[
https://issues.apache.org/jira/browse/SHINDIG-463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paul Lindner updated SHINDIG-463:
---------------------------------
Attachment: anontoken.patch
New patch with actual usage..
Here's the critical code that uses an anonymous token. We really only need a
single implementation of an anonymous token, and it can be a singleton. In
this chunk of the code we assign the anonymous token when it is not present in
the request.
This is a good solution because it does not require a ton of custom logic in
each SecurityToken implementation, they can just return true.
===================================================================
---
java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
(revision 678371)
+++
java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
(working copy)
@@ -71,7 +71,8 @@
final String token =
parameters.get(SecurityTokenDecoder.SECURITY_TOKEN_NAME);
if (token == null || token.trim().length() == 0) {
- throw new SecurityTokenException("Missing security token");
+ // No token is present, assume anonymous access
+ return AnonymousSecurityToken.getInstance();
}
try {
> Support Anonymous Security Tokens
> ---------------------------------
>
> Key: SHINDIG-463
> URL: https://issues.apache.org/jira/browse/SHINDIG-463
> Project: Shindig
> Issue Type: Improvement
> Components: Common Components (Java)
> Reporter: Paul Lindner
> Assignee: Paul Lindner
> Attachments: anontoken.patch
>
>
> To support anonymous access for viewer/owner we need to support the concept
> of an anonymous security token.
> To do this we should create an isAnonymous() method in the SecurityToken
> interface and add a new implementation AnonymousSecurityToken.
> These tokens will throw InvalidArgumentException() when an attempt is made to
> access any field.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
