[
https://issues.apache.org/jira/browse/SHINDIG-1818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marshall Shi updated SHINDIG-1818:
----------------------------------
Description:
In Shindig when using gadget whitelisting and feature access control, there are
two error messages:
1. Gadget is not whitelisted:
403 The requested gadget is unavailable
2. Gadget is requesting features that it does not have access too
400 The requested gadget is not authorized for this container
The second error is perfect as it tells me that it has been rejected due to an
authorization error AND that it may be config related (Type 400 response).
The first error is ambiguous however, as it looks almost exactly the same as
when the server that provides the gadget.xml is unavailable and / or rejects
the request. Please change (1) to something like:
403 The requested gadget is not authorized for this container
This will tell the user that the gadget is both not authorized and via the
response code (403) that it is missing from the whitelist entirely.
> Ambiguous error message when gadgets are not whitelisted
> --------------------------------------------------------
>
> Key: SHINDIG-1818
> URL: https://issues.apache.org/jira/browse/SHINDIG-1818
> Project: Shindig
> Issue Type: Improvement
> Components: Java
> Affects Versions: 2.5.0-beta2
> Reporter: Marshall Shi
> Priority: Minor
> Fix For: 2.5.0-beta2
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> In Shindig when using gadget whitelisting and feature access control, there
> are two error messages:
> 1. Gadget is not whitelisted:
> 403 The requested gadget is unavailable
> 2. Gadget is requesting features that it does not have access too
> 400 The requested gadget is not authorized for this container
> The second error is perfect as it tells me that it has been rejected due to
> an authorization error AND that it may be config related (Type 400 response).
> The first error is ambiguous however, as it looks almost exactly the same as
> when the server that provides the gadget.xml is unavailable and / or rejects
> the request. Please change (1) to something like:
> 403 The requested gadget is not authorized for this container
> This will tell the user that the gadget is both not authorized and via the
> response code (403) that it is missing from the whitelist entirely.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
