----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/6906/#review11024 -----------------------------------------------------------
Nice! This change was actually smaller than I had expected :) http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AbstractSecurityToken.java <https://reviews.apache.org/r/6906/#comment23651> I don't know that we want to recommend that others override this method. Ideally, this method will go away in the future as the codec takes over more of this. There are places in the metadata request chain where all we have is the codec and we can't get the token specific values... For tokens that are purely internal, like OAuth tokens, it may be fine to override... but in general, I think we're saying that the codecs will control ttl based on container config now... If you want to monkey with that, do it in a codec. http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BasicSecurityTokenCodec.java <https://reviews.apache.org/r/6906/#comment23646> Is this an instance of a double positive making a negative? :) http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/SecurityTokenCodec.java <https://reviews.apache.org/r/6906/#comment23648> Can we change the comment here now that it pretty much only returns the default TTL for whatever subclass of SecurityToken it is. Maybe a note about the container param method being the primary means of acquiring the value for any real use, which has a fallback to this one. - Dan Dumont On Sept. 4, 2012, 5:21 p.m., Stanton Sievers wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/6906/ > ----------------------------------------------------------- > > (Updated Sept. 4, 2012, 5:21 p.m.) > > > Review request for shindig and Dan Dumont. > > > Description > ------- > > Today the gadget security token TTL is not configurable. It is hard-coded to > one hour. This patch makes the token ttl configurable via the container.js. > > > This addresses bug SHINDIG-1859. > https://issues.apache.org/jira/browse/SHINDIG-1859 > > > Diffs > ----- > > > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AbstractSecurityToken.java > 1380742 > > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BasicSecurityTokenCodec.java > 1380742 > > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java > 1380742 > > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/DefaultSecurityTokenCodec.java > 1380742 > > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/SecurityTokenCodec.java > 1380742 > > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BasicSecurityTokenCodecTest.java > 1380742 > > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java > 1380742 > > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/UrlParameterAuthenticationHandlerTest.java > 1380742 > > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/testing/FakeGadgetToken.java > 1380742 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerService.java > 1380742 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerServiceTest.java > 1380742 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerTest.java > 1380742 > > Diff: https://reviews.apache.org/r/6906/diff/ > > > Testing > ------- > > Updated existing unit tests. Configured TTL to be 5 minutes and verified > that the sample common container page was properly refreshing the tokens. > > > Thanks, > > Stanton Sievers > >
