Ryan Baxter created SHINDIG-1956:
------------------------------------
Summary: Rendering 2 OAuth 2 gadgets at the same time and doing
the OAuth dance results in errors
Key: SHINDIG-1956
URL: https://issues.apache.org/jira/browse/SHINDIG-1956
Project: Shindig
Issue Type: Bug
Affects Versions: 2.5.0-update1, 2.5.0
Reporter: Ryan Baxter
1.) Render 2 instances of a gadget that makes a request using OAuth 2. Make
sure you will be prompted to do the OAuth dance for the gadget, ie. there are
no access tokens stored.
2.) Choose an instance of the gadget and do the OAuth dance. The dance should
complete successfully.
3.) Now do the OAuth dance in the second instance of the gadget.
4.) When the OAuth callback is called there will be an error.
Throwable occurred: java.lang.NullPointerException
at
org.apache.shindig.gadgets.servlet.OAuth2CallbackServlet.doGet(OAuth2CallbackServlet.java:136)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.shindig.gadgets.servlet.ETagFilter.doFilter(ETagFilter.java:56)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:897)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:919)
at java.lang.Thread.run(Thread.java:736)
What is happening is that we will store an OAuth2Accessor when the first gadget
renders and makes its OAuth request. The key for the accessor is the gadget
URL, the user, the service, and the scope. When the second gadget renders it
will do the same thing but will override the accessor in the store because we
have the same key. Then after we complete the OAuth dance in instance 1 of the
gadget the accessor is removed from the store, so now we have no more accessors
in the store. When we go to do the OAuth dance in instance 2 and the callback
servlet is called it tried to go fetch the accessor from the store but it is
null, so we throw an error.
What needs to be done is to add something to the accessor by each instance of
that gadget rendered. Maybe that should be a module id? Not sure.
We could still run into problems for instances of the same gadget rendered by
the same user across different containers, so in all reality I would think we
would also want to store the container the gadget is rendered in as well in the
key.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
