Return-Path: X-Original-To: apmail-shindig-issues-archive@www.apache.org Delivered-To: apmail-shindig-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 67AB67AE0 for ; Thu, 22 Sep 2011 04:36:51 +0000 (UTC) Received: (qmail 58844 invoked by uid 500); 22 Sep 2011 04:36:51 -0000 Delivered-To: apmail-shindig-issues-archive@shindig.apache.org Received: (qmail 58817 invoked by uid 500); 22 Sep 2011 04:36:50 -0000 Mailing-List: contact issues-help@shindig.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@shindig.apache.org Delivered-To: mailing list issues@shindig.apache.org Received: (qmail 58796 invoked by uid 99); 22 Sep 2011 04:36:50 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Sep 2011 04:36:50 +0000 X-ASF-Spam-Status: No, hits=-2000.5 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Sep 2011 04:36:47 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 9DB98A7ADF for ; Thu, 22 Sep 2011 04:36:26 +0000 (UTC) Date: Thu, 22 Sep 2011 04:36:26 +0000 (UTC) From: "Henry Saputra (JIRA)" To: issues@shindig.apache.org Message-ID: <1933702783.948.1316666186642.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <1019075666.46593.1316534409605.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (SHINDIG-1626) BlobCrypterSecurityTokenCodec tries to use "instanceof" when the parameter is a Proxied object MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/SHINDIG-1626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13112320#comment-13112320 ] Henry Saputra commented on SHINDIG-1626: ---------------------------------------- Could you attach the patch to the JIRA? > BlobCrypterSecurityTokenCodec tries to use "instanceof" when the parameter is a Proxied object > ---------------------------------------------------------------------------------------------- > > Key: SHINDIG-1626 > URL: https://issues.apache.org/jira/browse/SHINDIG-1626 > Project: Shindig > Issue Type: Bug > Components: Java > Affects Versions: 3.0.0 > Reporter: Stanton Sievers > > When using the default implementation of "secure" security tokens in Shindig, we use BlobCrypterSecurityTokenCodec and BlobCrypterSecurityToken as our SecurityTokenCodec and SecurityToken, respectively. This is all well and good until we try to generate an iframeurl with the security token in it. Security tokens are only added as an iframeurl query parameter when the gadget requires the "security-token" feature, explicitly or implicitly through other requires such as "opensocial". > In short, DefaultIframeUriManager tries to generate the "st" query parameter and we get into BlobCrypterSecurityTokenCodec.encodeToken(SecurityToken) which checks if token instanceof BlobCrypterSecurityToken. This instanceof returns false because BlobCrypterSecurityToken has been Proxied by GadgetsHandlerService.convertAuthContext(AuthContext, String, String). The aforementioned encodeToken method relies on being able to call BlocCrypterSecurityToken.encrypt(), which is not a method that exists on SecurityToken for which the Proxy was created. > The result is that the iframeurl "st" query parameter is templated. That is, we get "...&st="%25st%25"..." for the iframeurl. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira