You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by ss...@apache.org on 2012/05/08 21:31:10 UTC
svn commit: r1335707 - in /shindig/trunk:
features/src/main/javascript/features/core.io/
features/src/test/javascript/features/core.io/
java/common/src/main/java/org/apache/shindig/auth/
java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/
Author: ssievers
Date: Tue May 8 19:31:10 2012
New Revision: 1335707
URL: http://svn.apache.org/viewvc?rev=1335707&view=rev
Log:
SHINDIG-1768 | Add shindig security token to makeRequest header | Patch from Brian Lillie. Thanks!
Modified:
shindig/trunk/features/src/main/javascript/features/core.io/io.js
shindig/trunk/features/src/test/javascript/features/core.io/iotest.js
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
Modified: shindig/trunk/features/src/main/javascript/features/core.io/io.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/core.io/io.js?rev=1335707&r1=1335706&r2=1335707&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/core.io/io.js (original)
+++ shindig/trunk/features/src/main/javascript/features/core.io/io.js Tue May 8 19:31:10 2012
@@ -257,22 +257,25 @@ gadgets.io = function() {
xhr.onreadystatechange = gadgets.util.makeClosure(
null, processResponseFunction, realUrl, callback, params, xhr);
}
+
+ if (typeof opt_headers === 'string') {
+ // This turned out to come directly from a public API, so we need to
+ // keep compatibility...
+ contentType = opt_headers;
+ opt_headers = {};
+ }
+ var headers = opt_headers || {};
+
if (paramData !== null) {
var contentTypeHeader = 'Content-Type';
var contentType = 'application/x-www-form-urlencoded';
- if (typeof opt_headers === 'string') {
- // This turned out to come directly from a public API, so we need to
- // keep compatibility...
- contentType = opt_headers;
- opt_headers = {};
- }
- var headers = opt_headers || {};
if (!headers[contentTypeHeader]) headers[contentTypeHeader] = contentType;
+ }
- for (var headerName in headers) {
- xhr.setRequestHeader(headerName, headers[headerName]);
- }
+ for (var headerName in headers) {
+ xhr.setRequestHeader(headerName, headers[headerName]);
}
+
xhr.send(paramData);
}
@@ -424,6 +427,10 @@ gadgets.io = function() {
}
}
+ var opt_headers = {
+ 'X-Shindig-ST' : shindig.auth.getSecurityToken()
+ };
+
var proxyUrl = config['jsonProxyUrl'].replace('%host%', document.location.host);
// FIXME -- processResponse is not used in call
@@ -435,12 +442,12 @@ gadgets.io = function() {
if (httpMethod === 'GET' && !paramData['authz']) {
var extraparams = '?' + gadgets.io.encodeValues(paramData);
makeXhrRequest(url, proxyUrl + extraparams, callback,
- null, 'GET', params, processResponse);
+ null, 'GET', params, processResponse, opt_headers);
} else {
var extraparams = gadgets.io.encodeValues(paramData);
makeXhrRequest(url, proxyUrl, callback,
extraparams, 'POST', params,
- processResponse);
+ processResponse, opt_headers);
}
}
},
Modified: shindig/trunk/features/src/test/javascript/features/core.io/iotest.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/test/javascript/features/core.io/iotest.js?rev=1335707&r1=1335706&r2=1335707&view=diff
==============================================================================
--- shindig/trunk/features/src/test/javascript/features/core.io/iotest.js (original)
+++ shindig/trunk/features/src/test/javascript/features/core.io/iotest.js Tue May 8 19:31:10 2012
@@ -128,6 +128,7 @@ IoTest.prototype.setStandardArgs = funct
this.setArg(req, inBody, "numEntries", "3");
this.setArg(req, inBody, "postData", "");
this.setArg(req, inBody, "httpMethod", "GET");
+ req.setHeader( 'X-Shindig-ST', shindig.auth.getSecurityToken() );
};
IoTest.prototype.makeFakeResponse = function(text, rc) {
Modified: shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java?rev=1335707&r1=1335706&r2=1335707&view=diff
==============================================================================
--- shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java (original)
+++ shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java Tue May 8 19:31:10 2012
@@ -20,8 +20,11 @@ package org.apache.shindig.auth;
import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.google.inject.name.Named;
+
import net.oauth.OAuth;
+import org.apache.commons.lang3.StringUtils;
+
import java.util.Enumeration;
import java.util.Map;
import java.util.regex.Matcher;
@@ -103,6 +106,14 @@ public class UrlParameterAuthenticationH
}
}
+ // no token yet, see if it was attached as a header
+ if (StringUtils.isEmpty(token)) {
+ String t = request.getHeader( "X-Shindig-ST" );
+ if (StringUtils.isNotBlank(t)) {
+ token = t;
+ }
+ }
+
params.put(SecurityTokenCodec.SECURITY_TOKEN_NAME, token);
params.put(SecurityTokenCodec.ACTIVE_URL_NAME, getActiveUrl(request));
return params;
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java?rev=1335707&r1=1335706&r2=1335707&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java Tue May 8 19:31:10 2012
@@ -211,7 +211,7 @@ public class MakeRequestHandler implemen
+ Param.URL.getKey() + " parameter", HttpResponse.SC_BAD_REQUEST);
}
- SecurityToken token = AuthInfoUtil.getSecurityTokenFromRequest(request);
+ final SecurityToken token = AuthInfoUtil.getSecurityTokenFromRequest(request);
String container = null;
Uri gadgetUri = null;
if ("1".equals(getParameter(request, MULTI_PART_FORM_POST, null))) {
@@ -291,13 +291,15 @@ public class MakeRequestHandler implemen
AuthType auth = AuthType.parse(getParameter(request, AUTHZ_PARAM, null));
req.setAuthType(auth);
if (auth != AuthType.NONE) {
+ req.setSecurityToken(extractAndValidateToken(request));
if (auth == AuthType.OAUTH2) {
- req.setSecurityToken(extractAndValidateToken(request));
req.setOAuth2Arguments(new OAuth2Arguments(request));
} else {
- req.setSecurityToken(extractAndValidateToken(request));
req.setOAuthArguments(new OAuthArguments(auth, request));
}
+ } else {
+ // if not authenticated, set the token that we received
+ req.setSecurityToken(token);
}
ServletUtil.setXForwardedForHeader(request, req);