[
https://issues.apache.org/jira/browse/SHINDIG-1756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13260230#comment-13260230
]
[email protected] commented on SHINDIG-1756:
--------------------------------------------------------
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/4750/#review7167
-----------------------------------------------------------
Ship it!
Other than request for extra comments looks good for the issue. +1
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpRequest.java
<https://reviews.apache.org/r/4750/#comment15822>
Please add some comments on how these accessor methods should be used by
the creator of HttpRequest objects to help explaining why an HttpRequest
instance could be internal but does not have security token set
- Henry
On 2012-04-23 18:22:22, BrianLillie wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/4750/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2012-04-23 18:22:22)
bq.
bq.
bq. Review request for shindig.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. Update HttpRequest objects to identify a request source. For some
requests, SecurityTokens are provided. Others have gadget URI, but this is
not always trustworthy as it is set based upon URL parameters.
bq. For requests where a security token was not sent from the client, create
and set an AnonymousSecurityToken identifying the gadget URI associated with
the request. Also, add a flag to the HttpRequest to indicate a request
generated by the server, where this may be set when requesting services,
retrieving a template library, or during selected rewrites.
bq.
bq.
bq. This addresses bug SHINDIG-1756.
bq. https://issues.apache.org/jira/browse/SHINDIG-1756
bq.
bq.
bq. Diffs
bq. -----
bq.
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/AbstractSpecFactory.java
1326861
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/features/FeatureResourceLoader.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpRequest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/ClientCredentialsGrantTypeHandler.java
1326858
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/CodeAuthorizationResponseHandler.java
1326858
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/CajaResponseRewriter.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/DefaultServiceFetcher.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java
1311453
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpRequestHandler.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/templates/TemplateLibraryFactory.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpRequestTest.java
1304584
bq.
bq. Diff: https://reviews.apache.org/r/4750/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq. Existing tests passed. No tests that I saw specifically examined the
request content & state. Should there be consensus on the patch, then I will
look at providing additional tests to do some request state verification.
bq.
bq.
bq. Thanks,
bq.
bq. BrianLillie
bq.
bq.
> Identify origiation of requests
> -------------------------------
>
> Key: SHINDIG-1756
> URL: https://issues.apache.org/jira/browse/SHINDIG-1756
> Project: Shindig
> Issue Type: Improvement
> Components: Java
> Affects Versions: 2.5.0
> Reporter: Brian Lillie
> Fix For: 2.5.0
>
>
> In order to determine based upon the request whether to honor the request, or
> whether the request should be restricted, the request needs to identify
> itself in some way. Some of the requests in the system originate as a
> result of direct user requests (e.g. makeRequest) while other requests are
> performed by the server for the server or in order to handle the request
> (e.g. gadget spec lookups).
> The proposal is to better mark the origination of the request either by
> attaching an Anonymous Security Token containing the gadget URI, or by
> marking the request as an internal request (one that the server is
> initiating) so that downstream components (e.g. the HttpFetcher
> implementation) can make determinations on how to process the request.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
