You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by ja...@gmail.com on 2010/06/29 03:21:34 UTC

Allow SecurityTokenDecoder to communicate redirect URL to AuthenticationServletFilter (issue1680047)

Reviewers: dev-remailer_shindig.apache.org,

Description:
Right now, it is impossible for a custom
org.apache.shindig.auth.SecurityTokenDecoder to pass a redirect URL to
org.apache.shindig.auth.AuthenticationServletFilter#doFilter, for it to
issue a redirect instead of returning a 401 ("SC_UNAUTHORIZED")
response.

The fix is to add a "redirect" field and corresponding accessor method
to org.apache.shindig.auth.SecurityTokenException.

AuthenticationHandler.InvalidAuthenticationException already has a slot
for this.

Please review this at http://codereview.appspot.com/1680047/show

Affected files:
    
java/common/src/main/java/org/apache/shindig/auth/SecurityTokenException.java
    
java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java


Index:  
java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
===================================================================
---  
java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java	 
(revision 957790)
+++  
java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java	 
(working copy)
@@ -56,7 +56,8 @@
        return securityTokenDecoder.createToken(parameters);
      } catch (SecurityTokenException e) {
        throw new InvalidAuthenticationException("Malformed security token "  
+
-          parameters.get(SecurityTokenDecoder.SECURITY_TOKEN_NAME), e);
+              parameters.get(SecurityTokenDecoder.SECURITY_TOKEN_NAME), e,  
null,
+              e.getRedirect());
      }
    }

Index:  
java/common/src/main/java/org/apache/shindig/auth/SecurityTokenException.java
===================================================================
---  
java/common/src/main/java/org/apache/shindig/auth/SecurityTokenException.java	 
(revision 957790)
+++  
java/common/src/main/java/org/apache/shindig/auth/SecurityTokenException.java	 
(working copy)
@@ -22,13 +22,33 @@
   * Exceptions thrown by SecurityTokenDecoder implementations.
   */
  public class SecurityTokenException extends Exception {
+
+  // URL to which to redirect
+  private String redirect;
+
    public SecurityTokenException(String message) {
      super(message);
    }
+
    public SecurityTokenException(Exception cause) {
      super(cause);
    }
+
    public SecurityTokenException(String message, Exception cause) {
      super(message, cause);
    }
+
+  public SecurityTokenException(Exception cause, String redirect) {
+    super(cause);
+    this.redirect = redirect;
+  }
+
+  public SecurityTokenException(String message, Exception cause, String  
redirect) {
+    super(message, cause);
+    this.redirect = redirect;
+  }
+
+  public String getRedirect() {
+    return redirect;
+  }
  }