You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by sc...@apache.org on 2014/03/04 14:17:30 UTC

svn commit: r1574093 - /wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/WidgetInstancesController.java

Author: scottbw
Date: Tue Mar  4 13:17:29 2014
New Revision: 1574093

URL: http://svn.apache.org/r1574093
Log:
When a request is made to get or create an instance, mint a new single-use token to return for the URL of the widget. See WOOKIE-426.

Modified:
    wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/WidgetInstancesController.java

Modified: wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/WidgetInstancesController.java
URL: http://svn.apache.org/viewvc/wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/WidgetInstancesController.java?rev=1574093&r1=1574092&r2=1574093&view=diff
==============================================================================
--- wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/WidgetInstancesController.java (original)
+++ wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/WidgetInstancesController.java Tue Mar  4 13:17:29 2014
@@ -87,11 +87,18 @@ public class WidgetInstancesController e
 			//
 			String apiKey = request.getParameter("api_key");
 			if (!authToken.getApiKey().equals(apiKey)) throw new UnauthorizedAccessException();
-
+			
+			
+			//
+			// When this API is called, we create a new single-use token to return in the URL. 
+			// When the widget is rendered it will request a new standard token via AJAX.
+			//
+			AuthToken newToken = AuthToken.SINGLE_USE_TOKEN(authToken);
+			
 			checkProxy(request);
 			String url;
 			try {
-				url = getUrl(request, authToken);
+				url = getUrl(request, newToken);
 			} catch (Exception e1) {
 				throw new IOException(e1);
 			}
@@ -100,7 +107,7 @@ public class WidgetInstancesController e
 			// If the widget was replaced by the not supported widget, return
 			// 404. Otherwise return 200.
 			//
-			if (authToken.getWidgetId().equals("http://notsupported")){
+			if (newToken.getWidgetId().equals("http://notsupported")){
 				response.setStatus(HttpServletResponse.SC_NOT_FOUND);
 			} else {
 				response.setStatus(HttpServletResponse.SC_OK);
@@ -124,9 +131,9 @@ public class WidgetInstancesController e
 			//			
 			try {
 				switch(format(request)){
-				case XML: returnXml(WidgetInstanceHelper.createXMLWidgetInstanceDocument(authToken, url, useDefaultSizes), response); break;
-				case JSON: returnJson(WidgetInstanceHelper.toJson(authToken, url, useDefaultSizes), response); break;
-				default: returnXml(WidgetInstanceHelper.createXMLWidgetInstanceDocument(authToken, url, useDefaultSizes), response); break;
+				case XML: returnXml(WidgetInstanceHelper.createXMLWidgetInstanceDocument(newToken, url, useDefaultSizes), response); break;
+				case JSON: returnJson(WidgetInstanceHelper.toJson(newToken, url, useDefaultSizes), response); break;
+				default: returnXml(WidgetInstanceHelper.createXMLWidgetInstanceDocument(newToken, url, useDefaultSizes), response); break;
 				}
 			} catch (Exception e) {
 				response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);