[
https://issues.apache.org/jira/browse/SHINDIG-1756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13262058#comment-13262058
]
[email protected] commented on SHINDIG-1756:
--------------------------------------------------------
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/4750/
-----------------------------------------------------------
(Updated 2012-04-25 20:41:33.077958)
Review request for shindig.
Changes
-------
1) Added comments to HttpRequest.setInternalRequest
2) Changed OAuthRequest setting for AnonymousSecurityToken - was incorrectly
using app id instead of app url
3) Added tests
Summary
-------
Update HttpRequest objects to identify a request source. For some requests,
SecurityTokens are provided. Others have gadget URI, but this is not always
trustworthy as it is set based upon URL parameters.
For requests where a security token was not sent from the client, create and
set an AnonymousSecurityToken identifying the gadget URI associated with the
request. Also, add a flag to the HttpRequest to indicate a request generated
by the server, where this may be set when requesting services, retrieving a
template library, or during selected rewrites.
This addresses bug SHINDIG-1756.
https://issues.apache.org/jira/browse/SHINDIG-1756
Diffs (updated)
-----
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/AbstractSpecFactory.java
1326861
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/features/FeatureResourceLoader.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpRequest.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/ClientCredentialsGrantTypeHandler.java
1326858
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/CodeAuthorizationResponseHandler.java
1326858
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/CajaResponseRewriter.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/DefaultServiceFetcher.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java
1311453
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpRequestHandler.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/templates/TemplateLibraryFactory.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/DefaultGadgetSpecFactoryTest.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/features/FeatureResourceLoaderTest.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpRequestTest.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/MockUtils.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/handler/ClientCredentialsGrantTypeHandlerTest.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/handler/CodeAuthorizationResponseHandlerTest.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/DefaultServiceFetcherTest.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/CajaContentRewriterTest.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/HttpRequestHandlerTest.java
1304584
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/templates/TemplateLibraryFactoryTest.java
PRE-CREATION
Diff: https://reviews.apache.org/r/4750/diff
Testing (updated)
-------
Existing tests passed. Added additional tests to verify internal request state
or token on requests.
Thanks,
BrianLillie
> Identify origiation of requests
> -------------------------------
>
> Key: SHINDIG-1756
> URL: https://issues.apache.org/jira/browse/SHINDIG-1756
> Project: Shindig
> Issue Type: Improvement
> Components: Java
> Affects Versions: 2.5.0
> Reporter: Brian Lillie
> Fix For: 2.5.0
>
>
> In order to determine based upon the request whether to honor the request, or
> whether the request should be restricted, the request needs to identify
> itself in some way. Some of the requests in the system originate as a
> result of direct user requests (e.g. makeRequest) while other requests are
> performed by the server for the server or in order to handle the request
> (e.g. gadget spec lookups).
> The proposal is to better mark the origination of the request either by
> attaching an Anonymous Security Token containing the gadget URI, or by
> marking the request as an internal request (one that the server is
> initiating) so that downstream components (e.g. the HttpFetcher
> implementation) can make determinations on how to process the request.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
