Signed <Preloads> lead to null pointer exceptions if security token not
available
---------------------------------------------------------------------------------
Key: SHINDIG-884
URL: https://issues.apache.org/jira/browse/SHINDIG-884
Project: Shindig
Issue Type: Bug
Components: Gadget Rendering Server (Java)
Reporter: Adam Winer
Priority: Minor
A gadget containing a signed Preload will lead to a NullPointerException if no
security token is available:
org.apache.shindig.gadgets.http.AbstractHttpCache.getOwnerId(AbstractHttpCache.java:149)
org.apache.shindig.gadgets.http.AbstractHttpCache.createKey(AbstractHttpCache.java:130)
... as attempts to create the cache key dereference the SecurityToken without
checking against null.
The cache can't really do anything smart at this point (though throwing an
IllegalStateException "no token available for signed request" would be better
than the NPE). Arguably, the HttpPreloader should just drop the preload
request and hope that the client can obtain a token via other means (e.g., from
the hash).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
