You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Adam Winer (JIRA)" <ji...@apache.org> on 2009/02/06 01:27:59 UTC
[jira] Assigned: (SHINDIG-884) Signed lead to null
pointer exceptions if security token not available
[ https://issues.apache.org/jira/browse/SHINDIG-884?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adam Winer reassigned SHINDIG-884:
----------------------------------
Assignee: Adam Winer
> Signed <Preloads> lead to null pointer exceptions if security token not available
> ---------------------------------------------------------------------------------
>
> Key: SHINDIG-884
> URL: https://issues.apache.org/jira/browse/SHINDIG-884
> Project: Shindig
> Issue Type: Bug
> Components: Gadget Rendering Server (Java)
> Reporter: Adam Winer
> Assignee: Adam Winer
> Priority: Minor
>
> A gadget containing a signed Preload will lead to a NullPointerException if no security token is available:
> org.apache.shindig.gadgets.http.AbstractHttpCache.getOwnerId(AbstractHttpCache.java:149)
> org.apache.shindig.gadgets.http.AbstractHttpCache.createKey(AbstractHttpCache.java:130)
> ... as attempts to create the cache key dereference the SecurityToken without checking against null.
> The cache can't really do anything smart at this point (though throwing an IllegalStateException "no token available for signed request" would be better than the NPE). Arguably, the HttpPreloader should just drop the preload request and hope that the client can obtain a token via other means (e.g., from the hash).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.