You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@rave.apache.org by Yan Liu <ya...@ogce.org> on 2011/08/23 20:57:02 UTC

integration of remote gadgets

Hi,

I have a use case to draw your attention to: If I have a web application
developed and deployed at web server A, how do I make the web application be
aware of the Rave container context if this application is to be integrated
in Rave container as a gadget?

For example, suppose the web app includes two php files: index.php (for web
content rendering) and service.php (as ajax request handler, and it is
called to inside of index.php). Both php files have dependent php libraries
installed on A. Therefore, moving the deployment to Rave container is
difficult, if not impossible.

The basic question is: how do I configure this webapp as a gadget in Rave? I
suppose I can register it as an iframe gadget with URL http://A/index.php.
However, both php scripts need to authenticate user requests. This means, in
gadget context, they should be able to identify if the request is from
gadget container. If yes, they should be able to verify with container of
this request's user identify and authentication info. This can be done by
having a callback to container and ask whether this user is valid and
currently logged in in container. As the first step, the user request sent
to the php pages should include information provided by gadget container,
e.g., user id, callback url, token, etc. How to do that in Rave?

For web app developers, if Rave provides an interface/specification to
aforementioned use case scenario, it'd be really useful for developing
programming logic. For example, if this web app is designed to support both
standalone web sessions and gadget-container-based invocation, the logic for
auth would be:
if ( ! sessionExists() ) {
    if ( isset( $_POST['gadget_container_info'] ) {
         // contact gadget container to auth user using curl
         $info =  $_POST['gadget_container_info'];
         // ask Rave container to auth the user; of course, we need to trust
this container, but that's another topic
         if ( (gadget_user_verify($info['callback_url'], $info['userid'],
$info['token'])) ) {
             sessionCreate($info['userid']); // create session
         } else {
             // deny user request
         }
    } else { // normal web session setup
         // redirect to login page
    }
}
// authenticated and do stuff ...

I can think of more advanced use cases related to this one, e.g., two
gadgets deployed at two different locations, but they want to communication
in Rave through drag-and-drop (drag an object from gadget A and drop in
gadget B), inter-gadget communication would be needed to enable such use
case.

Thanks,
Yan

RE: integration of remote gadgets

Posted by "Franklin, Matthew B." <mf...@mitre.org>.

 >-----Original Message-----
>From: Yan Liu [mailto:yanliu@ogce.org]
>Sent: Tuesday, August 23, 2011 2:57 PM
>To: rave-dev@incubator.apache.org
>Subject: integration of remote gadgets
>
>Hi,
>
>I have a use case to draw your attention to: If I have a web application
>developed and deployed at web server A, how do I make the web application
>be
>aware of the Rave container context if this application is to be integrated
>in Rave container as a gadget?
>
>For example, suppose the web app includes two php files: index.php (for web
>content rendering) and service.php (as ajax request handler, and it is
>called to inside of index.php). Both php files have dependent php libraries
>installed on A. Therefore, moving the deployment to Rave container is
>difficult, if not impossible.
>

You could use a URL type gadget, which would essentially create an iFrame that points to your PHP application.  A more common way to approach gadget development is to expose services from your PHP application that return JSON or XML & create your UI within the gadget itself.  

>The basic question is: how do I configure this webapp as a gadget in Rave? I
>suppose I can register it as an iframe gadget with URL http://A/index.php.
>However, both php scripts need to authenticate user requests. This means, in
>gadget context, they should be able to identify if the request is from
>gadget container. If yes, they should be able to verify with container of

Our standard approach is to create an OAuth protected JSON service and use the OpenSocial OAuth support to do 3 or 2 legged OAuth.  

>this request's user identify and authentication info. This can be done by
>having a callback to container and ask whether this user is valid and
>currently logged in in container. As the first step, the user request sent
>to the php pages should include information provided by gadget container,
>e.g., user id, callback url, token, etc. How to do that in Rave?
>
>For web app developers, if Rave provides an interface/specification to
>aforementioned use case scenario, it'd be really useful for developing
>programming logic. For example, if this web app is designed to support both
>standalone web sessions and gadget-container-based invocation, the logic for
>auth would be:
>if ( ! sessionExists() ) {
>    if ( isset( $_POST['gadget_container_info'] ) {
>         // contact gadget container to auth user using curl
>         $info =  $_POST['gadget_container_info'];
>         // ask Rave container to auth the user; of course, we need to trust
>this container, but that's another topic
>         if ( (gadget_user_verify($info['callback_url'], $info['userid'],
>$info['token'])) ) {
>             sessionCreate($info['userid']); // create session
>         } else {
>             // deny user request
>         }
>    } else { // normal web session setup
>         // redirect to login page
>    }
>}
>// authenticated and do stuff ...
>
>I can think of more advanced use cases related to this one, e.g., two
>gadgets deployed at two different locations, but they want to communication
>in Rave through drag-and-drop (drag an object from gadget A and drop in
>gadget B), inter-gadget communication would be needed to enable such use
>case.
>
>Thanks,
>Yan