. https://issues.apache.org/jira/browse/SHINDIG-1756
bq.
bq.
bq. Diffs
bq. -----
bq.
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/AbstractSpecFactory.java
1326861
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/features/FeatureResourceLoader.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpRequest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/ClientCredentialsGrantTypeHandler.java
1326858
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/CodeAuthorizationResponseHandler.java
1326858
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/CajaResponseRewriter.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/DefaultServiceFetcher.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java
1311453
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpRequestHandler.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/templates/TemplateLibraryFactory.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpRequestTest.java
1304584
bq.
bq. Diff: https://reviews.apache.org/r/4750/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq. Existing tests passed. No tests that I saw specifically examined the
request content & state. Should there be consensus on the patch, then I will
look at providing additional tests to do some request state verification.
bq.
bq.
bq. Thanks,
bq.
bq. BrianLillie
bq.
bq.
> Identify origiation of requests
> -------------------------------
>
> Key: SHINDIG-1756
> URL: https://issues.apache.org/jira/browse/SHINDIG-1756
> Project: Shindig
> Issue Type: Improvement
> Components: Java
> Affects Versions: 2.5.0
> Reporter: Brian Lillie
> Fix For: 2.5.0
>
>
> In order to determine based upon the request whether to honor the request, or
> whether the request should be restricted, the request needs to identify
> itself in some way. Some of the requests in the system originate as a
> result of direct user requests (e.g. makeRequest) while other requests are
> performed by the server for the server or in order to handle the request
> (e.g. gadget spec lookups).
> The proposal is to better mark the origination of the request either by
> attaching an Anonymous Security Token containing the gadget URI, or by
> marking the request as an internal request (one that the server is
> initiating) so that downstream components (e.g. the HttpFetcher
> implementation) can make determinations on how to process the request.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
