You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by aw...@apache.org on 2009/02/17 21:35:03 UTC
svn commit: r745246 - in /incubator/shindig/trunk/java/gadgets/src:
main/java/org/apache/shindig/gadgets/http/AbstractHttpCache.java
test/java/org/apache/shindig/gadgets/http/AbstractHttpCacheTest.java
Author: awiner
Date: Tue Feb 17 20:35:03 2009
New Revision: 745246
URL: http://svn.apache.org/viewvc?rev=745246&view=rev
Log:
SHINDIG-884: Signed Preloads lead to null pointer exceptions if security token not available
- createKey() now throws an IllegalArgumentException if the request is unsignable. The requests still fail (as they should), but the error message will be more helpful
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/AbstractHttpCache.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/AbstractHttpCacheTest.java
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/AbstractHttpCache.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/AbstractHttpCache.java?rev=745246&r1=745245&r2=745246&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/AbstractHttpCache.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/AbstractHttpCache.java Tue Feb 17 20:35:03 2009
@@ -121,6 +121,11 @@
* individual methods for details.
*/
public String createKey(HttpRequest request) {
+ if ((request.getAuthType() != AuthType.NONE) &&
+ (request.getSecurityToken() == null)) {
+ throw new IllegalArgumentException("Cannot sign request without security token: [" + request + "]");
+ }
+
String uri = request.getUri().toString();
StringBuilder key = new StringBuilder(uri.length() * 2);
key.append(request.getUri());
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/AbstractHttpCacheTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/AbstractHttpCacheTest.java?rev=745246&r1=745245&r2=745246&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/AbstractHttpCacheTest.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/AbstractHttpCacheTest.java Tue Feb 17 20:35:03 2009
@@ -253,6 +253,39 @@
assertEquals(key.toString(), actual);
}
+ @Test(expected = IllegalArgumentException.class)
+ public void createKeyWithoutSecurityToken() throws Exception {
+ OAuthArguments args = new OAuthArguments(new RequestAuthenticationInfo() {
+
+ public Map<String, String> getAttributes() {
+ return ImmutableMap.of();
+ }
+
+ public AuthType getAuthType() {
+ return AuthType.SIGNED;
+ }
+
+ public Uri getHref() {
+ return DEFAULT_URI;
+ }
+
+ public boolean isSignOwner() {
+ return true;
+ }
+
+ public boolean isSignViewer() {
+ return false;
+ }
+ });
+
+ HttpRequest request = new HttpRequest(DEFAULT_URI)
+ .setAuthType(AuthType.SIGNED)
+ .setOAuthArguments(args);
+
+ cache.createKey(request);
+ }
+
+
@Test
public void getResponse() {
HttpRequest request = new HttpRequest(DEFAULT_URI);