Ya, I tried this with shindig trunk (and not my stuff). If you set
shindig.allowUnauthenticated=false
In shindig.properties and
"gadgets.securityTokenType" : "secure",
"gadgets.securityTokenKey" : "NotGonnaShowYouMyKey=",
In container.js
It blows up. I think this change needs to be reworked. You cannot encrypt
an Anonymous token. You probably were just setting allowUnauthenticated but
never really telling your container to use encrypted tokens.
The way I solved this was in AnonymousAuthenticationHandler.
public SecurityToken getSecurityTokenFromRequest(final
HttpServletRequest request) {
String uri = request.getRequestURI();
String method = request.getParameter("method");
if (allowUnauthenticated || (uri.endsWith("/rpc") && method != null
&& method.equals("system.listMethods"))) {
return new AnonymousSecurityToken();
}
return null;
}
Thanks,
doug
On 6/14/12 12:29 PM, "daviesd" <davi...@oclc.org> wrote:
> I'm a little bit confused on this. I'm trying it and I'm getting an exception
> (it could be because I provide my own BlobCrypterSecurityTokenCodec and maybe
> I have some work to do here).
>
> When DefaultServiceFetcher creates an AnonymousSecurityToken and then calls
> encodeToken, won't that throw an exception because encodeToken doesn't support
> AnonymousSecurityTokens?
>
> doug
>
>
> On 6/13/12 1:50 PM, "btlil...@gmail.com" <btlil...@gmail.com> wrote:
>
>> Updated patch to use Anonymous Security Token
>>
>> http://codereview.appspot.com/6306074/
>>
