You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by Alex Wenckus <al...@jivesoftware.com> on 2010/06/25 01:15:11 UTC

DefaultIframeUriManager ignores generated token

Hey all,

The addParam call for the security token at DefaultIframeUriManager :164 will always be templated and the one used in the manager is never generated:

addParam(uri, Param.SECURITY_TOKEN.getKey(), securityToken, true, !securityTokenOnQuery);

I am assuming this is a bug, otherwise why would the securityToken be generated in the first place? I can create a test and patch but just wanted to verify that this was the intended behavior before moving forward?

Thanks,
Alex Wenckus

Re: DefaultIframeUriManager ignores generated token

Posted by Paul Lindner <li...@inuus.com>.

The new common container will supply a security token on an as-needed basis.
 The older container code used the metadata api in inconsistent ways, so I
would not rely on that behavior.

On Thu, Jun 24, 2010 at 4:15 PM, Alex Wenckus <al...@jivesoftware.com> wrote:

> Hey all,
>
> The addParam call for the security token at DefaultIframeUriManager :164
> will always be templated and the one used in the manager is never generated:
>
> addParam(uri, Param.SECURITY_TOKEN.getKey(), securityToken, true,
> !securityTokenOnQuery);
>
> I am assuming this is a bug, otherwise why would the securityToken be
> generated in the first place? I can create a test and patch but just wanted
> to verify that this was the intended behavior before moving forward?
>
> Thanks,
> Alex Wenckus
>

-- 
Paul Lindner -- lindner@inuus.com -- linkedin.com/in/plindner