if good and short, double good...
On Wed, Jul 16, 2008 at 11:15 AM, Erel Segal <[EMAIL PROTECTED]> wrote:
> Thank you, your short answer helped me put things in place.
>
> 2008/7/16, Ropu <[EMAIL PROTECTED]>:
> >
> > as far as i can see, thats for io.makeRequest with no authentication.
> >
> > so it should be ok.
> >
> > still, all code under samplecontainer/ (and namespaced with Basic*) is
> > SAMPLE, just to show functionality, not ready for production.
> >
> > hope this helps
> >
> > ropu
> >
> >
> > On Wed, Jul 16, 2008 at 8:55 AM, Erel Segal <[EMAIL PROTECTED]> wrote:
> >
> > > I found a discrepancy between two functions that deal with security
> > tokens:
> > >
> > > in BasicSecurityTokenDecoder::createToken, an empty token is rejected
> > only
> > > if $_GET['authz'] is not empty, i.e. I may use a gadget without a
> > security
> > > token, as long as there is no authz:
> > >
> > > if (empty($stringToken) && ! empty($_GET['authz'])) {
> > > throw new GadgetException('INVALID_GADGET_TOKEN');
> > > }
> > >
> > >
> > > but in GadgetDataServlet::createResponse, an empty token is always
> > > rejected:
> > > if (empty($token)) {
> > > throw new Exception("INVALID_GADGET_TOKEN");
> > > }
> > >
> > >
> > > Is this a bug or a feature?
> > >
> >
> >
> >
> >
> > --
> > .-. --- .--. ..-
> > R o p u
> >
>
--
.-. --- .--. ..-
R o p u
