You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rave.apache.org by mf...@apache.org on 2012/06/30 17:42:46 UTC
svn commit: r1355749 - in
/rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src:
main/java/org/apache/rave/provider/opensocial/service/impl/
test/java/org/apache/rave/provider/opensocial/service/
Author: mfranklin
Date: Sat Jun 30 15:42:46 2012
New Revision: 1355749
URL: http://svn.apache.org/viewvc?rev=1355749&view=rev
Log:
fixed security token bug (RAVE-714)
Modified:
rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java
rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java
Modified: rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java
URL: http://svn.apache.org/viewvc/rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java?rev=1355749&r1=1355748&r2=1355749&view=diff
==============================================================================
--- rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java (original)
+++ rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java Sat Jun 30 15:42:46 2012
@@ -132,7 +132,7 @@ public class EncryptedBlobSecurityTokenS
SecurityToken securityToken = this.decryptSecurityToken(encryptedSecurityToken);
//Make sure the person is authorized to refresh this token
- String userId = String.valueOf(userService.getAuthenticatedUser().getId());
+ String userId = String.valueOf(userService.getAuthenticatedUser().getUsername());
if (!securityToken.getViewerId().equalsIgnoreCase(userId)) {
throw new SecurityTokenException("Illegal attempt by user " + userId +
" to refresh security token with a viewerId of " + securityToken.getViewerId());
@@ -141,7 +141,7 @@ public class EncryptedBlobSecurityTokenS
//Create a new RegionWidget instance from it so we can use it to generate a new encrypted token
RegionWidget regionWidget = new RegionWidgetImpl(securityToken.getModuleId(),
new WidgetImpl(-1L, securityToken.getAppUrl()),
- new RegionImpl(-1L, new PageImpl(-1L, new UserImpl(Long.valueOf(securityToken.getOwnerId()))), -1));
+ new RegionImpl(-1L, new PageImpl(-1L, userService.getUserByUsername(securityToken.getOwnerId())), -1));
//Create and return the newly encrypted token
return getEncryptedSecurityToken(regionWidget);
@@ -155,8 +155,8 @@ public class EncryptedBlobSecurityTokenS
values.put(AbstractSecurityToken.Keys.APP_URL.getKey(), regionWidget.getWidget().getUrl());
values.put(AbstractSecurityToken.Keys.MODULE_ID.getKey(), String.valueOf(regionWidget.getId()));
values.put(AbstractSecurityToken.Keys.OWNER.getKey(),
- String.valueOf(regionWidget.getRegion().getPage().getOwner().getId()));
- values.put(AbstractSecurityToken.Keys.VIEWER.getKey(), String.valueOf(user.getId()));
+ String.valueOf(regionWidget.getRegion().getPage().getOwner().getUsername()));
+ values.put(AbstractSecurityToken.Keys.VIEWER.getKey(), String.valueOf(user.getUsername()));
values.put(AbstractSecurityToken.Keys.TRUSTED_JSON.getKey(), "");
BlobCrypterSecurityToken securityToken = new BlobCrypterSecurityToken(container, domain, null, values);
Modified: rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java
URL: http://svn.apache.org/viewvc/rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java?rev=1355749&r1=1355748&r2=1355749&view=diff
==============================================================================
--- rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java (original)
+++ rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java Sat Jun 30 15:42:46 2012
@@ -108,13 +108,14 @@ public class SecurityTokenServiceTest {
@Test
public void getSecurityToken_validWidget_ownerIsNotViewer() throws SecurityTokenException {
Long expectedOwnerId = 99999L;
- validPage.setOwner(new UserImpl(expectedOwnerId));
+ String expected = "Expected";
+ validPage.setOwner(new UserImpl(expectedOwnerId, expected));
expect(userService.getAuthenticatedUser()).andReturn(validPerson).anyTimes();
replay(userService);
SecurityToken securityToken = securityTokenService.getSecurityToken(validRegionWidget);
- validateSecurityToken(securityToken, expectedOwnerId);
+ validateSecurityToken(securityToken, expected);
}
@Test
@@ -141,6 +142,7 @@ public class SecurityTokenServiceTest {
@Test
public void refreshEncryptedSecurityToken_validTokenString() throws SecurityTokenException {
expect(userService.getAuthenticatedUser()).andReturn(validPerson).anyTimes();
+ expect(userService.getUserByUsername(VALID_USER_NAME)).andReturn(validPerson).anyTimes();
replay(userService);
String encryptedToken = securityTokenService.getEncryptedSecurityToken(validRegionWidget);
@@ -153,14 +155,14 @@ public class SecurityTokenServiceTest {
}
private void validateSecurityToken(SecurityToken securityToken) {
- validateSecurityToken(securityToken, VALID_USER_ID);
+ validateSecurityToken(securityToken, VALID_USER_NAME);
}
- private void validateSecurityToken(SecurityToken securityToken, Long expectedOwnerId) {
+ private void validateSecurityToken(SecurityToken securityToken, String expectedOwnerId) {
assertNotNull(securityToken);
assertEquals(VALID_REGION_WIDGET_ID.longValue(), securityToken.getModuleId());
- assertEquals(expectedOwnerId, Long.valueOf(securityToken.getOwnerId()));
- assertEquals(VALID_USER_ID, Long.valueOf(securityToken.getViewerId()));
+ assertEquals(expectedOwnerId, securityToken.getOwnerId());
+ assertEquals(VALID_USER_NAME, securityToken.getViewerId());
assertEquals(VALID_URL, securityToken.getAppUrl());
}
}