You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by li...@inuus.com on 2010/05/21 22:12:13 UTC
Add security token to the iframe if it's defined in the context
(issue1240043)
Reviewers: shindig.remailer_gmail.com,
Message:
here's a first step towards allowing security tokens to be added to the
iframe factory.
Please review this at http://codereview.appspot.com/1240043/show
Affected files:
M
java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
Index:
java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
diff --git
a/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
b/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
index
8c693199e0d395c9a4d7dd26a4dedbad431caf60..f4e15cb14362832c86e12d04e5b4b3e3de790ba9
100644
---
a/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
+++
b/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
@@ -23,6 +23,9 @@ import com.google.inject.ImplementedBy;
import com.google.inject.Inject;
import com.google.inject.name.Named;
+import org.apache.commons.lang.StringUtils;
+import org.apache.shindig.auth.SecurityTokenDecoder;
+import org.apache.shindig.auth.SecurityTokenException;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.uri.UriBuilder;
import org.apache.shindig.config.ContainerConfig;
@@ -53,13 +56,19 @@ public class DefaultIframeUriManager implements
IframeUriManager {
private final ContainerConfig config;
private final LockedDomainPrefixGenerator ldGen;
+ private final SecurityTokenDecoder securityTokenDecoder;
+
private final List<String> ldSuffixes;
-
+
@Inject
public DefaultIframeUriManager(ContainerConfig config,
- LockedDomainPrefixGenerator ldGen) {
+ LockedDomainPrefixGenerator ldGen,
+ SecurityTokenDecoder
securityTokenDecoder) {
this.config = config;
this.ldGen = ldGen;
+ this.securityTokenDecoder = securityTokenDecoder;
+
+ // TODO this doesn't scale to large numbers of containers
Collection<String> containers = config.getContainers();
List<String> ldSuffixes =
Lists.newArrayListWithCapacity(containers.size());
for (String container : containers) {
@@ -141,7 +150,19 @@ public class DefaultIframeUriManager implements
IframeUriManager {
boolean upInFragment = !view.needsUserPrefSubstitution();
addParam(uri, UriCommon.USER_PREF_PREFIX + up.getName(), data,
useTpl, upInFragment);
}
-
+
+ // Inject a security token if set in the context
+ try {
+ if (securityTokenDecoder != null && context.getToken() != null) {
+ String tokenVal =
securityTokenDecoder.encodeToken(context.getToken());
+ if (StringUtils.isNotEmpty(tokenVal)) {
+ uri.addQueryParameter("st", tokenVal);
+ }
+ }
+ } catch (SecurityTokenException e) {
+ // ignore -- no security token
+ }
+
if (versioner != null) {
// Added on the query string, obviously not templated.
addParam(uri, Param.VERSION.getKey(),