----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/760/#review698 -----------------------------------------------------------
trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java <https://reviews.apache.org/r/760/#comment1400> Ok sounds good LGTM - Ryan On 2011-05-19 18:47:32, Henry Saputra wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/760/ > ----------------------------------------------------------- > > (Updated 2011-05-19 18:47:32) > > > Review request for shindig. > > > Summary > ------- > > Update the AuthenticationServletFilter: > 1. Make the auth realm configurable via property or override able protected > method. > 2. Sets the auth header from the right handler. Currently the code sets the > response's WWW-Authenticate header whenever an auth handler return null st. > So if the next handler return a security token, the response contains > WWW-Authenticate header from previous handler. This CR change the logic to > only add WWW-Authenticate header if token is not set or > InvalidAuthenticationException is thrown. > > > Diffs > ----- > > > trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java > 1125043 > > trunk/java/common/src/test/java/org/apache/shindig/auth/AuthenticationServletFilterTest.java > 1125043 > > Diff: https://reviews.apache.org/r/760/diff > > > Testing > ------- > > Update unit test for null st. > > > Thanks, > > Henry > >
