Reviewers: dev-remailer_shindig.apache.org,
Description:
Right now, it is impossible for a custom
org.apache.shindig.auth.SecurityTokenDecoder to pass a redirect URL to
org.apache.shindig.auth.AuthenticationServletFilter#doFilter, for it to
issue a redirect instead of returning a 401 ("SC_UNAUTHORIZED")
response.
The fix is to add a "redirect" field and corresponding accessor method
to org.apache.shindig.auth.SecurityTokenException.
AuthenticationHandler.InvalidAuthenticationException already has a slot
for this.
Please review this at http://codereview.appspot.com/1680047/show
Affected files:
java/common/src/main/java/org/apache/shindig/auth/SecurityTokenException.java
java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
Index:
java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
===================================================================
---
java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
(revision 957790)
+++
java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
(working copy)
@@ -56,7 +56,8 @@
return securityTokenDecoder.createToken(parameters);
} catch (SecurityTokenException e) {
throw new InvalidAuthenticationException("Malformed security token "
+
- parameters.get(SecurityTokenDecoder.SECURITY_TOKEN_NAME), e);
+ parameters.get(SecurityTokenDecoder.SECURITY_TOKEN_NAME), e,
null,
+ e.getRedirect());
}
}
Index:
java/common/src/main/java/org/apache/shindig/auth/SecurityTokenException.java
===================================================================
---
java/common/src/main/java/org/apache/shindig/auth/SecurityTokenException.java
(revision 957790)
+++
java/common/src/main/java/org/apache/shindig/auth/SecurityTokenException.java
(working copy)
@@ -22,13 +22,33 @@
* Exceptions thrown by SecurityTokenDecoder implementations.
*/
public class SecurityTokenException extends Exception {
+
+ // URL to which to redirect
+ private String redirect;
+
public SecurityTokenException(String message) {
super(message);
}
+
public SecurityTokenException(Exception cause) {
super(cause);
}
+
public SecurityTokenException(String message, Exception cause) {
super(message, cause);
}
+
+ public SecurityTokenException(Exception cause, String redirect) {
+ super(cause);
+ this.redirect = redirect;
+ }
+
+ public SecurityTokenException(String message, Exception cause, String
redirect) {
+ super(message, cause);
+ this.redirect = redirect;
+ }
+
+ public String getRedirect() {
+ return redirect;
+ }
}
