You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by ss...@apache.org on 2012/05/08 21:31:10 UTC

svn commit: r1335707 - in /shindig/trunk: features/src/main/javascript/features/core.io/ features/src/test/javascript/features/core.io/ java/common/src/main/java/org/apache/shindig/auth/ java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/

Author: ssievers
Date: Tue May  8 19:31:10 2012
New Revision: 1335707

URL: http://svn.apache.org/viewvc?rev=1335707&view=rev
Log:
SHINDIG-1768 | Add shindig security token to makeRequest header | Patch from Brian Lillie.  Thanks!

Modified:
    shindig/trunk/features/src/main/javascript/features/core.io/io.js
    shindig/trunk/features/src/test/javascript/features/core.io/iotest.js
    shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
    shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java

Modified: shindig/trunk/features/src/main/javascript/features/core.io/io.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/core.io/io.js?rev=1335707&r1=1335706&r2=1335707&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/core.io/io.js (original)
+++ shindig/trunk/features/src/main/javascript/features/core.io/io.js Tue May  8 19:31:10 2012
@@ -257,22 +257,25 @@ gadgets.io = function() {
       xhr.onreadystatechange = gadgets.util.makeClosure(
           null, processResponseFunction, realUrl, callback, params, xhr);
     }
+
+    if (typeof opt_headers === 'string') {
+      // This turned out to come directly from a public API, so we need to
+      // keep compatibility...
+      contentType = opt_headers;
+      opt_headers = {};
+    }
+    var headers = opt_headers || {};
+
     if (paramData !== null) {
       var contentTypeHeader = 'Content-Type';
       var contentType = 'application/x-www-form-urlencoded';
-      if (typeof opt_headers === 'string') {
-        // This turned out to come directly from a public API, so we need to
-        // keep compatibility...
-        contentType = opt_headers;
-        opt_headers = {};
-      }
-      var headers = opt_headers || {};
       if (!headers[contentTypeHeader]) headers[contentTypeHeader] = contentType;
+    }
 
-      for (var headerName in headers) {
-        xhr.setRequestHeader(headerName, headers[headerName]);
-      }
+    for (var headerName in headers) {
+      xhr.setRequestHeader(headerName, headers[headerName]);
     }
+
     xhr.send(paramData);
   }
 
@@ -424,6 +427,10 @@ gadgets.io = function() {
         }
       }
 
+      var opt_headers = {
+        'X-Shindig-ST' : shindig.auth.getSecurityToken()
+      };
+
       var proxyUrl = config['jsonProxyUrl'].replace('%host%', document.location.host);
 
       // FIXME -- processResponse is not used in call
@@ -435,12 +442,12 @@ gadgets.io = function() {
         if (httpMethod === 'GET' && !paramData['authz']) {
           var extraparams = '?' + gadgets.io.encodeValues(paramData);
           makeXhrRequest(url, proxyUrl + extraparams, callback,
-              null, 'GET', params, processResponse);
+              null, 'GET', params, processResponse, opt_headers);
         } else {
           var extraparams = gadgets.io.encodeValues(paramData);
           makeXhrRequest(url, proxyUrl, callback,
               extraparams, 'POST', params,
-              processResponse);
+              processResponse, opt_headers);
         }
       }
     },

Modified: shindig/trunk/features/src/test/javascript/features/core.io/iotest.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/test/javascript/features/core.io/iotest.js?rev=1335707&r1=1335706&r2=1335707&view=diff
==============================================================================
--- shindig/trunk/features/src/test/javascript/features/core.io/iotest.js (original)
+++ shindig/trunk/features/src/test/javascript/features/core.io/iotest.js Tue May  8 19:31:10 2012
@@ -128,6 +128,7 @@ IoTest.prototype.setStandardArgs = funct
   this.setArg(req, inBody, "numEntries", "3");
   this.setArg(req, inBody, "postData", "");
   this.setArg(req, inBody, "httpMethod", "GET");
+  req.setHeader( 'X-Shindig-ST', shindig.auth.getSecurityToken() );
 };
 
 IoTest.prototype.makeFakeResponse = function(text, rc) {

Modified: shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java?rev=1335707&r1=1335706&r2=1335707&view=diff
==============================================================================
--- shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java (original)
+++ shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java Tue May  8 19:31:10 2012
@@ -20,8 +20,11 @@ package org.apache.shindig.auth;
 import com.google.common.collect.Maps;
 import com.google.inject.Inject;
 import com.google.inject.name.Named;
+
 import net.oauth.OAuth;
 
+import org.apache.commons.lang3.StringUtils;
+
 import java.util.Enumeration;
 import java.util.Map;
 import java.util.regex.Matcher;
@@ -103,6 +106,14 @@ public class UrlParameterAuthenticationH
       }
     }
 
+    // no token yet, see if it was attached as a header
+    if (StringUtils.isEmpty(token)) {
+      String t = request.getHeader( "X-Shindig-ST" );
+      if (StringUtils.isNotBlank(t)) {
+        token = t;
+      }
+    }
+
     params.put(SecurityTokenCodec.SECURITY_TOKEN_NAME, token);
     params.put(SecurityTokenCodec.ACTIVE_URL_NAME, getActiveUrl(request));
     return params;

Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java?rev=1335707&r1=1335706&r2=1335707&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java Tue May  8 19:31:10 2012
@@ -211,7 +211,7 @@ public class MakeRequestHandler implemen
               + Param.URL.getKey() + " parameter", HttpResponse.SC_BAD_REQUEST);
     }
 
-    SecurityToken token = AuthInfoUtil.getSecurityTokenFromRequest(request);
+    final SecurityToken token = AuthInfoUtil.getSecurityTokenFromRequest(request);
     String container = null;
     Uri gadgetUri = null;
     if ("1".equals(getParameter(request, MULTI_PART_FORM_POST, null))) {
@@ -291,13 +291,15 @@ public class MakeRequestHandler implemen
     AuthType auth = AuthType.parse(getParameter(request, AUTHZ_PARAM, null));
     req.setAuthType(auth);
     if (auth != AuthType.NONE) {
+      req.setSecurityToken(extractAndValidateToken(request));
       if (auth == AuthType.OAUTH2) {
-        req.setSecurityToken(extractAndValidateToken(request));
         req.setOAuth2Arguments(new OAuth2Arguments(request));
       } else {
-        req.setSecurityToken(extractAndValidateToken(request));
         req.setOAuthArguments(new OAuthArguments(auth, request));
       }
+    } else {
+      // if not authenticated, set the token that we received
+      req.setSecurityToken(token);
     }
 
     ServletUtil.setXForwardedForHeader(request, req);