Thank you, your short answer helped me put things in place.
2008/7/16, Ropu <[EMAIL PROTECTED]>:
>
> as far as i can see, thats for io.makeRequest with no authentication.
>
> so it should be ok.
>
> still, all code under samplecontainer/ (and namespaced with Basic*) is
> SAMPLE, just to show functionality, not ready for production.
>
> hope this helps
>
> ropu
>
>
> On Wed, Jul 16, 2008 at 8:55 AM, Erel Segal <[EMAIL PROTECTED]> wrote:
>
> > I found a discrepancy between two functions that deal with security
> tokens:
> >
> > in BasicSecurityTokenDecoder::createToken, an empty token is rejected
> only
> > if $_GET['authz'] is not empty, i.e. I may use a gadget without a
> security
> > token, as long as there is no authz:
> >
> > if (empty($stringToken) && ! empty($_GET['authz'])) {
> > throw new GadgetException('INVALID_GADGET_TOKEN');
> > }
> >
> >
> > but in GadgetDataServlet::createResponse, an empty token is always
> > rejected:
> > if (empty($token)) {
> > throw new Exception("INVALID_GADGET_TOKEN");
> > }
> >
> >
> > Is this a bug or a feature?
> >
>
>
>
>
> --
> .-. --- .--. ..-
> R o p u
>
