Author: doll
Date: Wed Jul 9 09:33:21 2008
New Revision: 675251
URL: http://svn.apache.org/viewvc?rev=675251&view=rev
Log:
SHINDIG-434
Patch by Adam Winer. The BasicSecurityTokenDecoder now throws a better
exception for malformed tokens.
Modified:
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
Modified:
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java?rev=675251&r1=675250&r2=675251&view=diff
==============================================================================
---
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
(original)
+++
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
Wed Jul 9 09:33:21 2008
@@ -39,6 +39,7 @@
private static final int CONTAINER_INDEX = 3;
private static final int APP_URL_INDEX = 4;
private static final int MODULE_ID_INDEX = 5;
+ private static final int TOKEN_COUNT = MODULE_ID_INDEX + 1;
/**
* [EMAIL PROTECTED]
@@ -55,6 +56,10 @@
try {
String[] tokens = token.split(":");
+ if (tokens.length != TOKEN_COUNT) {
+ throw new SecurityTokenException("Malformed security token");
+ }
+
return new BasicSecurityToken(
URLDecoder.decode(tokens[OWNER_INDEX], "UTF-8"),
URLDecoder.decode(tokens[VIEWER_INDEX], "UTF-8"),
