You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@shindig.apache.org by "Marshall Shi (JIRA)" <ji...@apache.org> on 2012/07/19 08:07:34 UTC

[jira] [Updated] (SHINDIG-1818) Ambiguous error message when gadgets are not whitelisted

     [ https://issues.apache.org/jira/browse/SHINDIG-1818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marshall Shi updated SHINDIG-1818:
----------------------------------

    Description: 
In Shindig when using gadget whitelisting and feature access control, there are two error messages:

1. Gadget is not whitelisted:
403 The requested gadget is unavailable 

2. Gadget is requesting features that it does not have access too
400 The requested gadget is not authorized for this container

The second error is perfect as it tells me that it has been rejected due to an authorization error AND that it may be config related (Type 400 response).

The first error is ambiguous however, as it looks almost exactly the same as when the server that provides the gadget.xml is unavailable and / or rejects the request.  Please change (1) to something like:
	403 The requested gadget is not authorized for this container
This will tell the user that the gadget is both not authorized and via the response code (403) that it is missing from the whitelist entirely.
    
> Ambiguous error message when gadgets are not whitelisted
> --------------------------------------------------------
>
>                 Key: SHINDIG-1818
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1818
>             Project: Shindig
>          Issue Type: Improvement
>          Components: Java
>    Affects Versions: 2.5.0-beta2
>            Reporter: Marshall Shi
>            Priority: Minor
>             Fix For: 2.5.0-beta2
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> In Shindig when using gadget whitelisting and feature access control, there are two error messages:
> 1. Gadget is not whitelisted:
> 403 The requested gadget is unavailable 
> 2. Gadget is requesting features that it does not have access too
> 400 The requested gadget is not authorized for this container
> The second error is perfect as it tells me that it has been rejected due to an authorization error AND that it may be config related (Type 400 response).
> The first error is ambiguous however, as it looks almost exactly the same as when the server that provides the gadget.xml is unavailable and / or rejects the request.  Please change (1) to something like:
> 	403 The requested gadget is not authorized for this container
> This will tell the user that the gadget is both not authorized and via the response code (403) that it is missing from the whitelist entirely.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira