shindig-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doug Davies (Resolved) (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (SHINDIG-1557) jsonrcptransport.js is using the container security token instead of the gadget security token
Date Tue, 17 Apr 2012 19:09:17 GMT

     [ https://issues.apache.org/jira/browse/SHINDIG-1557?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Doug Davies resolved SHINDIG-1557.
----------------------------------

    Resolution: Cannot Reproduce
    
> jsonrcptransport.js is using the container security token instead of the gadget security
token
> ----------------------------------------------------------------------------------------------
>
>                 Key: SHINDIG-1557
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1557
>             Project: Shindig
>          Issue Type: Bug
>          Components: Javascript 
>    Affects Versions: 2.5.0-beta1
>            Reporter: Doug Davies
>            Assignee: Stanton Sievers
>
> When a gadget makes an rpc request (using common container) the security token returned
to the gadget via the st param is not the one being used for the rpc request.  It is using
the one generated in the container.  This is probably because the rpc call ends up happening
in the context of the container and shindig.auth.getSecurityToken returns that one.  Calls
to userprefs and appdata need the gadget security token so the is has the appid and appurl
to use as db indexes.  Just having the viewer and owner that is inherited from the container
is not enough.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message