You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rave.apache.org by mf...@apache.org on 2012/06/30 17:42:46 UTC

svn commit: r1355749 - in /rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src: main/java/org/apache/rave/provider/opensocial/service/impl/ test/java/org/apache/rave/provider/opensocial/service/

Author: mfranklin
Date: Sat Jun 30 15:42:46 2012
New Revision: 1355749

URL: http://svn.apache.org/viewvc?rev=1355749&view=rev
Log:
fixed security token bug (RAVE-714)

Modified:
    rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java
    rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java

Modified: rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java
URL: http://svn.apache.org/viewvc/rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java?rev=1355749&r1=1355748&r2=1355749&view=diff
==============================================================================
--- rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java (original)
+++ rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java Sat Jun 30 15:42:46 2012
@@ -132,7 +132,7 @@ public class EncryptedBlobSecurityTokenS
         SecurityToken securityToken = this.decryptSecurityToken(encryptedSecurityToken);
 
         //Make sure the person is authorized to refresh this token
-        String userId = String.valueOf(userService.getAuthenticatedUser().getId());
+        String userId = String.valueOf(userService.getAuthenticatedUser().getUsername());
         if (!securityToken.getViewerId().equalsIgnoreCase(userId)) {
             throw new SecurityTokenException("Illegal attempt by user " + userId +
                     " to refresh security token with a viewerId of " + securityToken.getViewerId());
@@ -141,7 +141,7 @@ public class EncryptedBlobSecurityTokenS
         //Create a new RegionWidget instance from it so we can use it to generate a new encrypted token
         RegionWidget regionWidget = new RegionWidgetImpl(securityToken.getModuleId(),
                 new WidgetImpl(-1L, securityToken.getAppUrl()),
-                new RegionImpl(-1L, new PageImpl(-1L, new UserImpl(Long.valueOf(securityToken.getOwnerId()))), -1));
+                new RegionImpl(-1L, new PageImpl(-1L, userService.getUserByUsername(securityToken.getOwnerId())), -1));
 
         //Create and return the newly encrypted token
         return getEncryptedSecurityToken(regionWidget);
@@ -155,8 +155,8 @@ public class EncryptedBlobSecurityTokenS
         values.put(AbstractSecurityToken.Keys.APP_URL.getKey(), regionWidget.getWidget().getUrl());
         values.put(AbstractSecurityToken.Keys.MODULE_ID.getKey(), String.valueOf(regionWidget.getId()));
         values.put(AbstractSecurityToken.Keys.OWNER.getKey(),
-                String.valueOf(regionWidget.getRegion().getPage().getOwner().getId()));
-        values.put(AbstractSecurityToken.Keys.VIEWER.getKey(), String.valueOf(user.getId()));
+                String.valueOf(regionWidget.getRegion().getPage().getOwner().getUsername()));
+        values.put(AbstractSecurityToken.Keys.VIEWER.getKey(), String.valueOf(user.getUsername()));
         values.put(AbstractSecurityToken.Keys.TRUSTED_JSON.getKey(), "");
 
         BlobCrypterSecurityToken securityToken = new BlobCrypterSecurityToken(container, domain, null, values);

Modified: rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java
URL: http://svn.apache.org/viewvc/rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java?rev=1355749&r1=1355748&r2=1355749&view=diff
==============================================================================
--- rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java (original)
+++ rave/trunk/rave-providers/rave-opensocial-provider/rave-opensocial-client/src/test/java/org/apache/rave/provider/opensocial/service/SecurityTokenServiceTest.java Sat Jun 30 15:42:46 2012
@@ -108,13 +108,14 @@ public class SecurityTokenServiceTest {
     @Test
     public void getSecurityToken_validWidget_ownerIsNotViewer() throws SecurityTokenException {
         Long expectedOwnerId = 99999L;
-        validPage.setOwner(new UserImpl(expectedOwnerId));
+        String expected = "Expected";
+        validPage.setOwner(new UserImpl(expectedOwnerId, expected));
 
         expect(userService.getAuthenticatedUser()).andReturn(validPerson).anyTimes();
         replay(userService);
 
         SecurityToken securityToken = securityTokenService.getSecurityToken(validRegionWidget);
-        validateSecurityToken(securityToken, expectedOwnerId);
+        validateSecurityToken(securityToken, expected);
     }
 
     @Test
@@ -141,6 +142,7 @@ public class SecurityTokenServiceTest {
     @Test
     public void refreshEncryptedSecurityToken_validTokenString() throws SecurityTokenException {
         expect(userService.getAuthenticatedUser()).andReturn(validPerson).anyTimes();
+        expect(userService.getUserByUsername(VALID_USER_NAME)).andReturn(validPerson).anyTimes();
         replay(userService);
 
         String encryptedToken = securityTokenService.getEncryptedSecurityToken(validRegionWidget);
@@ -153,14 +155,14 @@ public class SecurityTokenServiceTest {
     }
 
     private void validateSecurityToken(SecurityToken securityToken) {
-        validateSecurityToken(securityToken, VALID_USER_ID);
+        validateSecurityToken(securityToken, VALID_USER_NAME);
     }
 
-    private void validateSecurityToken(SecurityToken securityToken, Long expectedOwnerId) {
+    private void validateSecurityToken(SecurityToken securityToken, String expectedOwnerId) {
         assertNotNull(securityToken);
         assertEquals(VALID_REGION_WIDGET_ID.longValue(), securityToken.getModuleId());
-        assertEquals(expectedOwnerId, Long.valueOf(securityToken.getOwnerId()));
-        assertEquals(VALID_USER_ID, Long.valueOf(securityToken.getViewerId()));
+        assertEquals(expectedOwnerId, securityToken.getOwnerId());
+        assertEquals(VALID_USER_NAME, securityToken.getViewerId());
         assertEquals(VALID_URL, securityToken.getAppUrl());
     }
 }