You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Ciancetta, Jesse E." <jc...@mitre.org> on 2011/11/01 15:20:56 UTC
RE: Accessing "protected" gadgets?
>-----Original Message-----
>From: Dennis Ju [mailto:dennis.ju@liferay.com]
>Sent: Monday, October 31, 2011 3:41 PM
>To: dev@shindig.apache.org
>Subject: Re: Accessing "protected" gadgets?
>
>Right you are.
>
>Here are the two threads I've found on the topic:
>
>http://www.mail-archive.com/dev@shindig.apache.org/msg02610.html
>http://www.mail-archive.com/dev@shindig.apache.org/msg02915.html
Yup -- those are the ones I was thinking of. Thanks for digging them up.
>Among the latest relevant discussion points is your (Jesse) previous post
>here <http://www.mail-
>archive.com/dev@shindig.apache.org/msg02995.html>.
>Has anybody successfully implemented running trusted and untrusted
>gadgets
>on separate domains?
We've implemented it as I described in the thread you referenced above and its worked out really well.
>It seems Maxwell Xandeco and Nuwan Bandara may have workable solutions
>(albeit only assuming trusted domains)?
Yeah -- there were a bunch of different ideas discussed in those threads. Let us know if you have any more specific questions.
>Thanks,
>Dennis
>
>On Mon, Oct 31, 2011 at 10:53 AM, Ciancetta, Jesse E.
><jc...@mitre.org>wrote:
>
>> >-----Original Message-----
>> >From: Dennis Ju [mailto:dennis.ju@liferay.com]
>> >Sent: Monday, October 31, 2011 1:33 PM
>> >To: dev@shindig.apache.org
>> >Subject: Accessing "protected" gadgets?
>> >
>> >Hello,
>> >
>> >Is there a way for Shindig to access a gadget XML who's URL requires
>> >authentication? We want to allow hosting private gadgets that require a
>> >user to be logged in and authorized to view the gadget. I would imagine
>> >that this has been a requirement for others using Shindig as well.
>>
>> Yeah -- this has definitely come up and been discussed on the mailing list
>> in the past. I don't recall if there was any resolution though -- have you
>> seen any of those discussions? Would you mind trying to dig them up in the
>> list archives and sending out some pointers to those discussions so we can
>> all review them?
>>
>> >Right now, the problem is that
>DefaultGadgetSpecFactory.getGadgetSpec()
>> >calls AbstractSpecFactory.fetchFromNetwork(), which in turn creates its
>> own
>> >HttpRequest object to retrieve the XML content.
>> >
>> >I'm thinking I'll need to use Guice to override getGadgetSpec() or
>> >fetchFromNetwork()? Or is there a better way to do this?
>> >
>> >Any help would be appreciated.
>> >
>> >Thx!
>> >Dennis
>>
>
>
>
>--
>
>*Italy Symposium*
>18 November 2011
>Register today: www.liferay.com/Italy2011
Re: Accessing "protected" gadgets?
Posted by Dan Dumont <dd...@us.ibm.com>.
You might try encoding the session id in the trustedjson section of the
security token.
The token makes it's way most of the way down to the Fetcher. Might be
less refactoring for you.
From: Dennis Ju <de...@liferay.com>
To: dev@shindig.apache.org,
Date: 11/07/2011 09:39 PM
Subject: Re: Accessing "protected" gadgets?
Hi guys,
So I've been trying to do a POC to pass my browser session to Shindig so
that I can copy the session cookies to the http request created by
Shindig.
However, I seem to be doing quite a lot of refactoring of code to pass my
session instance from the servlet down to the HttpFetcher.
Is there a more elegant solution that others have implemented? I'd like to
avoid so much refactoring for obvious maintenance concerns.
Thanks!
Dennis
On Tue, Nov 1, 2011 at 7:20 AM, Ciancetta, Jesse E. <jc...@mitre.org>
wrote:
> >-----Original Message-----
> >From: Dennis Ju [mailto:dennis.ju@liferay.com]
> >Sent: Monday, October 31, 2011 3:41 PM
> >To: dev@shindig.apache.org
> >Subject: Re: Accessing "protected" gadgets?
> >
> >Right you are.
> >
> >Here are the two threads I've found on the topic:
> >
> >http://www.mail-archive.com/dev@shindig.apache.org/msg02610.html
> >http://www.mail-archive.com/dev@shindig.apache.org/msg02915.html
>
> Yup -- those are the ones I was thinking of. Thanks for digging them
up.
>
> >Among the latest relevant discussion points is your (Jesse) previous
post
> >here <http://www.mail-
> >archive.com/dev@shindig.apache.org/msg02995.html>.
> >Has anybody successfully implemented running trusted and untrusted
> >gadgets
> >on separate domains?
>
> We've implemented it as I described in the thread you referenced above
and
> its worked out really well.
>
> >It seems Maxwell Xandeco and Nuwan Bandara may have workable solutions
> >(albeit only assuming trusted domains)?
>
> Yeah -- there were a bunch of different ideas discussed in those
threads.
> Let us know if you have any more specific questions.
>
> >Thanks,
> >Dennis
> >
> >On Mon, Oct 31, 2011 at 10:53 AM, Ciancetta, Jesse E.
> ><jc...@mitre.org>wrote:
> >
> >> >-----Original Message-----
> >> >From: Dennis Ju [mailto:dennis.ju@liferay.com]
> >> >Sent: Monday, October 31, 2011 1:33 PM
> >> >To: dev@shindig.apache.org
> >> >Subject: Accessing "protected" gadgets?
> >> >
> >> >Hello,
> >> >
> >> >Is there a way for Shindig to access a gadget XML who's URL requires
> >> >authentication? We want to allow hosting private gadgets that
require a
> >> >user to be logged in and authorized to view the gadget. I would
imagine
> >> >that this has been a requirement for others using Shindig as well.
> >>
> >> Yeah -- this has definitely come up and been discussed on the mailing
> list
> >> in the past. I don't recall if there was any resolution though --
have
> you
> >> seen any of those discussions? Would you mind trying to dig them up
in
> the
> >> list archives and sending out some pointers to those discussions so
we
> can
> >> all review them?
> >>
> >> >Right now, the problem is that
> >DefaultGadgetSpecFactory.getGadgetSpec()
> >> >calls AbstractSpecFactory.fetchFromNetwork(), which in turn creates
its
> >> own
> >> >HttpRequest object to retrieve the XML content.
> >> >
> >> >I'm thinking I'll need to use Guice to override getGadgetSpec() or
> >> >fetchFromNetwork()? Or is there a better way to do this?
> >> >
> >> >Any help would be appreciated.
> >> >
> >> >Thx!
> >> >Dennis
> >>
> >
> >
> >
> >--
> >
> >*Italy Symposium*
> >18 November 2011
> >Register today: www.liferay.com/Italy2011
>
--
*Italy Symposium*
18 November 2011
Register today: www.liferay.com/Italy2011
Re: Accessing "protected" gadgets?
Posted by Dennis Ju <de...@liferay.com>.
Hi guys,
So I've been trying to do a POC to pass my browser session to Shindig so
that I can copy the session cookies to the http request created by Shindig.
However, I seem to be doing quite a lot of refactoring of code to pass my
session instance from the servlet down to the HttpFetcher.
Is there a more elegant solution that others have implemented? I'd like to
avoid so much refactoring for obvious maintenance concerns.
Thanks!
Dennis
On Tue, Nov 1, 2011 at 7:20 AM, Ciancetta, Jesse E. <jc...@mitre.org> wrote:
> >-----Original Message-----
> >From: Dennis Ju [mailto:dennis.ju@liferay.com]
> >Sent: Monday, October 31, 2011 3:41 PM
> >To: dev@shindig.apache.org
> >Subject: Re: Accessing "protected" gadgets?
> >
> >Right you are.
> >
> >Here are the two threads I've found on the topic:
> >
> >http://www.mail-archive.com/dev@shindig.apache.org/msg02610.html
> >http://www.mail-archive.com/dev@shindig.apache.org/msg02915.html
>
> Yup -- those are the ones I was thinking of. Thanks for digging them up.
>
> >Among the latest relevant discussion points is your (Jesse) previous post
> >here <http://www.mail-
> >archive.com/dev@shindig.apache.org/msg02995.html>.
> >Has anybody successfully implemented running trusted and untrusted
> >gadgets
> >on separate domains?
>
> We've implemented it as I described in the thread you referenced above and
> its worked out really well.
>
> >It seems Maxwell Xandeco and Nuwan Bandara may have workable solutions
> >(albeit only assuming trusted domains)?
>
> Yeah -- there were a bunch of different ideas discussed in those threads.
> Let us know if you have any more specific questions.
>
> >Thanks,
> >Dennis
> >
> >On Mon, Oct 31, 2011 at 10:53 AM, Ciancetta, Jesse E.
> ><jc...@mitre.org>wrote:
> >
> >> >-----Original Message-----
> >> >From: Dennis Ju [mailto:dennis.ju@liferay.com]
> >> >Sent: Monday, October 31, 2011 1:33 PM
> >> >To: dev@shindig.apache.org
> >> >Subject: Accessing "protected" gadgets?
> >> >
> >> >Hello,
> >> >
> >> >Is there a way for Shindig to access a gadget XML who's URL requires
> >> >authentication? We want to allow hosting private gadgets that require a
> >> >user to be logged in and authorized to view the gadget. I would imagine
> >> >that this has been a requirement for others using Shindig as well.
> >>
> >> Yeah -- this has definitely come up and been discussed on the mailing
> list
> >> in the past. I don't recall if there was any resolution though -- have
> you
> >> seen any of those discussions? Would you mind trying to dig them up in
> the
> >> list archives and sending out some pointers to those discussions so we
> can
> >> all review them?
> >>
> >> >Right now, the problem is that
> >DefaultGadgetSpecFactory.getGadgetSpec()
> >> >calls AbstractSpecFactory.fetchFromNetwork(), which in turn creates its
> >> own
> >> >HttpRequest object to retrieve the XML content.
> >> >
> >> >I'm thinking I'll need to use Guice to override getGadgetSpec() or
> >> >fetchFromNetwork()? Or is there a better way to do this?
> >> >
> >> >Any help would be appreciated.
> >> >
> >> >Thx!
> >> >Dennis
> >>
> >
> >
> >
> >--
> >
> >*Italy Symposium*
> >18 November 2011
> >Register today: www.liferay.com/Italy2011
>
--
*Italy Symposium*
18 November 2011
Register today: www.liferay.com/Italy2011