You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by li...@inuus.com on 2010/05/21 22:12:13 UTC

Add security token to the iframe if it's defined in the context (issue1240043)

Reviewers: shindig.remailer_gmail.com,

Message:
here's a first step towards allowing security tokens to be added to the
iframe factory.




Please review this at http://codereview.appspot.com/1240043/show

Affected files:
   M  
java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java


Index:  
java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
diff --git  
a/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java  
b/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
index  
8c693199e0d395c9a4d7dd26a4dedbad431caf60..f4e15cb14362832c86e12d04e5b4b3e3de790ba9  
100644
---  
a/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
+++  
b/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
@@ -23,6 +23,9 @@ import com.google.inject.ImplementedBy;
  import com.google.inject.Inject;
  import com.google.inject.name.Named;

+import org.apache.commons.lang.StringUtils;
+import org.apache.shindig.auth.SecurityTokenDecoder;
+import org.apache.shindig.auth.SecurityTokenException;
  import org.apache.shindig.common.uri.Uri;
  import org.apache.shindig.common.uri.UriBuilder;
  import org.apache.shindig.config.ContainerConfig;
@@ -53,13 +56,19 @@ public class DefaultIframeUriManager implements  
IframeUriManager {

    private final ContainerConfig config;
    private final LockedDomainPrefixGenerator ldGen;
+  private final SecurityTokenDecoder securityTokenDecoder;
+
    private final List<String> ldSuffixes;
-
+
    @Inject
    public DefaultIframeUriManager(ContainerConfig config,
-                                 LockedDomainPrefixGenerator ldGen) {
+                                 LockedDomainPrefixGenerator ldGen,
+                                 SecurityTokenDecoder  
securityTokenDecoder) {
      this.config = config;
      this.ldGen = ldGen;
+    this.securityTokenDecoder = securityTokenDecoder;
+
+    // TODO this doesn't scale to large numbers of containers
      Collection<String> containers = config.getContainers();
      List<String> ldSuffixes =  
Lists.newArrayListWithCapacity(containers.size());
      for (String container : containers) {
@@ -141,7 +150,19 @@ public class DefaultIframeUriManager implements  
IframeUriManager {
        boolean upInFragment = !view.needsUserPrefSubstitution();
        addParam(uri, UriCommon.USER_PREF_PREFIX + up.getName(), data,  
useTpl, upInFragment);
      }
-
+
+    // Inject a security token if set in the context
+    try {
+      if (securityTokenDecoder != null && context.getToken() != null) {
+        String tokenVal =  
securityTokenDecoder.encodeToken(context.getToken());
+        if (StringUtils.isNotEmpty(tokenVal)) {
+          uri.addQueryParameter("st", tokenVal);
+        }
+      }
+    } catch (SecurityTokenException e) {
+      // ignore -- no security token
+    }
+
      if (versioner != null) {
        // Added on the query string, obviously not templated.
        addParam(uri, Param.VERSION.getKey(),