You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by lh...@apache.org on 2009/02/23 04:58:19 UTC
svn commit: r746874 -
/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java
Author: lhazlewood
Date: Mon Feb 23 03:58:19 2009
New Revision: 746874
URL: http://svn.apache.org/viewvc?rev=746874&view=rev
Log:
JSEC-56 - implemented functionality recommended by patch.
Modified:
incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java
Modified: incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java?rev=746874&r1=746873&r2=746874&view=diff
==============================================================================
--- incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java (original)
+++ incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java Mon Feb 23 03:58:19 2009
@@ -51,6 +51,7 @@
* to be an instance of something <em>other</em> than a <code>CookieAttribute</code>.</p>
*
* @author Les Hazlewood
+ * @author Luis Arias
* @since 0.9
*/
public class WebRememberMeManager extends AbstractRememberMeManager {
@@ -207,6 +208,7 @@
ServletResponse response = WebUtils.getRequiredServletResponse();
String base64 = getIdentityAttribute().retrieveValue(request, response);
if (base64 != null) {
+ base64 = ensurePadding(base64);
if (log.isTraceEnabled()) {
log.trace("Acquired Base64 encoded identity [" + base64 + "]");
}
@@ -221,6 +223,27 @@
}
}
+ /**
+ * Sometimes a user agent will send the rememberMe cookie value without padding,
+ * most likely because {@code =} is a separator in the cookie header. Contributed
+ * by Luis Arias.
+ *
+ * @param base64 the base64 encoded String that may need to be padded
+ * @return the base64 String padded if necessary.
+ */
+ private String ensurePadding(String base64) {
+ int length = base64.length();
+ if (length % 4 != 0) {
+ StringBuffer sb = new StringBuffer(base64);
+ for (int i = 0; i < length % 4; ++i) {
+ sb.append('=');
+ }
+ base64 = sb.toString();
+ }
+ return base64;
+ }
+
+
protected void forgetIdentity() {
ServletRequest request = WebUtils.getRequiredServletRequest();
ServletResponse response = WebUtils.getRequiredServletResponse();
Re: Author tags [was : svn commit: r746874 - /incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java]
Posted by Emmanuel Lecharny <el...@apache.org>.
Jeremy Haile wrote:
> On Feb 23, 2009, at 9:37 AM, Les Hazlewood wrote:
>
>> I've thought about this for a bit longer and I feel it is nice for
>> people
>> that aren't committers (whose names that don't appear on in an SVN
>> log) to
>> receive credit for their efforts. They deserve it, even in this minor
>> form. If not via @author tags, how does the ASF recommend to 'give
>> credit
>> where credit is due'?
>
> Giving credit is fine, but I'm not a huge fan of @author tags. I feel
> like, intended or not, they convey a sense of "code ownership". I've
> seen situations where people feel like they can't edit a file because
> someone else is listed as the author - which is obviously not the
> environment we want. Also, am I an author if I edit one log statement
> in a 3000 line class? It just seems messy, hard to accurately
> maintain, and not that meaningful.
>
> I like Emmanuel's ideas of giving credit via a notice file, JIRA, SVN,
> or some other mechanism.
There is one more drawback with names in @authors tags : you get pinged
when someone have a pb with a piece of code many have butchered years
after you created the initial code :)
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
Re: Author tags [was : svn commit: r746874 - /incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java]
Posted by Les Hazlewood <lh...@apache.org>.
Sounds good to me - as long as people are recognized for their efforts
somewhere, I don't care where :)
On Mon, Feb 23, 2009 at 1:45 PM, Jeremy Haile <jh...@fastmail.fm> wrote:
> On Feb 23, 2009, at 9:37 AM, Les Hazlewood wrote:
>
> I've thought about this for a bit longer and I feel it is nice for people
>> that aren't committers (whose names that don't appear on in an SVN log) to
>> receive credit for their efforts. They deserve it, even in this minor
>> form. If not via @author tags, how does the ASF recommend to 'give credit
>> where credit is due'?
>>
>
> Giving credit is fine, but I'm not a huge fan of @author tags. I feel
> like, intended or not, they convey a sense of "code ownership". I've seen
> situations where people feel like they can't edit a file because someone
> else is listed as the author - which is obviously not the environment we
> want. Also, am I an author if I edit one log statement in a 3000 line
> class? It just seems messy, hard to accurately maintain, and not that
> meaningful.
>
> I like Emmanuel's ideas of giving credit via a notice file, JIRA, SVN, or
> some other mechanism.
>
> Just my 2 cents.
>
Re: Author tags [was : svn commit: r746874 - /incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java]
Posted by Jeremy Haile <jh...@fastmail.fm>.
On Feb 23, 2009, at 9:37 AM, Les Hazlewood wrote:
> I've thought about this for a bit longer and I feel it is nice for
> people
> that aren't committers (whose names that don't appear on in an SVN
> log) to
> receive credit for their efforts. They deserve it, even in this minor
> form. If not via @author tags, how does the ASF recommend to 'give
> credit
> where credit is due'?
Giving credit is fine, but I'm not a huge fan of @author tags. I feel
like, intended or not, they convey a sense of "code ownership". I've
seen situations where people feel like they can't edit a file because
someone else is listed as the author - which is obviously not the
environment we want. Also, am I an author if I edit one log statement
in a 3000 line class? It just seems messy, hard to accurately
maintain, and not that meaningful.
I like Emmanuel's ideas of giving credit via a notice file, JIRA, SVN,
or some other mechanism.
Just my 2 cents.
Re: Author tags [was : svn commit: r746874 - /incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java]
Posted by Emmanuel Lecharny <el...@apache.org>.
On Mon, Feb 23, 2009 at 3:37 PM, Les Hazlewood <lh...@apache.org> wrote:
> I've thought about this for a bit longer and I feel it is nice for people
> that aren't committers (whose names that don't appear on in an SVN log) to
> receive credit for their efforts. They deserve it, even in this minor
> form. If not via @author tags, how does the ASF recommend to 'give credit
> where credit is due'?
On the web site, on a notice file and of course, in the JIRA were the
attached patch is present, and on the ML.
Those days, credit come through google. It's more likely to find that
someone has contributed to an OpenSource project if there is a mail
with his name, or his name on an apache web page, as we have more than
200 mirrors.
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: Author tags [was : svn commit: r746874 - /incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java]
Posted by Les Hazlewood <lh...@apache.org>.
I've thought about this for a bit longer and I feel it is nice for people
that aren't committers (whose names that don't appear on in an SVN log) to
receive credit for their efforts. They deserve it, even in this minor
form. If not via @author tags, how does the ASF recommend to 'give credit
where credit is due'?
I don't care if it is via @author tags or something else, as long as they
receive visible credit so we can convey they are a meaningful and
appreciated part of the community.
On Mon, Feb 23, 2009 at 9:34 AM, Les Hazlewood <lh...@apache.org>wrote:
> Its just a practice we've maintained for a while - I have no preference one
> way or the other.
>
> Regards,
>
> Les
>
>
> On Mon, Feb 23, 2009 at 2:16 AM, Emmanuel Lecharny <el...@apache.org>wrote:
>
>> Kalle Korhonen wrote:
>>
>>> I don't know if it's an ASF policy, but yes, I've seen the same
>>> discussions
>>> happening in other projects and the decision has typically been to remove
>>> the author tags. My opinion is that the author tag creates more problem
>>> than
>>> it solves, especially for open source projects.
>>>
>>> Kalle
>>>
>>>
>>>
>> Ok, having spent the 5 minutes to search on Apache site :
>>
>>
>> http://www.apache.org/foundation/records/minutes/2004/board_minutes_2004_09_22.txt
>>
>> "
>>
>> F. Confirming that the current stance on @author tags as
>> per Greg's email message of February is still appropriate
>> (Recommend strongly that @author is avoided; but leave it to
>> each PMC to make the final call with their respective
>> communities.).
>>
>> This was confirmed."
>>
>>
>> So it's recommended, not mandatory. As we don't have a PMC right now (but
>> we will have one when the project will exit incubation), there is no
>> urgency, but I think it's a good timing to decide what to do regarding this
>> item.
>>
>> --
>> --
>> cordialement, regards,
>> Emmanuel Lécharny
>> www.iktek.com
>> directory.apache.org
>>
>>
>>
>
Re: Author tags [was : svn commit: r746874 - /incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java]
Posted by Les Hazlewood <lh...@apache.org>.
Its just a practice we've maintained for a while - I have no preference one
way or the other.
Regards,
Les
On Mon, Feb 23, 2009 at 2:16 AM, Emmanuel Lecharny <el...@apache.org>wrote:
> Kalle Korhonen wrote:
>
>> I don't know if it's an ASF policy, but yes, I've seen the same
>> discussions
>> happening in other projects and the decision has typically been to remove
>> the author tags. My opinion is that the author tag creates more problem
>> than
>> it solves, especially for open source projects.
>>
>> Kalle
>>
>>
>>
> Ok, having spent the 5 minutes to search on Apache site :
>
>
> http://www.apache.org/foundation/records/minutes/2004/board_minutes_2004_09_22.txt
>
> "
>
> F. Confirming that the current stance on @author tags as
> per Greg's email message of February is still appropriate
> (Recommend strongly that @author is avoided; but leave it to
> each PMC to make the final call with their respective
> communities.).
>
> This was confirmed."
>
>
> So it's recommended, not mandatory. As we don't have a PMC right now (but
> we will have one when the project will exit incubation), there is no
> urgency, but I think it's a good timing to decide what to do regarding this
> item.
>
> --
> --
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
>
Re: Author tags [was : svn commit: r746874 - /incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java]
Posted by Emmanuel Lecharny <el...@apache.org>.
Kalle Korhonen wrote:
> I don't know if it's an ASF policy, but yes, I've seen the same discussions
> happening in other projects and the decision has typically been to remove
> the author tags. My opinion is that the author tag creates more problem than
> it solves, especially for open source projects.
>
> Kalle
>
>
Ok, having spent the 5 minutes to search on Apache site :
http://www.apache.org/foundation/records/minutes/2004/board_minutes_2004_09_22.txt
"
F. Confirming that the current stance on @author tags as
per Greg's email message of February is still appropriate
(Recommend strongly that @author is avoided; but leave it to
each PMC to make the final call with their respective
communities.).
This was confirmed."
So it's recommended, not mandatory. As we don't have a PMC right now
(but we will have one when the project will exit incubation), there is
no urgency, but I think it's a good timing to decide what to do
regarding this item.
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
Re: Author tags [was : svn commit: r746874 - /incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java]
Posted by Kalle Korhonen <ka...@gmail.com>.
I don't know if it's an ASF policy, but yes, I've seen the same discussions
happening in other projects and the decision has typically been to remove
the author tags. My opinion is that the author tag creates more problem than
it solves, especially for open source projects.
Kalle
On Sun, Feb 22, 2009 at 10:22 PM, Emmanuel Lecharny <el...@apache.org>wrote:
> Hi,
>
> I don't think it has been discussed before, so let's start now. I'm not
> sure that it's written somewhere on the ASF site, but @author tags are
> strongly discouraged. (
> http://www.theinquirer.net/inquirer/news/207/1037207/apache-enforces-the-removal-of-author-tags).
>
>
> It would be better to replace them by something like :
> @author <a href="mailto:dev@jsecurity.apache.org">Apache JSecurity
> Project</a>
>
> (assuming that the mail address is correct)
>
> The idea is that the code is own by The ASF, not by individuals. The
> objection that those who originally wrote the code would like to see their
> name in the header does not really hold, as :
> - the code can be changed many times since its inception, and we won't put
> all the authors in the header
> - SVN can pretty trace all the authors (svn blame)
> - and we already have a file listing the authors (it can be generated with
> Maven, too)
>
> May be the other mentors can confirm or find evidences I don't have time to
> search for on The ASF site this morning :)
>
> Thanks !
>
> lhazlewood@apache.org wrote:
>
>> Author: lhazlewood
>> Date: Mon Feb 23 03:58:19 2009
>> New Revision: 746874
>>
>> URL: http://svn.apache.org/viewvc?rev=746874&view=rev
>> Log:
>> JSEC-56 - implemented functionality recommended by patch.
>>
>> Modified:
>>
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java
>>
>> Modified:
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java
>> URL:
>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java?rev=746874&r1=746873&r2=746874&view=diff
>>
>> ==============================================================================
>> ---
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java
>> (original)
>> +++
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java
>> Mon Feb 23 03:58:19 2009
>> @@ -51,6 +51,7 @@
>> * to be an instance of something <em>other</em> than a
>> <code>CookieAttribute</code>.</p>
>> *
>> * @author Les Hazlewood
>> + * @author Luis Arias
>>
>>
>
>
> --
> --
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
>
Author tags [was : svn commit: r746874 - /incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java]
Posted by Emmanuel Lecharny <el...@apache.org>.
Hi,
I don't think it has been discussed before, so let's start now. I'm not
sure that it's written somewhere on the ASF site, but @author tags are
strongly discouraged.
(http://www.theinquirer.net/inquirer/news/207/1037207/apache-enforces-the-removal-of-author-tags).
It would be better to replace them by something like :
@author <a href="mailto:dev@jsecurity.apache.org">Apache JSecurity
Project</a>
(assuming that the mail address is correct)
The idea is that the code is own by The ASF, not by individuals. The
objection that those who originally wrote the code would like to see
their name in the header does not really hold, as :
- the code can be changed many times since its inception, and we won't
put all the authors in the header
- SVN can pretty trace all the authors (svn blame)
- and we already have a file listing the authors (it can be generated
with Maven, too)
May be the other mentors can confirm or find evidences I don't have time
to search for on The ASF site this morning :)
Thanks !
lhazlewood@apache.org wrote:
> Author: lhazlewood
> Date: Mon Feb 23 03:58:19 2009
> New Revision: 746874
>
> URL: http://svn.apache.org/viewvc?rev=746874&view=rev
> Log:
> JSEC-56 - implemented functionality recommended by patch.
>
> Modified:
> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java
>
> Modified: incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java
> URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java?rev=746874&r1=746873&r2=746874&view=diff
> ==============================================================================
> --- incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java (original)
> +++ incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebRememberMeManager.java Mon Feb 23 03:58:19 2009
> @@ -51,6 +51,7 @@
> * to be an instance of something <em>other</em> than a <code>CookieAttribute</code>.</p>
> *
> * @author Les Hazlewood
> + * @author Luis Arias
>
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org