You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by daviesd <da...@oclc.org> on 2011/09/21 22:13:49 UTC
Re: Review Request: BlobCrypterSecurityTokenCodec tries to use
"instanceof"when the parameter is a Proxied object
Not that I'm allowd to vote, but yes I'd love to have this in the next build
asap.
doug
On 9/21/11 2:13 PM, "Henry Saputra" <hs...@apache.org> wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/1981/#review2005
> -----------------------------------------------------------
>
> Ship it!
>
>
> +1
>
> LGTM, thanks Stanton.
>
> We have to add the new getter methods to AuthContext, I dont see other way
>
> - Henry
>
>
> On 2011-09-21 16:28:56, Stanton Sievers wrote:
>>
>> -----------------------------------------------------------
>> This is an automatically generated e-mail. To reply, visit:
>> https://reviews.apache.org/r/1981/
>> -----------------------------------------------------------
>>
>> (Updated 2011-09-21 16:28:56)
>>
>>
>> Review request for shindig and Henry Saputra.
>>
>>
>> Summary
>> -------
>>
>> See the JIRA for a description of the problem:
>> https://issues.apache.org/jira/browse/SHINDIG-1626
>>
>> This fix is based off a fix Doug Davies implemented with some changes around
>> the parameter checking in BlobCrypterSecurityToken.encodeToken. The check is
>> sufficient because DefaultSecurityTokenCodec creates the correct
>> SecurityTokenCode (Basic or Blob) depending on the container config values of
>> "insecure" or "secure", respectively. We should never get into this code if
>> we're not using a secure configuration; therefore, an authentication mode of
>> SECURITY_TOKEN_URL_PARAMETER implies that we have a BlobCrypterSecurityToken
>> and not some other token, such as Anonymous.
>>
>>
>> This addresses bug SHINDIG-1626.
>> https://issues.apache.org/jira/browse/SHINDIG-1626
>>
>>
>> Diffs
>> -----
>>
>>
>> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/a
>> pache/shindig/auth/BlobCrypterSecurityToken.java 1173205
>>
>> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/a
>> pache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1173205
>>
>> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/a
>> pache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1173205
>>
>> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/a
>> pache/shindig/auth/BlobCrypterSecurityTokenTest.java 1173205
>>
>> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/
>> apache/shindig/gadgets/servlet/GadgetsHandlerApi.java 1173205
>>
>> Diff: https://reviews.apache.org/r/1981/diff
>>
>>
>> Testing
>> -------
>>
>> Tested with a sample gadget that utilizes the osapi feature to print the
>> viewer's name in a secure configuration. The security token is encoded
>> properly in the modified code.
>>
>> Any other testing recommendations are welcome. :)
>>
>>
>> Thanks,
>>
>> Stanton
>>
>>
>
Re: Review Request: BlobCrypterSecurityTokenCodec tries to use
"instanceof"when the parameter is a Proxied object
Posted by daviesd <da...@oclc.org>.
Thanks for getting this committed. I am now able to store my other info in
trustedJson and have accessible in the gadget security token. Nice!
doug
On 9/21/11 4:24 PM, "Henry Saputra" <he...@gmail.com> wrote:
> Doug, your vote count, thanks =)
>
> Any review to help patches better is welcomed.
>
> - Henry
>
>
Re: Review Request: BlobCrypterSecurityTokenCodec tries to use
"instanceof"when the parameter is a Proxied object
Posted by Henry Saputra <he...@gmail.com>.
Doug, your vote count, thanks =)
Any review to help patches better is welcomed.
- Henry
On Wed, Sep 21, 2011 at 1:13 PM, daviesd <da...@oclc.org> wrote:
> Not that I'm allowd to vote, but yes I'd love to have this in the next build
> asap.
>
> doug
>
>
> On 9/21/11 2:13 PM, "Henry Saputra" <hs...@apache.org> wrote:
>
>>
>> -----------------------------------------------------------
>> This is an automatically generated e-mail. To reply, visit:
>> https://reviews.apache.org/r/1981/#review2005
>> -----------------------------------------------------------
>>
>> Ship it!
>>
>>
>> +1
>>
>> LGTM, thanks Stanton.
>>
>> We have to add the new getter methods to AuthContext, I dont see other way
>>
>> - Henry
>>
>>
>> On 2011-09-21 16:28:56, Stanton Sievers wrote:
>>>
>>> -----------------------------------------------------------
>>> This is an automatically generated e-mail. To reply, visit:
>>> https://reviews.apache.org/r/1981/
>>> -----------------------------------------------------------
>>>
>>> (Updated 2011-09-21 16:28:56)
>>>
>>>
>>> Review request for shindig and Henry Saputra.
>>>
>>>
>>> Summary
>>> -------
>>>
>>> See the JIRA for a description of the problem:
>>> https://issues.apache.org/jira/browse/SHINDIG-1626
>>>
>>> This fix is based off a fix Doug Davies implemented with some changes around
>>> the parameter checking in BlobCrypterSecurityToken.encodeToken. The check is
>>> sufficient because DefaultSecurityTokenCodec creates the correct
>>> SecurityTokenCode (Basic or Blob) depending on the container config values of
>>> "insecure" or "secure", respectively. We should never get into this code if
>>> we're not using a secure configuration; therefore, an authentication mode of
>>> SECURITY_TOKEN_URL_PARAMETER implies that we have a BlobCrypterSecurityToken
>>> and not some other token, such as Anonymous.
>>>
>>>
>>> This addresses bug SHINDIG-1626.
>>> https://issues.apache.org/jira/browse/SHINDIG-1626
>>>
>>>
>>> Diffs
>>> -----
>>>
>>>
>>> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/a
>>> pache/shindig/auth/BlobCrypterSecurityToken.java 1173205
>>>
>>> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/a
>>> pache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1173205
>>>
>>> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/a
>>> pache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1173205
>>>
>>> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/a
>>> pache/shindig/auth/BlobCrypterSecurityTokenTest.java 1173205
>>>
>>> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/
>>> apache/shindig/gadgets/servlet/GadgetsHandlerApi.java 1173205
>>>
>>> Diff: https://reviews.apache.org/r/1981/diff
>>>
>>>
>>> Testing
>>> -------
>>>
>>> Tested with a sample gadget that utilizes the osapi feature to print the
>>> viewer's name in a secure configuration. The security token is encoded
>>> properly in the modified code.
>>>
>>> Any other testing recommendations are welcome. :)
>>>
>>>
>>> Thanks,
>>>
>>> Stanton
>>>
>>>
>>
>
>
>