[
https://issues.apache.org/jira/browse/SHINDIG-1756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13263137#comment-13263137
]
[email protected] commented on SHINDIG-1756:
--------------------------------------------------------
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/4750/#review7279
-----------------------------------------------------------
Ship it!
Committed revision 1331083. Thanks Brian!
- Stanton
On 2012-04-26 13:10:16, BrianLillie wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/4750/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2012-04-26 13:10:16)
bq.
bq.
bq. Review request for shindig.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. Update HttpRequest objects to identify a request source. For some
requests, SecurityTokens are provided. Others have gadget URI, but this is
not always trustworthy as it is set based upon URL parameters.
bq. For requests where a security token was not sent from the client, create
and set an AnonymousSecurityToken identifying the gadget URI associated with
the request. Also, add a flag to the HttpRequest to indicate a request
generated by the server, where this may be set when requesting services,
retrieving a template library, or during selected rewrites.
bq.
bq.
bq. This addresses bug SHINDIG-1756.
bq. https://issues.apache.org/jira/browse/SHINDIG-1756
bq.
bq.
bq. Diffs
bq. -----
bq.
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/DefaultServiceFetcherTest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/CajaContentRewriterTest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/HttpRequestHandlerTest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/templates/TemplateLibraryFactoryTest.java
PRE-CREATION
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/MockUtils.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/handler/ClientCredentialsGrantTypeHandlerTest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/handler/CodeAuthorizationResponseHandlerTest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java
1311453
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpRequestHandler.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/templates/TemplateLibraryFactory.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/DefaultGadgetSpecFactoryTest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/features/FeatureResourceLoaderTest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpRequestTest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/ClientCredentialsGrantTypeHandler.java
1326858
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/CodeAuthorizationResponseHandler.java
1326858
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/CajaResponseRewriter.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/DefaultServiceFetcher.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpRequest.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/features/FeatureResourceLoader.java
1304584
bq.
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/AbstractSpecFactory.java
1326861
bq.
bq. Diff: https://reviews.apache.org/r/4750/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq. Existing tests passed. Added additional tests to verify internal request
state or token on requests.
bq.
bq.
bq. Thanks,
bq.
bq. BrianLillie
bq.
bq.
> Identify origination of requests
> --------------------------------
>
> Key: SHINDIG-1756
> URL: https://issues.apache.org/jira/browse/SHINDIG-1756
> Project: Shindig
> Issue Type: Improvement
> Components: Java
> Affects Versions: 2.5.0
> Reporter: Brian Lillie
> Fix For: 2.5.0
>
> Attachments: origination5.patch
>
>
> In order to determine based upon the request whether to honor the request, or
> whether the request should be restricted, the request needs to identify
> itself in some way. Some of the requests in the system originate as a
> result of direct user requests (e.g. makeRequest) while other requests are
> performed by the server for the server or in order to handle the request
> (e.g. gadget spec lookups).
> The proposal is to better mark the origination of the request either by
> attaching an Anonymous Security Token containing the gadget URI, or by
> marking the request as an internal request (one that the server is
> initiating) so that downstream components (e.g. the HttpFetcher
> implementation) can make determinations on how to process the request.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
