as far as i can see, thats for io.makeRequest with no authentication.
so it should be ok.
still, all code under samplecontainer/ (and namespaced with Basic*) is
SAMPLE, just to show functionality, not ready for production.
hope this helps
ropu
On Wed, Jul 16, 2008 at 8:55 AM, Erel Segal <[EMAIL PROTECTED]> wrote:
> I found a discrepancy between two functions that deal with security tokens:
>
> in BasicSecurityTokenDecoder::createToken, an empty token is rejected only
> if $_GET['authz'] is not empty, i.e. I may use a gadget without a security
> token, as long as there is no authz:
>
> if (empty($stringToken) && ! empty($_GET['authz'])) {
> throw new GadgetException('INVALID_GADGET_TOKEN');
> }
>
>
> but in GadgetDataServlet::createResponse, an empty token is always
> rejected:
> if (empty($token)) {
> throw new Exception("INVALID_GADGET_TOKEN");
> }
>
>
> Is this a bug or a feature?
>
--
.-. --- .--. ..-
R o p u
