You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by sc...@apache.org on 2014/03/04 14:17:30 UTC
svn commit: r1574093 -
/wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/WidgetInstancesController.java
Author: scottbw
Date: Tue Mar 4 13:17:29 2014
New Revision: 1574093
URL: http://svn.apache.org/r1574093
Log:
When a request is made to get or create an instance, mint a new single-use token to return for the URL of the widget. See WOOKIE-426.
Modified:
wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/WidgetInstancesController.java
Modified: wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/WidgetInstancesController.java
URL: http://svn.apache.org/viewvc/wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/WidgetInstancesController.java?rev=1574093&r1=1574092&r2=1574093&view=diff
==============================================================================
--- wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/WidgetInstancesController.java (original)
+++ wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/WidgetInstancesController.java Tue Mar 4 13:17:29 2014
@@ -87,11 +87,18 @@ public class WidgetInstancesController e
//
String apiKey = request.getParameter("api_key");
if (!authToken.getApiKey().equals(apiKey)) throw new UnauthorizedAccessException();
-
+
+
+ //
+ // When this API is called, we create a new single-use token to return in the URL.
+ // When the widget is rendered it will request a new standard token via AJAX.
+ //
+ AuthToken newToken = AuthToken.SINGLE_USE_TOKEN(authToken);
+
checkProxy(request);
String url;
try {
- url = getUrl(request, authToken);
+ url = getUrl(request, newToken);
} catch (Exception e1) {
throw new IOException(e1);
}
@@ -100,7 +107,7 @@ public class WidgetInstancesController e
// If the widget was replaced by the not supported widget, return
// 404. Otherwise return 200.
//
- if (authToken.getWidgetId().equals("http://notsupported")){
+ if (newToken.getWidgetId().equals("http://notsupported")){
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
} else {
response.setStatus(HttpServletResponse.SC_OK);
@@ -124,9 +131,9 @@ public class WidgetInstancesController e
//
try {
switch(format(request)){
- case XML: returnXml(WidgetInstanceHelper.createXMLWidgetInstanceDocument(authToken, url, useDefaultSizes), response); break;
- case JSON: returnJson(WidgetInstanceHelper.toJson(authToken, url, useDefaultSizes), response); break;
- default: returnXml(WidgetInstanceHelper.createXMLWidgetInstanceDocument(authToken, url, useDefaultSizes), response); break;
+ case XML: returnXml(WidgetInstanceHelper.createXMLWidgetInstanceDocument(newToken, url, useDefaultSizes), response); break;
+ case JSON: returnJson(WidgetInstanceHelper.toJson(newToken, url, useDefaultSizes), response); break;
+ default: returnXml(WidgetInstanceHelper.createXMLWidgetInstanceDocument(newToken, url, useDefaultSizes), response); break;
}
} catch (Exception e) {
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);