You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by do...@apache.org on 2008/07/09 18:33:22 UTC
svn commit: r675251 -
/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
Author: doll
Date: Wed Jul 9 09:33:21 2008
New Revision: 675251
URL: http://svn.apache.org/viewvc?rev=675251&view=rev
Log:
SHINDIG-434
Patch by Adam Winer. The BasicSecurityTokenDecoder now throws a better exception for malformed tokens.
Modified:
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
Modified: incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java?rev=675251&r1=675250&r2=675251&view=diff
==============================================================================
--- incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java (original)
+++ incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java Wed Jul 9 09:33:21 2008
@@ -39,6 +39,7 @@
private static final int CONTAINER_INDEX = 3;
private static final int APP_URL_INDEX = 4;
private static final int MODULE_ID_INDEX = 5;
+ private static final int TOKEN_COUNT = MODULE_ID_INDEX + 1;
/**
* {@inheritDoc}
@@ -55,6 +56,10 @@
try {
String[] tokens = token.split(":");
+ if (tokens.length != TOKEN_COUNT) {
+ throw new SecurityTokenException("Malformed security token");
+ }
+
return new BasicSecurityToken(
URLDecoder.decode(tokens[OWNER_INDEX], "UTF-8"),
URLDecoder.decode(tokens[VIEWER_INDEX], "UTF-8"),