You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by li...@apache.org on 2008/08/12 15:44:37 UTC

svn commit: r685147 - in /incubator/shindig/trunk/java: common/src/main/java/org/apache/shindig/common/ common/src/main/java/org/apache/shindig/common/testing/ social-api/src/main/java/org/apache/shindig/social/core/oauth/

Author: lindner
Date: Tue Aug 12 06:44:36 2008
New Revision: 685147

URL: http://svn.apache.org/viewvc?rev=685147&view=rev
Log:
SHINDIG-463 | Explicit support of Anonymous tokens

Added:
    incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/AnonymousSecurityToken.java
Modified:
    incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityToken.java
    incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
    incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/SecurityToken.java
    incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/testing/FakeGadgetToken.java
    incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthSecurityToken.java

Added: incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/AnonymousSecurityToken.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/AnonymousSecurityToken.java?rev=685147&view=auto
==============================================================================
--- incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/AnonymousSecurityToken.java (added)
+++ incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/AnonymousSecurityToken.java Tue Aug 12 06:44:36 2008
@@ -0,0 +1,60 @@
+package org.apache.shindig.common;
+
+/**
+ * A special class of Token representing the anonymous viewer/owner
+ *
+ * All methods except for isAnonymous will throw IllegalArgumentExceptions
+ */
+public class AnonymousSecurityToken implements SecurityToken {
+  private static final SecurityToken instance = new AnonymousSecurityToken();
+
+  /**
+   * Private method, please use getInstance()
+   */
+  private AnonymousSecurityToken() {
+  }
+
+  public static SecurityToken getInstance() {
+    return instance;
+  }
+
+  public String toSerialForm() {
+    throw new IllegalArgumentException();
+  }
+
+  public String getOwnerId() {
+    throw new IllegalArgumentException();
+  }
+
+  public String getViewerId() {
+    throw new IllegalArgumentException();
+  }
+
+  public String getAppId() {
+    throw new IllegalArgumentException();
+  }
+
+  public String getDomain() {
+    throw new IllegalArgumentException();
+  }
+
+  public String getAppUrl() {
+    throw new IllegalArgumentException();
+  }
+
+  public long getModuleId() {
+    throw new IllegalArgumentException();
+  }
+
+  public String getUpdatedToken() {
+    throw new IllegalArgumentException();
+  }
+
+  public String getTrustedJson() {
+    throw new IllegalArgumentException();
+  }
+
+  public boolean isAnonymous() {
+    return true;
+  }
+}

Modified: incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityToken.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityToken.java?rev=685147&r1=685146&r2=685147&view=diff
==============================================================================
--- incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityToken.java (original)
+++ incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityToken.java Tue Aug 12 06:44:36 2008
@@ -134,4 +134,11 @@
   public String getTrustedJson() {
     return null;
   }
+
+  /**
+   * {@inheritDoc}
+   */
+  public boolean isAnonymous() {
+    return false;
+  }
 }

Modified: incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java?rev=685147&r1=685146&r2=685147&view=diff
==============================================================================
--- incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java (original)
+++ incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java Tue Aug 12 06:44:36 2008
@@ -71,7 +71,8 @@
 
     final String token = parameters.get(SecurityTokenDecoder.SECURITY_TOKEN_NAME);
     if (token == null || token.trim().length() == 0) {
-      throw new SecurityTokenException("Missing security token");
+      // No token is present, assume anonymous access
+      return AnonymousSecurityToken.getInstance();
     }
 
     try {

Modified: incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/SecurityToken.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/SecurityToken.java?rev=685147&r1=685146&r2=685147&view=diff
==============================================================================
--- incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/SecurityToken.java (original)
+++ incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/SecurityToken.java Tue Aug 12 06:44:36 2008
@@ -74,4 +74,10 @@
    * is no JSON from the container.
    */
   public String getTrustedJson();
+
+
+  /**
+   * @return true if the token is for an anonymous viewer/owner
+   */
+  public boolean isAnonymous();
 }

Modified: incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/testing/FakeGadgetToken.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/testing/FakeGadgetToken.java?rev=685147&r1=685146&r2=685147&view=diff
==============================================================================
--- incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/testing/FakeGadgetToken.java (original)
+++ incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/testing/FakeGadgetToken.java Tue Aug 12 06:44:36 2008
@@ -115,6 +115,10 @@
   public String getTrustedJson() {
     return trustedJson;
   }
+
+  public boolean isAnonymous() {
+    return false;
+  }
   
   /**
    * Create a fake security token parameter string, allows passing around a 

Modified: incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthSecurityToken.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthSecurityToken.java?rev=685147&r1=685146&r2=685147&view=diff
==============================================================================
--- incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthSecurityToken.java (original)
+++ incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthSecurityToken.java Tue Aug 12 06:44:36 2008
@@ -70,4 +70,7 @@
   public String getTrustedJson() {
     throw new UnsupportedOperationException();
   }
+  public boolean isAnonymous() {
+    return false;
+  }
 }

Re: svn commit: r685147 - in /incubator/shindig/trunk/java: common/src/main/java/org/apache/shindig/common/ common/src/main/java/org/apache/shindig/common/testing/ social-api/src/main/java/org/apache/shindig/social/core/oauth/

Posted by Cassie <do...@google.com>.

On Tue, Aug 12, 2008 at 6:44 AM, <li...@apache.org> wrote:

> Author: lindner
> Date: Tue Aug 12 06:44:36 2008
> New Revision: 685147
>
> URL: http://svn.apache.org/viewvc?rev=685147&view=rev
> Log:
> SHINDIG-463 | Explicit support of Anonymous tokens
>
> Added:
>
>  incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/AnonymousSecurityToken.java
> Modified:
>
>  incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityToken.java
>
>  incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
>
>  incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/SecurityToken.java
>
>  incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/testing/FakeGadgetToken.java
>
>  incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthSecurityToken.java
>
> Added:
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/AnonymousSecurityToken.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/AnonymousSecurityToken.java?rev=685147&view=auto
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/AnonymousSecurityToken.java
> (added)
> +++
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/AnonymousSecurityToken.java
> Tue Aug 12 06:44:36 2008
> @@ -0,0 +1,60 @@
> +package org.apache.shindig.common;
> +
> +/**
> + * A special class of Token representing the anonymous viewer/owner
> + *
> + * All methods except for isAnonymous will throw IllegalArgumentExceptions
> + */
> +public class AnonymousSecurityToken implements SecurityToken {
> +  private static final SecurityToken instance = new
> AnonymousSecurityToken();
> +
> +  /**
> +   * Private method, please use getInstance()
> +   */
> +  private AnonymousSecurityToken() {
> +  }
> +
> +  public static SecurityToken getInstance() {
> +    return instance;
> +  }
> +
> +  public String toSerialForm() {
> +    throw new IllegalArgumentException();
> +  }
> +
> +  public String getOwnerId() {
> +    throw new IllegalArgumentException();
> +  }
> +
> +  public String getViewerId() {
> +    throw new IllegalArgumentException();
> +  }
> +
> +  public String getAppId() {
> +    throw new IllegalArgumentException();
> +  }
> +
> +  public String getDomain() {
> +    throw new IllegalArgumentException();
> +  }
> +
> +  public String getAppUrl() {
> +    throw new IllegalArgumentException();
> +  }
> +
> +  public long getModuleId() {
> +    throw new IllegalArgumentException();
> +  }
> +
> +  public String getUpdatedToken() {
> +    throw new IllegalArgumentException();
> +  }
> +
> +  public String getTrustedJson() {
> +    throw new IllegalArgumentException();
> +  }
> +
> +  public boolean isAnonymous() {
> +    return true;
> +  }
> +}
>
> Modified:
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityToken.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityToken.java?rev=685147&r1=685146&r2=685147&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityToken.java
> (original)
> +++
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityToken.java
> Tue Aug 12 06:44:36 2008
> @@ -134,4 +134,11 @@
>   public String getTrustedJson() {
>     return null;
>   }
> +
> +  /**
> +   * {@inheritDoc}
> +   */
> +  public boolean isAnonymous() {
> +    return false;
> +  }
>  }
>
> Modified:
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java?rev=685147&r1=685146&r2=685147&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
> (original)
> +++
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
> Tue Aug 12 06:44:36 2008
> @@ -71,7 +71,8 @@
>
>     final String token =
> parameters.get(SecurityTokenDecoder.SECURITY_TOKEN_NAME);
>     if (token == null || token.trim().length() == 0) {
> -      throw new SecurityTokenException("Missing security token");
> +      // No token is present, assume anonymous access
> +      return AnonymousSecurityToken.getInstance();



On the social side we don't want to do this. We have a guice flag which
indicates whether anon tokens are allowed. If they are allowed then the
AnonAuthHandler will make one. It shouldn't be done in the
BasicSecurityTokenDecoder because then it isn't very clear whether an st was
actually found or not.


>
>     }
>
>     try {
>
> Modified:
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/SecurityToken.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/SecurityToken.java?rev=685147&r1=685146&r2=685147&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/SecurityToken.java
> (original)
> +++
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/SecurityToken.java
> Tue Aug 12 06:44:36 2008
> @@ -74,4 +74,10 @@
>    * is no JSON from the container.
>    */
>   public String getTrustedJson();
> +
> +
> +  /**
> +   * @return true if the token is for an anonymous viewer/owner
> +   */
> +  public boolean isAnonymous();
>  }
>
> Modified:
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/testing/FakeGadgetToken.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/testing/FakeGadgetToken.java?rev=685147&r1=685146&r2=685147&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/testing/FakeGadgetToken.java
> (original)
> +++
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/testing/FakeGadgetToken.java
> Tue Aug 12 06:44:36 2008
> @@ -115,6 +115,10 @@
>   public String getTrustedJson() {
>     return trustedJson;
>   }
> +
> +  public boolean isAnonymous() {
> +    return false;
> +  }
>
>   /**
>    * Create a fake security token parameter string, allows passing around a
>
> Modified:
> incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthSecurityToken.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthSecurityToken.java?rev=685147&r1=685146&r2=685147&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthSecurityToken.java
> (original)
> +++
> incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthSecurityToken.java
> Tue Aug 12 06:44:36 2008
> @@ -70,4 +70,7 @@
>   public String getTrustedJson() {
>     throw new UnsupportedOperationException();
>   }
> +  public boolean isAnonymous() {
> +    return false;
> +  }
>  }
>
>
>