Re: Review Request: Please make the decrypt method in BlobCrypterSecurityToken public so it can be used from external callers.

2011-08-03 Thread Ryan Baxter
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/1278/#review1281 --- Is there a reason why you can't use BlobCrypterSecurityTokenCodec as t

Bug In RPC Code

2011-08-03 Thread Ryan J Baxter
I think I found a bug which was introduced by a recent change to how we create gadget site ids. Looks like it was these changes https://reviews.apache.org/r/1011/#. The change in the code above changed how we generate site ids. We used to increment a counter every time a new site is created.

Re: svn commit: r1153684 - /shindig/trunk/config/container.js

2011-08-03 Thread Henry Saputra
Thanks John, was wondering why it was change to scheme specific. - Henry On Wed, Aug 3, 2011 at 2:57 PM, wrote: > Author: johnh > Date: Wed Aug  3 21:57:00 2011 > New Revision: 1153684 > > URL: http://svn.apache.org/viewvc?rev=1153684&view=rev > Log: > Back to schema-relative JS host. > > > Mod

Re: Allow Unauthenticated

2011-08-03 Thread Henry Saputra
Ah yes, looks like issue SHINDIG-1454 =( I was trying it with REST call, sorry. However as issue SHINDIG-1455 mentioned, turning off Anonymous ST will make osapi libs do not load properly. - Henry 2011/8/3 daviesd : > Hmmm... good observation. However, I switched them around, still no > success.

Re: Allow Unauthenticated

2011-08-03 Thread daviesd
Hmmm... good observation. However, I switched them around, still no success... I wonder if this has to do with https://issues.apache.org/jira/browse/SHINDIG-1454 and https://issues.apache.org/jira/browse/SHINDIG-1455 doug On 8/3/11 4:34 PM, "Henry Saputra" wrote: > Its happening in the code.

Re: Allow Unauthenticated

2011-08-03 Thread Henry Saputra
Its happening in the code. See SocialApiGuiceModule class: public class SocialApiGuiceModule extends AbstractModule { /** {@inheritDoc} */ @Override protected void configure() { bind(ParameterFetcher.class).annotatedWith(Names.named("DataServiceServlet")) .to(DataServiceServlet

Allow Unauthenticated

2011-08-03 Thread daviesd
I¹m trying to figure out how to prohibit rpc calls (gadgets.metadata, etc.) from being made unless shindig.auth.updateSecurityToken has been called. If I enable secure tokens and I set the token to something in clear text, it denies the rpc requests as it should. Providing the encrypted token the

Review Request: Please make the decrypt method in BlobCrypterSecurityToken public so it can be used from external callers.

2011-08-03 Thread Jesse Ciancetta
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/1278/ --- Review request for shindig. Summary --- Please make the decrypt method in B