You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by et...@apache.org on 2008/08/22 21:25:54 UTC
svn commit: r688178 - in /incubator/shindig/trunk: features/core.io/
java/gadgets/src/main/java/org/apache/shindig/gadgets/
java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/
java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/
Author: etnu
Date: Fri Aug 22 12:25:53 2008
New Revision: 688178
URL: http://svn.apache.org/viewvc?rev=688178&view=rev
Log:
Began migrating SecurityToken passing to HttpRequest, as well as including request context information (Gadget + container) in all requests. The objective here is to unify the parameters passed through HttpFetchers so that uniform logging, monitoring, and policy enforcement can be achieved.
The "gadget" and "container" fields are duplicated in secure contexts (that is, contexts where a SecurityToken is present), but since we can't guarantee their integrity anyway we should treat them as different.
Still missing:
- Rewriters only pass gadget url, not container. This makes it impossible to support per-container defualt rewriting rules at present.
- No context is passed for manifest (gadget spec / message bundle) retrieval. This is probably not important as these files are generally shared between containers anyway. For privilaged gadget access, a custom GadgetSpecFactory can still be implemented.
- It's not possible to test that the token, gadget url, and container are passed in these requests at present. Significant test refactoring will be necessary to achieve that.
Next step:
- Remove security token passing for signed fetch / oauth. We may just punt on this one as Brian Eaton's work to unify signed fetch and oauth fetch is forthcoming.
Modified:
incubator/shindig/trunk/features/core.io/io.js
incubator/shindig/trunk/features/core.io/iotest.js
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetServer.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java
Modified: incubator/shindig/trunk/features/core.io/io.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core.io/io.js?rev=688178&r1=688177&r2=688178&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core.io/io.js (original)
+++ incubator/shindig/trunk/features/core.io/io.js Fri Aug 22 12:25:53 2008
@@ -304,6 +304,8 @@
headers["Content-Type"] = "application/x-www-form-urlencoded";
}
+ var urlParams = gadgets.util.getUrlParameters();
+
var paramData = {
url: url,
httpMethod : httpMethod,
@@ -316,8 +318,8 @@
getSummaries : !!params.GET_SUMMARIES,
signOwner : signOwner || "true",
signViewer : signViewer || "true",
- gadget : gadgets.util.getUrlParameters().url,
-
+ gadget : urlParams.url,
+ container : urlParams.container || urlParams.synd || "default",
// should we bypass gadget spec cache (e.g. to read OAuth provider URLs)
bypassSpecCache : gadgets.util.getUrlParameters().nocache || ""
};
Modified: incubator/shindig/trunk/features/core.io/iotest.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core.io/iotest.js?rev=688178&r1=688177&r2=688178&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core.io/iotest.js (original)
+++ incubator/shindig/trunk/features/core.io/iotest.js Fri Aug 22 12:25:53 2008
@@ -26,7 +26,7 @@
IoTest.prototype.setUp = function() {
this.oldGetUrlParameters = gadgets.util.getUrlParameters;
gadgets.util.getUrlParameters = function() {
- return { "st" : "authtoken", "url" : "http://www.gadget.com/gadget.xml" };
+ return { "st" : "authtoken", "url" : "http://www.gadget.com/gadget.xml", "container" : "foo" };
};
if (!shindig.auth) {
shindig.auth = new shindig.Auth();
@@ -96,6 +96,7 @@
this.setArg(req, inBody, "signOwner", "true");
this.setArg(req, inBody, "getSummaries", "false");
this.setArg(req, inBody, "gadget", "http://www.gadget.com/gadget.xml");
+ this.setArg(req, inBody, "container", "foo");
this.setArg(req, inBody, "headers", "");
this.setArg(req, inBody, "numEntries", "3");
this.setArg(req, inBody, "postData", "");
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetServer.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetServer.java?rev=688178&r1=688177&r2=688178&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetServer.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetServer.java Fri Aug 22 12:25:53 2008
@@ -177,10 +177,13 @@
private final GadgetContext context;
public HttpResponse call() {
- HttpRequest request = new HttpRequest(Uri.fromJavaUri(preload.getHref()))
- .setSignOwner(preload.isSignOwner())
- .setSignViewer(preload.isSignViewer());
try {
+ HttpRequest request = new HttpRequest(Uri.fromJavaUri(preload.getHref()))
+ .setSignOwner(preload.isSignOwner())
+ .setSignViewer(preload.isSignViewer())
+ .setContainer(context.getContainer())
+ .setSecurityToken(context.getToken())
+ .setGadget(Uri.fromJavaUri(context.getUrl()));
switch (preload.getAuth()) {
case NONE:
return preloadFetcherFactory.get().fetch(request);
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java?rev=688178&r1=688177&r2=688178&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java Fri Aug 22 12:25:53 2008
@@ -97,6 +97,8 @@
authToken = extractAndValidateToken(request);
}
+ rcr.setSecurityToken(authToken);
+
// Build the chain of fetchers that will handle the request
HttpFetcher fetcher = getHttpFetcher(auth, authToken, request);
@@ -132,7 +134,8 @@
HttpRequest req = new HttpRequest(url)
.setMethod(getParameter(request, METHOD_PARAM, "GET"))
- .setPostBody(getParameter(request, POST_DATA_PARAM, "").getBytes());
+ .setPostBody(getParameter(request, POST_DATA_PARAM, "").getBytes())
+ .setContainer(getContainer(request));
String headerData = getParameter(request, HEADERS_PARAM, "");
if (headerData.length() > 0) {
@@ -197,8 +200,10 @@
case NONE:
return contentFetcherFactory.get();
case SIGNED:
+ // TODO: Remove token from signature and use what's on the request object instead.
return contentFetcherFactory.getSigningFetcher(token);
case OAUTH:
+ // TODO: Remove token from signature, return what's on the request object.
return contentFetcherFactory.getOAuthFetcher(token, new OAuthArguments(request));
default:
return contentFetcherFactory.get();
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java?rev=688178&r1=688177&r2=688178&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java Fri Aug 22 12:25:53 2008
@@ -18,6 +18,7 @@
*/
package org.apache.shindig.gadgets.servlet;
+import org.apache.shindig.common.ContainerConfig;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.uri.UriBuilder;
import org.apache.shindig.gadgets.GadgetException;
@@ -34,6 +35,9 @@
public static final String URL_PARAM = "url";
public static final String REFRESH_PARAM = "refresh";
public static final String GADGET_PARAM = "gadget";
+ public static final String CONTAINER_PARAM = "container";
+ // Old form container name, retained for legacy compatibility.
+ public static final String SYND_PARAM = "synd";
// Public because of rewriter. Rewriter should be cleaned up.
public static final String REWRITE_MIME_TYPE_PARAM = "rewriteMime";
@@ -80,6 +84,17 @@
}
/**
+ * Extracts the container name from the request.
+ */
+ protected String getContainer(HttpServletRequest request) {
+ String container = getParameter(request, CONTAINER_PARAM, null);
+ if (container == null) {
+ container = getParameter(request, SYND_PARAM, ContainerConfig.DEFAULT_CONTAINER);
+ }
+ return container;
+ }
+
+ /**
* Sets cache control headers for the response.
*/
protected void setResponseHeaders(HttpServletRequest request,
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java?rev=688178&r1=688177&r2=688178&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java Fri Aug 22 12:25:53 2008
@@ -74,6 +74,7 @@
HttpRequest req = new HttpRequest(url);
+ req.setContainer(getContainer(request));
if (request.getParameter(GADGET_PARAM) != null) {
req.setGadget(Uri.parse(request.getParameter(GADGET_PARAM)));
}
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java?rev=688178&r1=688177&r2=688178&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java Fri Aug 22 12:25:53 2008
@@ -19,6 +19,7 @@
package org.apache.shindig.gadgets.servlet;
import com.google.common.collect.Maps;
+import org.apache.shindig.common.ContainerConfig;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.HttpResponse;
@@ -185,4 +186,27 @@
assertEquals("not foo", proxy.getParameter(request, "foo", "not foo"));
}
+
+ public void testGetContainerWithContainer() {
+ expect(request.getParameter(ProxyBase.CONTAINER_PARAM)).andReturn("bar");
+ replay();
+
+ assertEquals("bar", proxy.getContainer(request));
+ }
+
+ public void testGetContainerWithSynd() {
+ expect(request.getParameter(ProxyBase.CONTAINER_PARAM)).andReturn(null);
+ expect(request.getParameter(ProxyBase.SYND_PARAM)).andReturn("syndtainer");
+ replay();
+
+ assertEquals("syndtainer", proxy.getContainer(request));
+ }
+
+ public void testGetContainerNoParam() {
+ expect(request.getParameter(ProxyBase.CONTAINER_PARAM)).andReturn(null);
+ expect(request.getParameter(ProxyBase.SYND_PARAM)).andReturn(null);
+ replay();
+
+ assertEquals(ContainerConfig.DEFAULT_CONTAINER, proxy.getContainer(request));
+ }
}