You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by Adam Clarke <cl...@gmail.com> on 2012/06/26 20:50:00 UTC

Review Request: Additional OAuth2 Logging Filters

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5592/
-----------------------------------------------------------

Review request for shindig, Stanton Sievers and Brian Lillie.


Description
-------

Adds additional filters for client_secret and refresh_token, which could be considered passwords and shouldn't be logged.


This addresses bug SHINDIG-1813.
    https://issues.apache.org/jira/browse/SHINDIG-1813


Diffs
-----

  http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java 1354123 

Diff: https://reviews.apache.org/r/5592/diff/


Testing
-------

all units pass


Thanks,

Adam Clarke

Re: Review Request: Additional OAuth2 Logging Filters

Posted by Dan Dumont <dd...@us.ibm.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5592/#review8624
-----------------------------------------------------------

Ship it!


Ship It!

- Dan Dumont


On June 26, 2012, 6:50 p.m., Adam Clarke wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/5592/
> -----------------------------------------------------------
> 
> (Updated June 26, 2012, 6:50 p.m.)
> 
> 
> Review request for shindig, Stanton Sievers and Brian Lillie.
> 
> 
> Description
> -------
> 
> Adds additional filters for client_secret and refresh_token, which could be considered passwords and shouldn't be logged.
> 
> 
> This addresses bug SHINDIG-1813.
>     https://issues.apache.org/jira/browse/SHINDIG-1813
> 
> 
> Diffs
> -----
> 
>   http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java 1354123 
> 
> Diff: https://reviews.apache.org/r/5592/diff/
> 
> 
> Testing
> -------
> 
> all units pass
> 
> 
> Thanks,
> 
> Adam Clarke
> 
>

Re: Review Request: Additional OAuth2 Logging Filters

Posted by Brian Lillie <br...@us.ibm.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5592/#review8632
-----------------------------------------------------------


We are already converting the message parameters from the original object to a String here .. wondering whether we should be converting from null to an empty string, when ordinarily I believe null would changed to be "null"


http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java
<https://reviews.apache.org/r/5592/#comment18267>

    Seems like this could be removed, and filterSecrets used where filteredMsg is called.   filteredParam uses filterSecrets directly, but filteredParams does the extra indirect to filteredMsg


- Brian Lillie


On June 26, 2012, 6:50 p.m., Adam Clarke wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/5592/
> -----------------------------------------------------------
> 
> (Updated June 26, 2012, 6:50 p.m.)
> 
> 
> Review request for shindig, Stanton Sievers and Brian Lillie.
> 
> 
> Description
> -------
> 
> Adds additional filters for client_secret and refresh_token, which could be considered passwords and shouldn't be logged.
> 
> 
> This addresses bug SHINDIG-1813.
>     https://issues.apache.org/jira/browse/SHINDIG-1813
> 
> 
> Diffs
> -----
> 
>   http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java 1354123 
> 
> Diff: https://reviews.apache.org/r/5592/diff/
> 
> 
> Testing
> -------
> 
> all units pass
> 
> 
> Thanks,
> 
> Adam Clarke
> 
>

Re: Review Request: Additional OAuth2 Logging Filters

Posted by Stanton Sievers <si...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5592/#review8657
-----------------------------------------------------------


Adam, I'm seeing some test failures when I applied and built this patch.  Can you check them out?

Failed tests: 
  testFilterSecrets_2(org.apache.shindig.gadgets.oauth2.logger.FilteredLoggerTest): expected:<> but was:<null>
  testFilterSecrets_5(org.apache.shindig.gadgets.oauth2.logger.FilteredLoggerTest): expected:<[]REMOVED> but was:<[Authorization:]REMOVED>

- Stanton Sievers


On June 27, 2012, 12:02 p.m., Adam Clarke wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/5592/
> -----------------------------------------------------------
> 
> (Updated June 27, 2012, 12:02 p.m.)
> 
> 
> Review request for shindig, Stanton Sievers and Brian Lillie.
> 
> 
> Description
> -------
> 
> Adds additional filters for client_secret and refresh_token, which could be considered passwords and shouldn't be logged.
> 
> 
> This addresses bug SHINDIG-1813.
>     https://issues.apache.org/jira/browse/SHINDIG-1813
> 
> 
> Diffs
> -----
> 
>   http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java 1354123 
> 
> Diff: https://reviews.apache.org/r/5592/diff/
> 
> 
> Testing
> -------
> 
> all units pass
> 
> 
> Thanks,
> 
> Adam Clarke
> 
>

Re: Review Request: Additional OAuth2 Logging Filters

Posted by Stanton Sievers <si...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5592/#review8752
-----------------------------------------------------------

Ship it!


Committed revision 1355472.  Please close this review.

- Stanton Sievers


On June 29, 2012, 1:12 p.m., Adam Clarke wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/5592/
> -----------------------------------------------------------
> 
> (Updated June 29, 2012, 1:12 p.m.)
> 
> 
> Review request for shindig, Stanton Sievers and Brian Lillie.
> 
> 
> Description
> -------
> 
> Adds additional filters for client_secret and refresh_token, which could be considered passwords and shouldn't be logged.
> 
> 
> This addresses bug SHINDIG-1813.
>     https://issues.apache.org/jira/browse/SHINDIG-1813
> 
> 
> Diffs
> -----
> 
>   http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java 1355349 
>   http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java 1355349 
> 
> Diff: https://reviews.apache.org/r/5592/diff/
> 
> 
> Testing
> -------
> 
> all units pass
> 
> 
> Thanks,
> 
> Adam Clarke
> 
>

Re: Review Request: Additional OAuth2 Logging Filters

Posted by Adam Clarke <cl...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5592/
-----------------------------------------------------------

(Updated June 29, 2012, 1:12 p.m.)


Review request for shindig, Stanton Sievers and Brian Lillie.


Changes
-------

Fixes test cases.


Description
-------

Adds additional filters for client_secret and refresh_token, which could be considered passwords and shouldn't be logged.


This addresses bug SHINDIG-1813.
    https://issues.apache.org/jira/browse/SHINDIG-1813


Diffs (updated)
-----

  http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java 1355349 
  http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLoggerTest.java 1355349 

Diff: https://reviews.apache.org/r/5592/diff/


Testing
-------

all units pass


Thanks,

Adam Clarke

Re: Review Request: Additional OAuth2 Logging Filters

Posted by Brian Lillie <br...@us.ibm.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5592/#review8654
-----------------------------------------------------------

Ship it!


LGTM

- Brian Lillie


On June 27, 2012, 12:02 p.m., Adam Clarke wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/5592/
> -----------------------------------------------------------
> 
> (Updated June 27, 2012, 12:02 p.m.)
> 
> 
> Review request for shindig, Stanton Sievers and Brian Lillie.
> 
> 
> Description
> -------
> 
> Adds additional filters for client_secret and refresh_token, which could be considered passwords and shouldn't be logged.
> 
> 
> This addresses bug SHINDIG-1813.
>     https://issues.apache.org/jira/browse/SHINDIG-1813
> 
> 
> Diffs
> -----
> 
>   http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java 1354123 
> 
> Diff: https://reviews.apache.org/r/5592/diff/
> 
> 
> Testing
> -------
> 
> all units pass
> 
> 
> Thanks,
> 
> Adam Clarke
> 
>

Re: Review Request: Additional OAuth2 Logging Filters

Posted by Adam Clarke <cl...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5592/
-----------------------------------------------------------

(Updated June 27, 2012, 12:02 p.m.)


Review request for shindig, Stanton Sievers and Brian Lillie.


Changes
-------

Addresses Brian's comment.


Description
-------

Adds additional filters for client_secret and refresh_token, which could be considered passwords and shouldn't be logged.


This addresses bug SHINDIG-1813.
    https://issues.apache.org/jira/browse/SHINDIG-1813


Diffs (updated)
-----

  http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/logger/FilteredLogger.java 1354123 

Diff: https://reviews.apache.org/r/5592/diff/


Testing
-------

all units pass


Thanks,

Adam Clarke