You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by rb...@apache.org on 2011/10/03 22:35:15 UTC
svn commit: r1178561 [1/2] - in /shindig/trunk: config/
content/samplecontainer/examples/
features/src/main/javascript/features/shared-script-frame/
java/gadgets/src/main/java/org/apache/shindig/gadgets/
java/gadgets/src/main/java/org/apache/shindig/ga...
Author: rbaxter85
Date: Mon Oct 3 20:35:14 2011
New Revision: 1178561
URL: http://svn.apache.org/viewvc?rev=1178561&view=rev
Log:
SHINDIG-1628
Committed For Dan Dumont
Locked domain cleanup and shared-domain-locking feature
Added:
shindig/trunk/content/samplecontainer/examples/SharedLockedDomainDemo1.xml
shindig/trunk/content/samplecontainer/examples/SharedLockedDomainDemo2.xml
Modified:
shindig/trunk/config/container.js
shindig/trunk/features/src/main/javascript/features/shared-script-frame/shared-script-frame-container.js
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetException.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/LockedDomainService.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGenerator.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/Renderer.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/LockedDomainPrefixGenerator.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriBase.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/UriStatus.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/HashLockedDomainServiceTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGeneratorTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/RendererTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ServletTestFixture.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManagerTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGeneratorTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/UriManagerTestBase.java
shindig/trunk/php/test/gadgets/ContainerConfigTest.php
Modified: shindig/trunk/config/container.js
URL: http://svn.apache.org/viewvc/shindig/trunk/config/container.js?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/config/container.js (original)
+++ shindig/trunk/config/container.js Mon Oct 3 20:35:14 2011
@@ -56,11 +56,16 @@
"gadgets.parent" : null,
// Should all gadgets be forced on to a locked domain?
-"gadgets.lockedDomainRequired" : false,
+"gadgets.uri.iframe.lockedDomainRequired" : false,
// DNS domain on which gadgets should render.
-"gadgets.lockedDomainSuffix" : "-a.example.com:8080",
-
+// Default Uri config: these must be overridden - specified here for testing purposes
+"gadgets.uri.iframe.unlockedDomain": "${Cur['defaultShindigTestAuthority']}",
+// When setting up the server to enable locked domains, you should set this to something that does not
+// attempt to use the authority at all. Ideally it would be another hostname that points to this server.
+// Example: unlockedDomain="shindig.example.com" lockedDomainSuffix="-locked.gadgets.example.com"
+"gadgets.uri.iframe.lockedDomainSuffix": "${Cur['defaultShindigTestAuthority']}",
+
// Origins for CORS requests and/or Referer validation
// Indicate a set of origins or an entry with * to indicate that all origins are allowed
"gadgets.parentOrigins" : ["*"],
@@ -77,11 +82,6 @@
// never conflict with a lockedDomainSuffix.
"gadgets.jsUriTemplate" : "http://%host%${CONTEXT_ROOT}/gadgets/js/%js%",
-//New configuration for iframeUri generation:
-"gadgets.uri.iframe.lockedDomainSuffix" : "-a.example.com:8080",
-"gadgets.uri.iframe.unlockedDomain" : "www.example.com:8080",
-"gadgets.uri.iframe.basePath" : "${CONTEXT_ROOT}/gadgets/ifr",
-
"gadgets.uri.js.host" : "http://www.example.com/",
"gadgets.uri.js.path" : "${CONTEXT_ROOT}/gadgets/js",
@@ -114,10 +114,6 @@
// Authority (host:port without scheme) for the proxy and concat servlets.
"defaultShindigProxyConcatAuthority":"%authority%",
-// Default Uri config: these must be overridden - specified here for testing purposes
-"gadgets.uri.iframe.unlockedDomain": "${Cur['defaultShindigTestAuthority']}",
-"gadgets.uri.iframe.lockedDomainSuffix": "${Cur['defaultShindigTestAuthority']}",
-
// Default Js Uri config: also must be overridden.
"gadgets.uri.js.host": "//${Cur['defaultShindigTestAuthority']}",
"gadgets.uri.js.path": "${CONTEXT_ROOT}/gadgets/js",
Added: shindig/trunk/content/samplecontainer/examples/SharedLockedDomainDemo1.xml
URL: http://svn.apache.org/viewvc/shindig/trunk/content/samplecontainer/examples/SharedLockedDomainDemo1.xml?rev=1178561&view=auto
==============================================================================
--- shindig/trunk/content/samplecontainer/examples/SharedLockedDomainDemo1.xml (added)
+++ shindig/trunk/content/samplecontainer/examples/SharedLockedDomainDemo1.xml Mon Oct 3 20:35:14 2011
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Module>
+ <ModulePrefs title="Shared locked domain with shared-script-frame 1">
+ <Require feature="locked-domain">
+ <!--
+ All participants must be listed for them to all share a locked domain.
+ Gadgets should declare themselves as a participant.
+ -->
+
+ <!-- Change the following to actual deployment locations to test -->
+ <Param name="participant">http://gadgets.another-example.com/SharedLockedDomainDemo1.xml</Param>
+ <Param name="participant">http://gadgets.example.com/SharedLockedDomainDemo2.xml</Param>
+ </Require>
+ <!--
+ The interaction between shared locked-domains and shared-script-frame is:
+ Of the gadgets listed in this shared locked-domain, only 1 script frame will
+ ever be created. The gadget to render first will have its script frame view
+ rendered.
+ -->
+ <Optional feature="shared-script-frame">
+ <Param name="view">script</Param>
+ </Optional>
+ </ModulePrefs>
+ <Content type="html" view="script"><![CDATA[
+ <script type="text/javascript">
+ (function() {
+ var callbacks = [];
+ window.join = function(callback) {
+ callbacks.push(callback);
+ }
+ window.require = {
+ // the script tag url gets mangled
+ baseUrl: "http://download.dojotoolkit.org/release-1.7.0b2/dojo-release-1.7.0b2/dojo",
+ async: 1,
+ callback: function() {
+ window.join = function(callback) { callback(window.require); };
+ while(callbacks.length) {
+ callbacks.shift()(window.require);
+ }
+ }
+ };
+
+ // It would be lovely if we could have plain script tags in here that shindig would ignore.
+ // Because this is now async we must implement join, above.
+ var scr = document.createElement('script');
+ scr.src = 'http://download.dojotoolkit.org/release-1.7.0b2/dojo-release-1.7.0b2/dojo/dojo.js';
+ document.head.appendChild(scr);
+ })();
+ </script>
+ ]]></Content>
+
+ <Content type="html" view="default"><![CDATA[
+ <link rel="stylesheet" type="text/css" href="http://download.dojotoolkit.org/release-1.7.0b2/dojo-release-1.7.0b2/dijit/themes/claro/claro.css"
+ <h2>Default View</h2>
+ <div>I'm loading a few large things, dojo, dijit.Editor, and dijit.Calendar</div>
+ <div id="scriptframetime"></div>
+ <div id="loadscripttime"></div>
+
+ <script type="text/javascript">
+ gadgets.util.registerOnLoadHandler(function() {
+ gadgets.script.getScriptFrame(function(scriptFrame) {
+ var starttime = new Date().getTime();
+ var joinScriptFrame = function() {
+ if (!scriptFrame.join) {
+ setTimeout(joinScriptFrame, 10);
+ }
+ else {
+ scriptFrame.join(function(require) {
+ window.require = require;
+ var checkpoint = new Date().getTime();
+ require(['dojo', 'dijit/Calendar', 'dijit/Editor'], function(dojo, cal, edit) {
+ dojo.withDoc(window.document, function() {
+ var endtime = new Date().getTime();
+ dojo.byId('scriptframetime').innerHTML = 'It took me ' + (checkpoint - starttime) + ' millis to aquire the script frame';
+ dojo.byId('loadscripttime').innerHTML = 'It took me ' + (endtime - checkpoint) + ' millis to load code.';
+ });
+ });
+ });
+ }
+ };
+ joinScriptFrame();
+ });
+ });
+ </script>
+ ]]></Content>
+</Module>
Added: shindig/trunk/content/samplecontainer/examples/SharedLockedDomainDemo2.xml
URL: http://svn.apache.org/viewvc/shindig/trunk/content/samplecontainer/examples/SharedLockedDomainDemo2.xml?rev=1178561&view=auto
==============================================================================
--- shindig/trunk/content/samplecontainer/examples/SharedLockedDomainDemo2.xml (added)
+++ shindig/trunk/content/samplecontainer/examples/SharedLockedDomainDemo2.xml Mon Oct 3 20:35:14 2011
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Module>
+ <ModulePrefs title="Shared locked domain with shared-script-frame 2">
+ <Require feature="locked-domain">
+ <!--
+ All participants must be listed for them to all share a locked domain.
+ Gadgets should declare themselves as a participant.
+ -->
+
+ <!-- Change the following to actual deployment locations to test -->
+ <Param name="participant">http://gadgets.another-example.com/SharedLockedDomainDemo1.xml</Param>
+ <Param name="participant">http://gadgets.example.com/SharedLockedDomainDemo2.xml</Param>
+ </Require>
+ <!--
+ The interaction between shared locked-domains and shared-script-frame is:
+ Of the gadgets listed in this shared locked-domain, only 1 script frame will
+ ever be created. The gadget to render first will have its script frame view
+ rendered.
+ -->
+ <Optional feature="shared-script-frame">
+ <Param name="view">script</Param>
+ </Optional>
+ </ModulePrefs>
+
+ <Content type="html" view="script"><![CDATA[
+ <script type="text/javascript">
+ (function() {
+ var callbacks = [];
+ window.join = function(callback) {
+ callbacks.push(callback);
+ }
+ window.require = {
+ // the script tag url gets mangled
+ baseUrl: "http://download.dojotoolkit.org/release-1.7.0b2/dojo-release-1.7.0b2/dojo",
+ async: 1,
+ callback: function() {
+ window.join = function(callback) { callback(window.require); };
+ while(callbacks.length) {
+ callbacks.shift()(window.require);
+ }
+ }
+ };
+
+ // It would be lovely if we could have plain script tags in here that shindig would ignore.
+ // Because this is now async we must implement join, above.
+ var scr = document.createElement('script');
+ scr.src = 'http://download.dojotoolkit.org/release-1.7.0b2/dojo-release-1.7.0b2/dojo/dojo.js';
+ document.head.appendChild(scr);
+ })();
+ </script>
+ ]]></Content>
+
+ <Content type="html" view="default"><![CDATA[
+ <link rel="stylesheet" type="text/css" href="http://download.dojotoolkit.org/release-1.7.0b2/dojo-release-1.7.0b2/dijit/themes/claro/claro.css"
+ <h2>Default View</h2>
+ <div>I'm loading a few large things, dojo, dijit.Editor, and dijit.Calendar</div>
+ <div id="scriptframetime"></div>
+ <div id="loadscripttime"></div>
+
+ <script type="text/javascript">
+ gadgets.util.registerOnLoadHandler(function() {
+ gadgets.script.getScriptFrame(function(scriptFrame) {
+ var starttime = new Date().getTime();
+ var joinScriptFrame = function() {
+ if (!scriptFrame.join) {
+ setTimeout(joinScriptFrame, 10);
+ }
+ else {
+ scriptFrame.join(function(require) {
+ window.require = require;
+ var checkpoint = new Date().getTime();
+ require(['dojo', 'dijit/Calendar', 'dijit/Editor'], function(dojo, cal, edit) {
+ dojo.withDoc(window.document, function() {
+ var endtime = new Date().getTime();
+ dojo.byId('scriptframetime').innerHTML = 'It took me ' + (checkpoint - starttime) + ' millis to aquire the script frame';
+ dojo.byId('loadscripttime').innerHTML = 'It took me ' + (endtime - checkpoint) + ' millis to load code.';
+ });
+ });
+ });
+ }
+ };
+ joinScriptFrame();
+ });
+ });
+ </script>
+ ]]></Content>
+</Module>
Modified: shindig/trunk/features/src/main/javascript/features/shared-script-frame/shared-script-frame-container.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/shared-script-frame/shared-script-frame-container.js?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/shared-script-frame/shared-script-frame-container.js (original)
+++ shindig/trunk/features/src/main/javascript/features/shared-script-frame/shared-script-frame-container.js Mon Oct 3 20:35:14 2011
@@ -33,13 +33,52 @@ osapi.container.Container.addMixin('Shar
var siteMap = {};
/**
+ * Generates a key to hash the script frame by for this gadget. If the
+ * gadget uses locked domains and specifies participants in the locked domain,
+ * those other participants will be figured into this key so that they in turn
+ * generate the same key.
+ *
+ * @param {!string} url The gadget URL that requested the script frame.
+ * @param {?Object} ldFeature The feature segment of the gadget for the
+ * locked-domain feature.
+ */
+ var getFrameKey = function(url, ldFeature) {
+ var participants, filtered = {};
+ filtered[url.toLowerCase()] = 1;
+
+ if (ldFeature && ldFeature.params && (participants = ldFeature.params.participant)) {
+ if (typeof(participants) == 'string') {
+ filtered[participants.toLowerCase()] = 1;
+ }
+ else {
+ for (var i = 0, participant; participant = participants[i]; i++) {
+ filtered[participant.toLowerCase()] = 1;
+ }
+ }
+ }
+
+ var ret = [];
+ for (i in filtered) {
+ ret.push(i);
+ }
+ return ret.sort().join('');
+ }
+
+ /**
* Creates a new shared script frame gadget instance on the page.
*
* @param {!string} url The gadget URL that requested the script frame.
* @param {!Object} feature The feature segment of the gadget for the
* shared-script-frame feature.
+ * @param {?Object} ldFeature The feature segment of the gadget for the
+ * locked-domain feature.
*/
- var createScriptFrame = function(url, feature) {
+ var createScriptFrame = function(url, feature, ldFeature) {
+ var key = getFrameKey(url, ldFeature);
+ if (siteMap[key]) {
+ return;
+ }
+
var view = osapi.container.GadgetSite.DEFAULT_VIEW_;
if (feature.params && feature.params.view) {
view = feature.params.view[0];
@@ -49,7 +88,7 @@ osapi.container.Container.addMixin('Shar
elem.style.display = 'none';
document.body.appendChild(elem);
- var site = siteMap[url] = container.newGadgetSite(elem);
+ var site = siteMap[key] = container.newGadgetSite(elem);
var params = {};
params[osapi.container.RenderParam.VIEW] = view;
container.navigateGadget(site, url, undefined, params);
@@ -64,9 +103,10 @@ osapi.container.Container.addMixin('Shar
* @returns {?string} The name of the script frame
*/
var getScriptFrameName = function(rpcArgs) {
- var fromURL = rpcArgs.gs.getActiveGadgetHolder().getUrl();
+ var info = rpcArgs.gs.getActiveGadgetHolder().getGadgetInfo(),
+ key = getFrameKey(info.url, info.modulePrefs.features['locked-domain']);
- var name, scriptSite = siteMap[fromURL];
+ var name, scriptSite = siteMap[key];
if (scriptSite) {
name = scriptSite.getActiveGadgetHolder().getIframeId();
}
@@ -91,9 +131,10 @@ osapi.container.Container.addMixin('Shar
var url = metadata.url;
try {
var feature = metadata.modulePrefs.features['shared-script-frame'];
+ var ldFeature = metadata.modulePrefs.features['locked-domain'];
} catch(e) {}
- if (feature && !siteMap[url]) {
- createScriptFrame(url, feature);
+ if (feature) {
+ createScriptFrame(url, feature, ldFeature);
}
};
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetException.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetException.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetException.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetException.java Mon Oct 3 20:35:14 2011
@@ -60,7 +60,7 @@ public class GadgetException extends Exc
// Caja error
MALFORMED_FOR_SAFE_INLINING,
-
+
// Parsing errors
CSS_PARSE_ERROR,
HTML_PARSE_ERROR,
@@ -83,6 +83,9 @@ public class GadgetException extends Exc
// Error in the JavaScript processing pipeline
JS_PROCESSING_ERROR,
+ // Error validating that the gadget supplied is correct for the locked domain the request came from.
+ GADGET_HOST_MISMATCH,
+
//Gadget Admin Error
GADGET_ADMIN_STORAGE_ERROR,
GADGET_ADMIN_FEATURE_NOT_ALLOWED
@@ -133,7 +136,7 @@ public class GadgetException extends Exc
public Code getCode() {
return code;
}
-
+
public int getHttpStatusCode() {
return httpStatusCode;
}
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java Mon Oct 3 20:35:14 2011
@@ -17,22 +17,28 @@
*/
package org.apache.shindig.gadgets;
+import java.util.Collection;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeSet;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
import org.apache.shindig.common.logging.i18n.MessageKeys;
-import org.apache.shindig.common.util.Base32;
+import org.apache.shindig.common.servlet.Authority;
+import org.apache.shindig.common.uri.Uri;
+import org.apache.shindig.common.uri.Uri.UriException;
import org.apache.shindig.config.ContainerConfig;
+import org.apache.shindig.gadgets.spec.Feature;
+import org.apache.shindig.gadgets.uri.LockedDomainPrefixGenerator;
import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import com.google.inject.name.Named;
-import org.apache.commons.codec.digest.DigestUtils;
-
-import java.util.Collection;
-import java.util.Map;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
/**
* Locked domain implementation based on sha1.
*
@@ -42,19 +48,27 @@ import java.util.logging.Logger;
*
* Other domain locking schemes are possible as well.
*/
+/**
+ * @author <a href="mailto:dev@shindig.apache.org">Shindig Dev</a>
+ * @version $Id: $
+ *
+ */
@Singleton
public class HashLockedDomainService implements LockedDomainService, ContainerConfig.ConfigObserver {
//class name for logging purpose
private static final String classname = HashLockedDomainService.class.getName();
- private static final Logger LOG = Logger.getLogger(classname,MessageKeys.MESSAGES);
-
+ private static final Logger LOG = Logger.getLogger(classname, MessageKeys.MESSAGES);
+
private final boolean enabled;
private boolean lockSecurityTokens = false;
private final Map<String, String> lockedSuffixes;
private final Map<String, Boolean> required;
+ private Authority authority;
+ private LockedDomainPrefixGenerator ldGen;
+ private final Pattern authpattern = Pattern.compile("%authority%");
- public static final String LOCKED_DOMAIN_REQUIRED_KEY = "gadgets.lockedDomainRequired";
- public static final String LOCKED_DOMAIN_SUFFIX_KEY = "gadgets.lockedDomainSuffix";
+ public static final String LOCKED_DOMAIN_REQUIRED_KEY = "gadgets.uri.iframe.lockedDomainRequired";
+ public static final String LOCKED_DOMAIN_SUFFIX_KEY = "gadgets.uri.iframe.lockedDomainSuffix";
/**
* Create a LockedDomainService
@@ -63,8 +77,10 @@ public class HashLockedDomainService imp
*/
@Inject
public HashLockedDomainService(ContainerConfig config,
- @Named("shindig.locked-domain.enabled") boolean enabled) {
+ @Named("shindig.locked-domain.enabled") boolean enabled,
+ LockedDomainPrefixGenerator ldGen) {
this.enabled = enabled;
+ this.ldGen = ldGen;
lockedSuffixes = Maps.newHashMap();
required = Maps.newHashMap();
if (enabled) {
@@ -72,25 +88,15 @@ public class HashLockedDomainService imp
}
}
- public void containersChanged(
- ContainerConfig config, Collection<String> changed, Collection<String> removed) {
- for (String container : changed) {
- String suffix = config.getString(container, LOCKED_DOMAIN_SUFFIX_KEY);
- if (suffix == null) {
- if (LOG.isLoggable(Level.WARNING)) {
- LOG.logp(Level.WARNING, classname, "HashLockedDomainService", MessageKeys.NO_LOCKED_DOMAIN_CONFIG, new Object[] {container});
- }
- } else {
- lockedSuffixes.put(container, suffix);
- }
- required.put(container, config.getBool(container, LOCKED_DOMAIN_REQUIRED_KEY));
- }
- for (String container : removed) {
- lockedSuffixes.remove(container);
- required.remove(container);
- }
+ /*
+ * Injected methods
+ */
+
+ @Inject(optional = true)
+ public void setAuthority(Authority authority) {
+ this.authority = authority;
}
-
+
/**
* Allows a renderer to render all gadgets that require a security token on a locked
* domain. This is recommended security practice, as it secures the token from other
@@ -109,75 +115,181 @@ public class HashLockedDomainService imp
this.lockSecurityTokens = lockSecurityTokens;
}
+
+ /*
+ * Public implmentation
+ */
+
+ public void containersChanged(ContainerConfig config, Collection<String> changed, Collection<String> removed) {
+ for (String container : changed) {
+ String suffix = config.getString(container, LOCKED_DOMAIN_SUFFIX_KEY);
+ if (suffix == null) {
+ if (LOG.isLoggable(Level.WARNING)) {
+ LOG.logp(Level.WARNING, classname, "containersChanged", MessageKeys.NO_LOCKED_DOMAIN_CONFIG, new Object[] {container});
+ }
+ } else {
+ lockedSuffixes.put(container, checkSuffix(suffix));
+ }
+ required.put(container, config.getBool(container, LOCKED_DOMAIN_REQUIRED_KEY));
+ }
+ for (String container : removed) {
+ lockedSuffixes.remove(container);
+ required.remove(container);
+ }
+ }
+
public boolean isEnabled() {
return enabled;
}
public boolean isSafeForOpenProxy(String host) {
if (enabled) {
- return !hostRequiresLockedDomain(host);
+ return !isHostUsingLockedDomain(host);
}
return true;
}
- public boolean gadgetCanRender(String host, Gadget gadget, String container) {
- container = normalizeContainer(container);
+ public boolean isGadgetValidForHost(String host, Gadget gadget, String container) {
+ container = getContainer(container);
if (enabled) {
- if (gadgetWantsLockedDomain(gadget) ||
- hostRequiresLockedDomain(host) ||
- containerRequiresLockedDomain(container)) {
- String neededHost = getLockedDomain(gadget, container);
+ if (isGadgetReqestingLocking(gadget) ||
+ isHostUsingLockedDomain(host) ||
+ isDomainLockingEnforced(container)) {
+ String neededHost;
+ try {
+ neededHost = getLockedDomain(gadget, container);
+ } catch (GadgetException e) {
+ if (LOG.isLoggable(Level.WARNING)) {
+ LOG.log(Level.WARNING, "Invalid host for call.", e);
+ }
+ return false;
+ }
return host.equals(neededHost);
}
}
return true;
}
- public String getLockedDomainForGadget(Gadget gadget, String container) {
- container = normalizeContainer(container);
- if (enabled) {
- if (gadgetWantsLockedDomain(gadget) ||
- containerRequiresLockedDomain(container)) {
+ public String getLockedDomainForGadget(Gadget gadget, String container) throws GadgetException {
+ container = getContainer(container);
+ if (enabled && !isExcludedFromLockedDomain(gadget, container)) {
+ if (isGadgetReqestingLocking(gadget) || isDomainLockingEnforced(container)) {
return getLockedDomain(gadget, container);
}
}
return null;
}
- private String getLockedDomain(Gadget gadget, String container) {
+ public boolean isHostUsingLockedDomain(String host) {
+ if (enabled) {
+ for (String suffix : lockedSuffixes.values()) {
+ if (host.endsWith(suffix)) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ public String getLockedDomainPrefix(Gadget gadget) throws GadgetException {
+ String ret = "";
+ if (enabled) {
+ ret = ldGen.getLockedDomainPrefix(getLockedDomainParticipants(gadget));
+ }
+ // Lower-case to prevent casing from being relevant.
+ return ret.toLowerCase();
+ }
+
+
+ /*
+ * Protected implementation
+ */
+
+ /**
+ * Override methods for custom behavior
+ * Allows you to override locked domain feature requests from a gadget.
+ */
+ protected boolean isExcludedFromLockedDomain(Gadget gadget, String container) {
+ return false;
+ }
+
+
+ /*
+ * Private implmentation
+ */
+
+ private String getLockedDomain(Gadget gadget, String container) throws GadgetException {
String suffix = lockedSuffixes.get(container);
if (suffix == null) {
return null;
}
- byte[] sha1 = DigestUtils.sha(gadget.getSpec().getUrl().toString());
- String hash = new String(Base32.encodeBase32(sha1));
- return hash + suffix;
+ return getLockedDomainPrefix(gadget) + suffix;
}
- private boolean gadgetWantsLockedDomain(Gadget gadget) {
+ /**
+ * @see HashLockedDomainService#setLockSecurityTokens(Boolean)
+ */
+ private boolean isGadgetReqestingLocking(Gadget gadget) {
if (lockSecurityTokens) {
return gadget.getAllFeatures().contains("locked-domain");
}
return gadget.getViewFeatures().keySet().contains("locked-domain");
}
- private boolean hostRequiresLockedDomain(String host) {
- for (String suffix : lockedSuffixes.values()) {
- if (host.endsWith(suffix)) {
- return true;
- }
- }
- return false;
- }
-
- private boolean containerRequiresLockedDomain(String container) {
+ private boolean isDomainLockingEnforced(String container) {
return required.get(container);
}
- private String normalizeContainer(String container) {
+ private String getContainer(String container) {
if (required.containsKey(container)) {
return container;
}
return ContainerConfig.DEFAULT_CONTAINER;
}
+
+ private String checkSuffix(String suffix) {
+ if (suffix != null) {
+ Matcher m = authpattern.matcher(suffix);
+ if (m.matches()) {
+ if (LOG.isLoggable(Level.WARNING)) {
+ LOG.warning("You should not be using %authority% replacement in a running environment!");
+ LOG.warning("Check your config and specify an explicit locked domain suffix.");
+ LOG.warning("Found suffix: " + suffix);
+ }
+ if (authority != null) {
+ suffix = m.replaceAll(authority.getAuthority());
+ }
+ }
+ }
+ return suffix;
+ }
+
+ private String getLockedDomainParticipants(Gadget gadget) throws GadgetException {
+ Map<String, Feature> features = gadget.getSpec().getModulePrefs().getFeatures();
+ Feature ldFeature = features.get("locked-domain");
+
+ // This gadget is always a participant.
+ Set<String> filtered = new TreeSet<String>();
+ filtered.add(gadget.getSpec().getUrl().toString().toLowerCase());
+
+ if (ldFeature != null) {
+ Collection<String> participants = ldFeature.getParamCollection("participant");
+ for (String participant : participants) {
+ // be picky, this should be a valid uri
+ try {
+ Uri.parse(participant);
+ } catch (UriException e) {
+ throw new GadgetException(GadgetException.Code.INVALID_PARAMETER,
+ "Participant param must be a valid uri", e);
+ }
+ filtered.add(participant.toLowerCase());
+ }
+ }
+
+ StringBuilder buffer = new StringBuilder();
+ for (String participant : filtered) {
+ buffer.append(participant);
+ }
+ return buffer.toString();
+ }
}
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/LockedDomainService.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/LockedDomainService.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/LockedDomainService.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/LockedDomainService.java Mon Oct 3 20:35:14 2011
@@ -30,6 +30,13 @@ import com.google.inject.ImplementedBy;
@ImplementedBy(HashLockedDomainService.class)
public interface LockedDomainService {
/**
+ * Check whether locked domains feature is enabled on the server.
+ *
+ * @return If locked domains is enabled on the server.
+ */
+ boolean isEnabled();
+
+ /**
* @return True if the host is safe for use with the open proxy.
*/
boolean isSafeForOpenProxy(String host);
@@ -43,7 +50,7 @@ public interface LockedDomainService {
* @param container container
* @return true if the gadget can render
*/
- boolean gadgetCanRender(String host, Gadget gadget, String container);
+ boolean isGadgetValidForHost(String host, Gadget gadget, String container);
/**
* Calculate the locked domain for a particular gadget on a particular
@@ -54,6 +61,23 @@ public interface LockedDomainService {
* @return the host name on which the gadget should render, or null if locked domain should not
* be used to render this gadget.
*/
- String getLockedDomainForGadget(Gadget gadget, String container);
+ String getLockedDomainForGadget(Gadget gadget, String container) throws GadgetException;
+ /**
+ * Check whether a host is using a locked domain.
+ *
+ * @param host Host to inspect for locked domain suffix.
+ * @return If the supplied host is using a locked domain.
+ * Returns false if locked domains are not enabled on the server.
+ */
+ boolean isHostUsingLockedDomain(String host);
+
+ /**
+ * Generates a locked domain prefix given a gadget Uri.
+ *
+ * @param gadget The uri of the gadget.
+ * @return A locked domain prefix for the gadgetUri.
+ * Returns empty string if locked domains are not enabled on the server.
+ */
+ String getLockedDomainPrefix(Gadget gadget) throws GadgetException;
}
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGenerator.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGenerator.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGenerator.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGenerator.java Mon Oct 3 20:35:14 2011
@@ -116,7 +116,7 @@ public class GadgetOAuthCallbackGenerato
Uri activeUrl = Uri.parse(securityToken.getActiveUrl());
String hostname = activeUrl.getAuthority();
- if (!lockedDomainService.gadgetCanRender(hostname, gadget, securityToken.getContainer())) {
+ if (!lockedDomainService.isGadgetValidForHost(hostname, gadget, securityToken.getContainer())) {
throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM,
"Gadget should not be using URL " + activeUrl);
}
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/Renderer.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/Renderer.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/Renderer.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/Renderer.java Mon Oct 3 20:35:14 2011
@@ -94,7 +94,7 @@ public class Renderer {
return RenderingResults.mustRedirect(gadget.getCurrentView().getHref());
}
- if (!lockedDomainService.gadgetCanRender(context.getHost(), gadget, context.getContainer())) {
+ if (!lockedDomainService.isGadgetValidForHost(context.getHost(), gadget, context.getContainer())) {
return RenderingResults.error("Invalid domain", HttpServletResponse.SC_BAD_REQUEST);
}
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java Mon Oct 3 20:35:14 2011
@@ -37,13 +37,18 @@ import org.apache.shindig.config.Contain
import org.apache.shindig.gadgets.AuthType;
import org.apache.shindig.gadgets.FeedProcessor;
import org.apache.shindig.gadgets.FetchResponseUtils;
+import org.apache.shindig.gadgets.Gadget;
+import org.apache.shindig.gadgets.GadgetContext;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.GadgetException.Code;
+import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.admin.GadgetAdminStore;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.http.RequestPipeline;
import org.apache.shindig.gadgets.oauth.OAuthArguments;
+import org.apache.shindig.gadgets.process.ProcessingException;
+import org.apache.shindig.gadgets.process.Processor;
import org.apache.shindig.gadgets.rewrite.ResponseRewriterList.RewriteFlow;
import org.apache.shindig.gadgets.rewrite.ResponseRewriterRegistry;
import org.apache.shindig.gadgets.rewrite.RewriterRegistry;
@@ -78,17 +83,24 @@ public class MakeRequestHandler {
private final ResponseRewriterRegistry contentRewriterRegistry;
private final Provider<FeedProcessor> feedProcessorProvider;
private final GadgetAdminStore gadgetAdminStore;
+ private final Processor processor;
+ private final LockedDomainService lockedDomainService;
@Inject
public MakeRequestHandler(RequestPipeline requestPipeline,
@RewriterRegistry(rewriteFlow = RewriteFlow.DEFAULT)
ResponseRewriterRegistry contentRewriterRegistry,
Provider<FeedProcessor> feedProcessorProvider,
- GadgetAdminStore gadgetAdminStore) {
+ GadgetAdminStore gadgetAdminStore,
+ Processor processor,
+ LockedDomainService lockedDomainService) {
+
this.requestPipeline = requestPipeline;
this.contentRewriterRegistry = contentRewriterRegistry;
this.feedProcessorProvider = feedProcessorProvider;
this.gadgetAdminStore = gadgetAdminStore;
+ this.processor = processor;
+ this.lockedDomainService = lockedDomainService;
}
/**
@@ -98,12 +110,41 @@ public class MakeRequestHandler {
throws GadgetException, IOException {
HttpRequest rcr = buildHttpRequest(request);
String container = rcr.getContainer();
- Uri gadget = rcr.getGadget();
- if (gadget != null &&
- !gadgetAdminStore.isWhitelisted(container, gadget.toString())) {
+ final Uri gadgetUri = rcr.getGadget();
+ if (gadgetUri == null) {
+ throw new GadgetException(GadgetException.Code.MISSING_PARAMETER,
+ "Unable to find gadget in request", HttpResponse.SC_FORBIDDEN);
+ }
+
+ Gadget gadget = null;
+ GadgetContext context = new HttpGadgetContext(request) {
+ public Uri getUrl() {
+ return gadgetUri;
+ }
+ public boolean getIgnoreCache() {
+ return getParameter("bypassSpecCache").equals("1");
+ }
+ };
+ try {
+ gadget = processor.process(context);
+ } catch (ProcessingException e) {
+ throw new GadgetException(
+ GadgetException.Code.INTERNAL_SERVER_ERROR, "Error processing gadget",
+ e, HttpResponse.SC_BAD_REQUEST);
+ }
+
+ // Validate gadget is correct for the host.
+ // Ensures that the gadget has not hand crafted this request to represent itself as
+ // another gadget in a locked domain environment.
+ if (!lockedDomainService.isGadgetValidForHost(context.getHost(), gadget, container)) {
+ throw new GadgetException(GadgetException.Code.GADGET_HOST_MISMATCH,
+ "The gadget is incorrect for this request", HttpResponse.SC_FORBIDDEN);
+ }
+
+ if(!gadgetAdminStore.isWhitelisted(container, gadgetUri.toString())) {
throw new GadgetException(GadgetException.Code.NON_WHITELISTED_GADGET,
- "The requested content is unavailable", HttpResponse.SC_FORBIDDEN);
+ "The requested content is unavailable", HttpResponse.SC_FORBIDDEN);
}
// Serialize the response
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java Mon Oct 3 20:35:14 2011
@@ -18,35 +18,33 @@
*/
package org.apache.shindig.gadgets.uri;
-import com.google.common.collect.ImmutableList;
-import com.google.inject.ImplementedBy;
-import com.google.inject.Inject;
-import com.google.inject.name.Named;
+import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.auth.SecurityTokenCodec;
import org.apache.shindig.auth.SecurityTokenException;
+import org.apache.shindig.common.servlet.Authority;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.uri.UriBuilder;
import org.apache.shindig.config.ContainerConfig;
import org.apache.shindig.gadgets.Gadget;
import org.apache.shindig.gadgets.GadgetContext;
+import org.apache.shindig.gadgets.GadgetException;
+import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.UserPrefs;
import org.apache.shindig.gadgets.spec.UserPref;
import org.apache.shindig.gadgets.spec.View;
import org.apache.shindig.gadgets.uri.UriCommon.Param;
-import org.apache.shindig.common.servlet.Authority;
-
-import java.util.Collection;
-import java.util.List;
-import java.util.Set;
+import com.google.inject.ImplementedBy;
+import com.google.inject.Inject;
+import com.google.inject.name.Named;
/**
* Default implementation of an IframeUriManager which references the /ifr endpoint.
*/
-public class DefaultIframeUriManager implements IframeUriManager, ContainerConfig.ConfigObserver {
+public class DefaultIframeUriManager implements IframeUriManager {
// By default, fills in values that could otherwise be templated for client population.
private static final boolean DEFAULT_USE_TEMPLATES = false;
static final String IFRAME_BASE_PATH_KEY = "gadgets.uri.iframe.basePath";
@@ -56,44 +54,21 @@ public class DefaultIframeUriManager imp
public static final String SECURITY_TOKEN_ALWAYS_KEY = "gadgets.uri.iframe.alwaysAppendSecurityToken";
public static final String LOCKED_DOMAIN_FEATURE_NAME = "locked-domain";
public static final String SECURITY_TOKEN_FEATURE_NAME = "security-token";
- private boolean ldEnabled = true;
private TemplatingSignal tplSignal = null;
private Versioner versioner = null;
private Authority authority;
private final ContainerConfig config;
- private final LockedDomainPrefixGenerator ldGen;
+ private final LockedDomainService ldService;
private final SecurityTokenCodec securityTokenCodec;
- private List<String> ldSuffixes;
-
@Inject
public DefaultIframeUriManager(ContainerConfig config,
- LockedDomainPrefixGenerator ldGen,
+ LockedDomainService ldService,
SecurityTokenCodec securityTokenCodec) {
this.config = config;
- this.ldGen = ldGen;
+ this.ldService = ldService;
this.securityTokenCodec = securityTokenCodec;
-
- if (ldEnabled) {
- config.addConfigObserver(this, true);
- }
- }
-
- public void containersChanged(
- ContainerConfig config, Collection<String> changed, Collection<String> removed) {
- Collection<String> containers = config.getContainers();
- ImmutableList.Builder<String> ldSuffixes = ImmutableList.builder();
- for (String container : containers) {
- ldSuffixes.add(getReqVal(container, LOCKED_DOMAIN_SUFFIX_KEY));
- }
- this.ldSuffixes = ldSuffixes.build();
- }
-
- @Inject(optional = true)
- public void setLockedDomainEnabled(
- @Named("shindig.locked-domain.enabled") Boolean ldEnabled) {
- this.ldEnabled = ldEnabled;
}
@Inject(optional = true)
@@ -132,13 +107,14 @@ public class DefaultIframeUriManager imp
uri.setPath(getReqVal(container, IFRAME_BASE_PATH_KEY));
// 2. Set host/authority.
- String host = "//";
- if (usingLockedDomain(gadget, container)) {
- host += ldGen.getLockedDomainPrefix(gadget.getSpec().getUrl()) +
- getReqVal(container, LOCKED_DOMAIN_SUFFIX_KEY);
- } else {
- host += getReqVal(container, UNLOCKED_DOMAIN_KEY);
+ String ldDomain;
+ try {
+ ldDomain = ldService.getLockedDomainForGadget(gadget, container);
+ } catch (GadgetException e) {
+ throw new RuntimeException(e);
}
+ String host = "//" +
+ (ldDomain == null ? getReqVal(container, UNLOCKED_DOMAIN_KEY) : ldDomain);
Uri gadgetUri = Uri.parse(host);
if (gadgetUri.getAuthority() == null
@@ -255,35 +231,6 @@ public class DefaultIframeUriManager imp
container = ContainerConfig.DEFAULT_CONTAINER;
}
- // Validate domain.
- String host = uri.getAuthority().toLowerCase();
- String gadgetLdPrefix = ldGen.getLockedDomainPrefix(gadgetUri).toLowerCase();
-
- // If the uri starts with gadget's locked domain prefix, then the suffix
- // must be an exact match as well.
- // Lower-case to prevent casing from being relevant.
- if (ldEnabled && !lockedDomainExclusion()) {
- if (host.startsWith(gadgetLdPrefix)) {
- // Strip off prefix.
- host = host.substring(gadgetLdPrefix.length());
- String ldSuffix = getReqVal(container, LOCKED_DOMAIN_SUFFIX_KEY);
- if (!ldSuffix.equalsIgnoreCase(host)) {
- return UriStatus.INVALID_DOMAIN;
- }
- } else {
- // We need to also ensure that the URI isn't that of another valid
- // locked-domain gadget. We do this test second as it's less efficient.
- // Also, since we've already tested the "valid" locked domain case
- // we can simply say the URI is invalid if it ends with any valid
- // locked domain suffix.
- for (String ldSuffix : ldSuffixes) {
- if (host.endsWith(ldSuffix)) {
- return UriStatus.INVALID_DOMAIN;
- }
- }
- }
- }
-
String version = uri.getQueryParameter(Param.VERSION.getKey());
if (versioner == null || version == null) {
return UriStatus.VALID_UNVERSIONED;
@@ -296,12 +243,6 @@ public class DefaultIframeUriManager imp
return '%' + key + '%';
}
- /** Overridable methods for custom behavior */
- protected boolean lockedDomainExclusion() {
- // Subclass/override this to support a custom notion of dev-mode, other exclusions.
- return false;
- }
-
protected String getScheme(Gadget gadget, String container) {
// Scheme-relative by default. Override for specific use cases.
return null;
@@ -332,22 +273,6 @@ public class DefaultIframeUriManager imp
}
}
- private boolean usingLockedDomain(Gadget gadget, String container) {
- if (!ldEnabled) {
- return false;
- }
-
- if (lockedDomainExclusion()) {
- return false;
- }
-
- if (config.getBool(container, LOCKED_DOMAIN_REQUIRED_KEY)) {
- return true;
- }
-
- return gadget.getAllFeatures().contains(LOCKED_DOMAIN_FEATURE_NAME);
- }
-
private String getReqVal(String container, String key) {
String val = config.getString(container, key);
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java Mon Oct 3 20:35:14 2011
@@ -27,7 +27,11 @@ import org.apache.shindig.common.uri.Uri
*/
public class HashShaLockedDomainPrefixGenerator implements LockedDomainPrefixGenerator {
public String getLockedDomainPrefix(Uri gadgetUri) {
- byte[] sha1 = DigestUtils.sha(gadgetUri.toString());
+ return getLockedDomainPrefix(gadgetUri.toString());
+ }
+
+ public String getLockedDomainPrefix(String token) {
+ byte[] sha1 = DigestUtils.sha(token);
return new String(Base32.encodeBase32(sha1)); // a hash
}
}
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/LockedDomainPrefixGenerator.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/LockedDomainPrefixGenerator.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/LockedDomainPrefixGenerator.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/LockedDomainPrefixGenerator.java Mon Oct 3 20:35:14 2011
@@ -28,4 +28,5 @@ import com.google.inject.ImplementedBy;
@ImplementedBy(HashShaLockedDomainPrefixGenerator.class)
public interface LockedDomainPrefixGenerator {
String getLockedDomainPrefix(Uri gadgetUri);
+ String getLockedDomainPrefix(String token);
}
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriBase.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriBase.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriBase.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriBase.java Mon Oct 3 20:35:14 2011
@@ -314,9 +314,6 @@ public class ProxyUriBase {
case INVALID_VERSION:
retRefresh = 0;
break;
- case INVALID_DOMAIN:
- throw new GadgetException(GadgetException.Code.INVALID_PATH,
- "Invalid path", HttpResponse.SC_BAD_REQUEST);
case BAD_URI:
throw new GadgetException(GadgetException.Code.INVALID_PATH,
"Invalid path", HttpResponse.SC_BAD_REQUEST);
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/UriStatus.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/UriStatus.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/UriStatus.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/UriStatus.java Mon Oct 3 20:35:14 2011
@@ -25,6 +25,5 @@ public enum UriStatus {
VALID_VERSIONED,
VALID_UNVERSIONED,
INVALID_VERSION,
- INVALID_DOMAIN,
BAD_URI
}
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/HashLockedDomainServiceTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/HashLockedDomainServiceTest.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/HashLockedDomainServiceTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/HashLockedDomainServiceTest.java Mon Oct 3 20:35:14 2011
@@ -23,9 +23,9 @@ import static org.apache.shindig.gadgets
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.isA;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Lists;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
import org.apache.shindig.common.EasyMockTestCase;
import org.apache.shindig.common.uri.Uri;
@@ -33,16 +33,18 @@ import org.apache.shindig.config.BasicCo
import org.apache.shindig.config.ContainerConfig;
import org.apache.shindig.gadgets.features.FeatureRegistry;
import org.apache.shindig.gadgets.spec.GadgetSpec;
+import org.apache.shindig.gadgets.uri.HashShaLockedDomainPrefixGenerator;
import org.junit.Before;
import org.junit.Test;
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Lists;
public class HashLockedDomainServiceTest extends EasyMockTestCase {
private HashLockedDomainService lockedDomainService;
+ private HashShaLockedDomainPrefixGenerator ldgen = new HashShaLockedDomainPrefixGenerator();
private Gadget wantsLocked = null;
private Gadget notLocked = null;
private Gadget wantsSecurityToken = null;
@@ -104,102 +106,102 @@ public class HashLockedDomainServiceTest
public void testDisabledGlobally() {
replay();
- lockedDomainService = new HashLockedDomainService(requiredConfig, false);
+ lockedDomainService = new HashLockedDomainService(requiredConfig, false, ldgen);
assertTrue(lockedDomainService.isSafeForOpenProxy("anywhere.com"));
assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));
- assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsLocked, "default"));
- assertTrue(lockedDomainService.gadgetCanRender("embed.com", notLocked, "default"));
- assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsSecurityToken, "default"));
- assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsBoth, "default"));
+ assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsLocked, "default"));
+ assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", notLocked, "default"));
+ assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsSecurityToken, "default"));
+ assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsBoth, "default"));
- lockedDomainService = new HashLockedDomainService(enabledConfig, false);
+ lockedDomainService = new HashLockedDomainService(enabledConfig, false, ldgen);
assertTrue(lockedDomainService.isSafeForOpenProxy("anywhere.com"));
assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));
- assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsLocked, "default"));
- assertTrue(lockedDomainService.gadgetCanRender("embed.com", notLocked, "default"));
- assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsSecurityToken, "default"));
- assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsBoth, "default"));
+ assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsLocked, "default"));
+ assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", notLocked, "default"));
+ assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsSecurityToken, "default"));
+ assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsBoth, "default"));
}
@Test
- public void testEnabledForGadget() {
+ public void testEnabledForGadget() throws GadgetException {
replay();
- lockedDomainService = new HashLockedDomainService(enabledConfig, true);
+ lockedDomainService = new HashLockedDomainService(enabledConfig, true, ldgen);
assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080"));
assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080"));
assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));
- assertFalse(lockedDomainService.gadgetCanRender("www.example.com", wantsLocked, "default"));
- assertTrue(lockedDomainService.gadgetCanRender(
+ assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", wantsLocked, "default"));
+ assertTrue(lockedDomainService.isGadgetValidForHost(
"8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "default"));
- assertFalse(lockedDomainService.gadgetCanRender(
+ assertFalse(lockedDomainService.isGadgetValidForHost(
"8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsSecurityToken, "default"));
- assertTrue(lockedDomainService.gadgetCanRender(
+ assertTrue(lockedDomainService.isGadgetValidForHost(
"h2nlf2a2dqou2lul3n50jb4v7e8t34kc-a.example.com:8080", wantsBoth, "default"));
-
+
String target = lockedDomainService.getLockedDomainForGadget(wantsLocked, "default");
assertEquals("8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", target);
-
+
target = lockedDomainService.getLockedDomainForGadget(wantsBoth, "default");
assertEquals("h2nlf2a2dqou2lul3n50jb4v7e8t34kc-a.example.com:8080", target);
-
+
lockedDomainService.setLockSecurityTokens(true);
- assertTrue(lockedDomainService.gadgetCanRender(
+ assertTrue(lockedDomainService.isGadgetValidForHost(
"lrrq12l8s5flpqcjoj1h1872lp9p93nk-a.example.com:8080", wantsSecurityToken, "default"));
target = lockedDomainService.getLockedDomainForGadget(wantsSecurityToken, "default");
assertEquals("lrrq12l8s5flpqcjoj1h1872lp9p93nk-a.example.com:8080", target);
-
+
// Direct includes work as before.
target = lockedDomainService.getLockedDomainForGadget(wantsLocked, "default");
assertEquals("8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", target);
-
+
target = lockedDomainService.getLockedDomainForGadget(wantsBoth, "default");
assertEquals("h2nlf2a2dqou2lul3n50jb4v7e8t34kc-a.example.com:8080", target);
}
@Test
- public void testNotEnabledForGadget() {
+ public void testNotEnabledForGadget() throws GadgetException {
replay();
- lockedDomainService = new HashLockedDomainService(enabledConfig, true);
+ lockedDomainService = new HashLockedDomainService(enabledConfig, true, ldgen);
assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080"));
assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080"));
assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));
- assertTrue(lockedDomainService.gadgetCanRender("www.example.com", notLocked, "default"));
- assertFalse(lockedDomainService.gadgetCanRender(
+ assertTrue(lockedDomainService.isGadgetValidForHost("www.example.com", notLocked, "default"));
+ assertFalse(lockedDomainService.isGadgetValidForHost(
"8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", notLocked, "default"));
- assertTrue(lockedDomainService.gadgetCanRender(
+ assertTrue(lockedDomainService.isGadgetValidForHost(
"auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", notLocked, "default"));
assertNull(lockedDomainService.getLockedDomainForGadget(notLocked, "default"));
}
@Test
- public void testRequiredForContainer() {
+ public void testRequiredForContainer() throws GadgetException {
replay();
- lockedDomainService = new HashLockedDomainService(requiredConfig, true);
+ lockedDomainService = new HashLockedDomainService(requiredConfig, true, ldgen);
assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080"));
assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080"));
assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));
- assertFalse(lockedDomainService.gadgetCanRender("www.example.com", wantsLocked, "default"));
- assertFalse(lockedDomainService.gadgetCanRender("www.example.com", notLocked, "default"));
+ assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", wantsLocked, "default"));
+ assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", notLocked, "default"));
String target = lockedDomainService.getLockedDomainForGadget(wantsLocked, "default");
assertEquals("8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", target);
target = lockedDomainService.getLockedDomainForGadget(notLocked, "default");
assertEquals("auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", target);
- assertTrue(lockedDomainService.gadgetCanRender(
+ assertTrue(lockedDomainService.isGadgetValidForHost(
"8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "default"));
- assertFalse(lockedDomainService.gadgetCanRender(
+ assertFalse(lockedDomainService.isGadgetValidForHost(
"auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", wantsLocked, "default"));
- assertTrue(lockedDomainService.gadgetCanRender(
+ assertTrue(lockedDomainService.isGadgetValidForHost(
"auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", notLocked, "default"));
- assertFalse(lockedDomainService.gadgetCanRender(
+ assertFalse(lockedDomainService.isGadgetValidForHost(
"8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", notLocked, "default"));
}
@@ -209,9 +211,9 @@ public class HashLockedDomainServiceTest
ContainerConfig containerMissingConfig = new BasicContainerConfig();
containerMissingConfig.newTransaction().addContainer(makeContainer(ContainerConfig.DEFAULT_CONTAINER)).commit();
- lockedDomainService = new HashLockedDomainService(containerMissingConfig, true);
- assertFalse(lockedDomainService.gadgetCanRender("www.example.com", wantsLocked, "default"));
- assertTrue(lockedDomainService.gadgetCanRender("www.example.com", notLocked, "default"));
+ lockedDomainService = new HashLockedDomainService(containerMissingConfig, true, ldgen);
+ assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", wantsLocked, "default"));
+ assertTrue(lockedDomainService.isGadgetValidForHost("www.example.com", notLocked, "default"));
}
@Test
@@ -225,13 +227,13 @@ public class HashLockedDomainServiceTest
.addContainer(makeContainer("other"))
.commit();
- lockedDomainService = new HashLockedDomainService(inheritsConfig, true);
- assertFalse(lockedDomainService.gadgetCanRender("www.example.com", wantsLocked, "other"));
- assertFalse(lockedDomainService.gadgetCanRender("www.example.com", notLocked, "other"));
- assertTrue(lockedDomainService.gadgetCanRender(
+ lockedDomainService = new HashLockedDomainService(inheritsConfig, true, ldgen);
+ assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", wantsLocked, "other"));
+ assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", notLocked, "other"));
+ assertTrue(lockedDomainService.isGadgetValidForHost(
"8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other"));
}
-
+
@Test
public void testConfigurationChanged() throws Exception {
ContainerConfig config = new BasicContainerConfig();
@@ -243,10 +245,10 @@ public class HashLockedDomainServiceTest
"-a.example.com:8080"))
.commit();
- lockedDomainService = new HashLockedDomainService(config, true);
- assertTrue(lockedDomainService.gadgetCanRender(
+ lockedDomainService = new HashLockedDomainService(config, true, ldgen);
+ assertTrue(lockedDomainService.isGadgetValidForHost(
"8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "container"));
- assertFalse(lockedDomainService.gadgetCanRender(
+ assertFalse(lockedDomainService.isGadgetValidForHost(
"8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other"));
config.newTransaction().addContainer(makeContainer(
@@ -254,18 +256,18 @@ public class HashLockedDomainServiceTest
.commit();
lockedDomainService.containersChanged(
config, ImmutableSet.of("other"), ImmutableSet.<String>of());
- assertTrue(lockedDomainService.gadgetCanRender(
+ assertTrue(lockedDomainService.isGadgetValidForHost(
"8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "container"));
- assertTrue(lockedDomainService.gadgetCanRender(
+ assertTrue(lockedDomainService.isGadgetValidForHost(
"8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other"));
config.newTransaction().removeContainer("container").commit();
- assertFalse(lockedDomainService.gadgetCanRender(
+ assertFalse(lockedDomainService.isGadgetValidForHost(
"8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "container"));
- assertTrue(lockedDomainService.gadgetCanRender(
+ assertTrue(lockedDomainService.isGadgetValidForHost(
"8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other"));
}
-
+
private Map<String, Object> makeContainer(String name, Object... props) {
ImmutableMap.Builder<String, Object> builder =
ImmutableMap.<String, Object>builder().put(ContainerConfig.CONTAINER_KEY, name);
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGeneratorTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGeneratorTest.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGeneratorTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/GadgetOAuthCallbackGeneratorTest.java Mon Oct 3 20:35:14 2011
@@ -47,7 +47,7 @@ public class GadgetOAuthCallbackGenerato
private static final String MAKE_REQUEST_URL = "http://renderinghost/gadgets/makeRequest";
private static final Uri DEST_URL = Uri.parse("http://www.example.com/destination");
-
+
private IMocksControl control;
private Processor processor;
private LockedDomainService lockedDomainService;
@@ -57,7 +57,7 @@ public class GadgetOAuthCallbackGenerato
private Gadget gadget;
private OAuthFetcherConfig fetcherConfig;
private OAuthResponseParams responseParams;
-
+
@Before
public void setUp() throws Exception {
control = EasyMock.createNiceControl();
@@ -71,7 +71,7 @@ public class GadgetOAuthCallbackGenerato
fetcherConfig = new OAuthFetcherConfig(null, null, null, null, false);
responseParams = new OAuthResponseParams(null, null, null);
}
-
+
private GadgetOAuthCallbackGenerator getGenerator() {
return new GadgetOAuthCallbackGenerator(processor, lockedDomainService, oauthUriManager,
stateCrypter);
@@ -84,21 +84,21 @@ public class GadgetOAuthCallbackGenerato
request.setOAuthArguments(new OAuthArguments());
expect(processor.process(eqContext(securityToken, request.getOAuthArguments())))
.andReturn(gadget);
- expect(lockedDomainService.gadgetCanRender("renderinghost", gadget, "default"))
+ expect(lockedDomainService.isGadgetValidForHost("renderinghost", gadget, "default"))
.andReturn(false);
-
+
control.replay();
-
+
try {
getGenerator().generateCallback(fetcherConfig, "base", request, responseParams);
fail("Should have thrown");
} catch (OAuthRequestException e) {
assertEquals(OAuthError.UNKNOWN_PROBLEM.name(), e.getError());
}
-
+
control.verify();
}
-
+
@Test
public void testBadGadget() throws Exception {
HttpRequest request = new HttpRequest(DEST_URL);
@@ -106,19 +106,19 @@ public class GadgetOAuthCallbackGenerato
request.setOAuthArguments(new OAuthArguments());
expect(processor.process(eqContext(securityToken, request.getOAuthArguments())))
.andThrow(new ProcessingException("doh", HttpServletResponse.SC_BAD_REQUEST));
-
+
control.replay();
-
+
try {
getGenerator().generateCallback(fetcherConfig, "base", request, responseParams);
fail("Should have thrown");
} catch (OAuthRequestException e) {
assertEquals(OAuthError.UNKNOWN_PROBLEM.name(), e.getError());
}
-
+
control.verify();
}
-
+
@Test
public void testGenerateUrl_schemeRelative() throws Exception {
HttpRequest request = new HttpRequest(DEST_URL);
@@ -126,13 +126,13 @@ public class GadgetOAuthCallbackGenerato
request.setOAuthArguments(new OAuthArguments());
expect(processor.process(eqContext(securityToken, request.getOAuthArguments())))
.andReturn(gadget);
- expect(lockedDomainService.gadgetCanRender("renderinghost", gadget, "default"))
+ expect(lockedDomainService.isGadgetValidForHost("renderinghost", gadget, "default"))
.andReturn(true);
expect(oauthUriManager.makeOAuthCallbackUri("default", "renderinghost"))
.andReturn(Uri.parse("//renderinghost/final/callback"));
-
+
control.replay();
-
+
String callback = getGenerator().generateCallback(fetcherConfig, "http://base/basecallback",
request, responseParams);
Uri callbackUri = Uri.parse(callback);
@@ -142,10 +142,10 @@ public class GadgetOAuthCallbackGenerato
OAuthCallbackState state = new OAuthCallbackState(stateCrypter,
callbackUri.getQueryParameter("cs"));
assertEquals("http://renderinghost/final/callback", state.getRealCallbackUrl());
-
+
control.verify();
}
-
+
@Test
public void testGenerateUrl_absolute() throws Exception {
HttpRequest request = new HttpRequest(DEST_URL);
@@ -153,13 +153,13 @@ public class GadgetOAuthCallbackGenerato
request.setOAuthArguments(new OAuthArguments());
expect(processor.process(eqContext(securityToken, request.getOAuthArguments())))
.andReturn(gadget);
- expect(lockedDomainService.gadgetCanRender("renderinghost", gadget, "default"))
+ expect(lockedDomainService.isGadgetValidForHost("renderinghost", gadget, "default"))
.andReturn(true);
expect(oauthUriManager.makeOAuthCallbackUri("default", "renderinghost"))
.andReturn(Uri.parse("https://renderinghost/final/callback"));
-
+
control.replay();
-
+
String callback = getGenerator().generateCallback(fetcherConfig, "http://base/basecallback",
request, responseParams);
Uri callbackUri = Uri.parse(callback);
@@ -169,10 +169,10 @@ public class GadgetOAuthCallbackGenerato
OAuthCallbackState state = new OAuthCallbackState(stateCrypter,
callbackUri.getQueryParameter("cs"));
assertEquals("https://renderinghost/final/callback", state.getRealCallbackUrl());
-
+
control.verify();
}
-
+
@Test
public void testGenerateUrl_otherQueryParams() throws Exception {
HttpRequest request = new HttpRequest(DEST_URL);
@@ -180,13 +180,13 @@ public class GadgetOAuthCallbackGenerato
request.setOAuthArguments(new OAuthArguments());
expect(processor.process(eqContext(securityToken, request.getOAuthArguments())))
.andReturn(gadget);
- expect(lockedDomainService.gadgetCanRender("renderinghost", gadget, "default"))
+ expect(lockedDomainService.isGadgetValidForHost("renderinghost", gadget, "default"))
.andReturn(true);
expect(oauthUriManager.makeOAuthCallbackUri("default", "renderinghost"))
.andReturn(Uri.parse("https://renderinghost/final/callback"));
-
+
control.replay();
-
+
String callback = getGenerator().generateCallback(fetcherConfig,
"http://base/basecallback?foo=bar%20baz", request, responseParams);
Uri callbackUri = Uri.parse(callback);
@@ -197,10 +197,10 @@ public class GadgetOAuthCallbackGenerato
OAuthCallbackState state = new OAuthCallbackState(stateCrypter,
callbackUri.getQueryParameter("cs"));
assertEquals("https://renderinghost/final/callback", state.getRealCallbackUrl());
-
+
control.verify();
}
-
+
@Test
public void testGenerateUrl_noGadgetDomainCallback() throws Exception {
HttpRequest request = new HttpRequest(DEST_URL);
@@ -208,19 +208,19 @@ public class GadgetOAuthCallbackGenerato
request.setOAuthArguments(new OAuthArguments());
expect(processor.process(eqContext(securityToken, request.getOAuthArguments())))
.andReturn(gadget);
- expect(lockedDomainService.gadgetCanRender("renderinghost", gadget, "default"))
+ expect(lockedDomainService.isGadgetValidForHost("renderinghost", gadget, "default"))
.andReturn(true);
expect(oauthUriManager.makeOAuthCallbackUri("default", "renderinghost"))
.andReturn(null);
-
+
control.replay();
-
+
assertNull(getGenerator().generateCallback(fetcherConfig,
"http://base/basecallback?foo=bar%20baz", request, responseParams));
-
+
control.verify();
}
-
+
private GadgetContext eqContext(SecurityToken securityToken, OAuthArguments arguments) {
reportMatcher(new GadgetContextMatcher(securityToken, arguments));
return null;
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/RendererTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/RendererTest.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/RendererTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/RendererTest.java Mon Oct 3 20:35:14 2011
@@ -275,7 +275,7 @@ public class RendererTest {
protected FakeLockedDomainService() {
}
- public boolean gadgetCanRender(String host, Gadget gadget, String container) {
+ public boolean isGadgetValidForHost(String host, Gadget gadget, String container) {
wasChecked = true;
return canRender;
}
@@ -287,5 +287,23 @@ public class RendererTest {
public boolean isSafeForOpenProxy(String host) {
return false;
}
+
+ @Override
+ public boolean isEnabled() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isHostUsingLockedDomain(String host) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String getLockedDomainPrefix(Gadget gadget) {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
}
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java Mon Oct 3 20:35:14 2011
@@ -38,12 +38,19 @@ import org.apache.shindig.common.servlet
import org.apache.shindig.common.testing.FakeGadgetToken;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.config.ContainerConfig;
+import org.apache.shindig.config.JsonContainerConfig;
+import org.apache.shindig.expressions.Expressions;
import org.apache.shindig.gadgets.AuthType;
+import org.apache.shindig.gadgets.Gadget;
+import org.apache.shindig.gadgets.GadgetContext;
import org.apache.shindig.gadgets.GadgetException;
+import org.apache.shindig.gadgets.HashLockedDomainService;
+import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.admin.GadgetAdminStore;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.http.HttpResponseBuilder;
+import org.apache.shindig.gadgets.uri.HashShaLockedDomainPrefixGenerator;
import org.apache.shindig.gadgets.uri.UriCommon.Param;
import org.easymock.Capture;
import org.easymock.IAnswer;
@@ -65,9 +72,11 @@ public class MakeRequestHandlerTest exte
private static final SecurityToken DUMMY_TOKEN = new FakeGadgetToken();
private final GadgetAdminStore gadgetAdminStore = mock(GadgetAdminStore.class);
- private final MakeRequestHandler handler
- = new MakeRequestHandler(pipeline, rewriterRegistry, feedProcessorProvider,
- gadgetAdminStore);
+ private ContainerConfig containerConfig;
+ private LockedDomainService ldService;
+ private MakeRequestHandler handler;
+ private Gadget gadget = mock(Gadget.class);
+ private Capture<GadgetContext> context = new Capture<GadgetContext>();
private void expectGetAndReturnBody(String response) throws Exception {
expectGetAndReturnBody(AuthType.NONE, response);
@@ -102,10 +111,25 @@ public class MakeRequestHandlerTest exte
}
@Before
- public void setUp() {
+ public void setUp() throws Exception {
expect(request.getMethod()).andReturn("POST").anyTimes();
expect(request.getParameter(Param.URL.getKey()))
.andReturn(REQUEST_URL.toString()).anyTimes();
+
+
+ JSONObject config = new JSONObject('{' + ContainerConfig.DEFAULT_CONTAINER + ':' +
+ "{'gadgets.container': ['default']," +
+ "'gadgets.features':{views:" +
+ "{aliased: {aliases: ['some-alias', 'alias']}}" +
+ "}}}");
+
+ containerConfig = new JsonContainerConfig(config, Expressions.forTesting());
+ ldService = new HashLockedDomainService(containerConfig, false, new HashShaLockedDomainPrefixGenerator());
+ handler = new MakeRequestHandler(pipeline, rewriterRegistry, feedProcessorProvider, gadgetAdminStore, processor, ldService);
+
+ expect(request.getParameter(Param.GADGET.getKey())).andReturn("http://some/gadget.xml").anyTimes();
+ expect(processor.process(capture(context))).andReturn(gadget).anyTimes();
+ expect(gadgetAdminStore.isWhitelisted(isA(String.class), isA(String.class))).andReturn(true);
}
@Test
@@ -177,7 +201,7 @@ public class MakeRequestHandlerTest exte
@Test
public void GetRequestWithNonWhitelistedGadget() throws Exception {
- expect(request.getParameter(Param.GADGET.getKey())).andReturn("http://some/gadget.xml").anyTimes();
+ reset(gadgetAdminStore);
expect(gadgetAdminStore.isWhitelisted(isA(String.class), isA(String.class))).andReturn(false);
replay();
boolean exceptionThrown = false;
@@ -193,22 +217,6 @@ public class MakeRequestHandlerTest exte
}
@Test
- public void GetRequestWithWhitelistedGadget() throws Exception {
- expect(request.getParameter(Param.GADGET.getKey())).andReturn("http://some/gadget.xml").anyTimes();
- expect(gadgetAdminStore.isWhitelisted(isA(String.class), isA(String.class)))
- .andReturn(true);
- expectGetAndReturnBody(RESPONSE_BODY);
- replay();
-
- handler.fetch(request, recorder);
-
- JSONObject results = extractJsonFromResponse();
- assertEquals(HttpResponse.SC_OK, results.getInt("rc"));
- assertEquals(RESPONSE_BODY, results.get("body"));
- assertTrue(rewriter.responseWasRewritten());
- }
-
- @Test
public void testExplicitHeaders() throws Exception {
String headerString = "X-Foo=bar&X-Bar=baz%20foo";
@@ -241,7 +249,7 @@ public class MakeRequestHandlerTest exte
assertEquals(RESPONSE_BODY, results.get("body"));
assertTrue(rewriter.responseWasRewritten());
}
-
+
@Test
public void testFetchAtom1Feed() throws Exception {
String txt = "<?xml version='1.0' encoding='utf-8'?>" +
@@ -273,7 +281,7 @@ public class MakeRequestHandlerTest exte
assertEquals("feed", feed.getString("Title"));
assertEquals("author@example.org", feed.getString("Author"));
assertEquals("http://example.org/file", feed.getString("URL"));
-
+
JSONObject entry = feed.getJSONArray("Entry").getJSONObject(0);
assertEquals("howdy", entry.getString("Title"));
assertEquals("http://example.org/edit/entity1ID", entry.getString("Link"));
@@ -387,7 +395,6 @@ public class MakeRequestHandlerTest exte
@Test
public void testSignedGetRequest() throws Exception {
-
expect(request.getAttribute(AuthInfoUtil.Attribute.SECURITY_TOKEN.getId()))
.andReturn(DUMMY_TOKEN).atLeastOnce();
expect(request.getParameter(MakeRequestHandler.AUTHZ_PARAM))
@@ -619,7 +626,7 @@ public class MakeRequestHandlerTest exte
expect(request.getParameter(Param.REFRESH.getKey())).andReturn("30").anyTimes();
replay();
- // not sure why but the following line seems to help this test past deterministically
+ // not sure why but the following line seems to help this test past deterministically
System.out.println("request started at " + HttpUtilTest.testStartTime);
MakeRequestHandler.setResponseHeaders(request, recorder, results);
HttpUtilTest.checkCacheControlHeaders(HttpUtilTest.testStartTime, recorder, 30, false);
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java Mon Oct 3 20:35:14 2011
@@ -21,6 +21,7 @@ package org.apache.shindig.gadgets.servl
import static junitx.framework.StringAssert.assertContains;
import static junitx.framework.StringAssert.assertStartsWith;
import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.isA;
import java.util.Collections;
import java.util.Enumeration;
@@ -28,11 +29,22 @@ import java.util.Enumeration;
import javax.servlet.http.HttpServletResponse;
import org.apache.shindig.common.uri.Uri;
+import org.apache.shindig.config.ContainerConfig;
+import org.apache.shindig.config.JsonContainerConfig;
+import org.apache.shindig.expressions.Expressions;
+import org.apache.shindig.gadgets.Gadget;
+import org.apache.shindig.gadgets.GadgetContext;
import org.apache.shindig.gadgets.GadgetException;
+import org.apache.shindig.gadgets.HashLockedDomainService;
+import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.admin.GadgetAdminStore;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
+import org.apache.shindig.gadgets.process.Processor;
+import org.apache.shindig.gadgets.uri.LockedDomainPrefixGenerator;
import org.apache.shindig.gadgets.uri.UriCommon.Param;
+import org.easymock.Capture;
+import org.easymock.EasyMock;
import org.json.JSONException;
import org.json.JSONObject;
import org.junit.Before;
@@ -45,6 +57,7 @@ import org.junit.Test;
*/
public class MakeRequestServletTest extends ServletTestFixture {
private static final Uri REQUEST_URL = Uri.parse("http://example.org/file");
+ private static final Uri REQUEST_GADGET = Uri.parse("http://example.org/file/gadget.xml");
private static final String RESPONSE_BODY = "Hello, world!";
private static final String ERROR_MESSAGE = "Broken!";
private static final Enumeration<String> EMPTY_ENUM
@@ -52,20 +65,39 @@ public class MakeRequestServletTest exte
private final GadgetAdminStore gadgetAdminStore = mock(GadgetAdminStore.class);
private final MakeRequestServlet servlet = new MakeRequestServlet();
- private final MakeRequestHandler handler =
- new MakeRequestHandler(pipeline, null, feedProcessorProvider, gadgetAdminStore);
+ private ContainerConfig containerConfig;
+ private Processor processor;
+ private LockedDomainService ldService;
+ private MakeRequestHandler handler;
private final HttpRequest internalRequest = new HttpRequest(REQUEST_URL);
private final HttpResponse internalResponse = new HttpResponse(RESPONSE_BODY);
@Before
public void setUp() throws Exception {
+ JSONObject config = new JSONObject('{' + ContainerConfig.DEFAULT_CONTAINER + ':' +
+ "{'gadgets.container': ['default']," +
+ "'gadgets.features':{views:" +
+ "{aliased: {aliases: ['some-alias', 'alias']}}" +
+ "}}}");
+
+ containerConfig = new JsonContainerConfig(config, Expressions.forTesting());
+ Gadget gadget = mock(Gadget.class);
+ processor = mock(Processor.class);
+ Capture<GadgetContext> context = new Capture<GadgetContext>();
+ expect(processor.process(EasyMock.capture(context))).andReturn(gadget).anyTimes();
+ ldService = new HashLockedDomainService(containerConfig, false, mock(LockedDomainPrefixGenerator.class));
+ handler = new MakeRequestHandler(pipeline, rewriterRegistry, feedProcessorProvider, gadgetAdminStore, processor, ldService);
+
servlet.setMakeRequestHandler(handler);
expect(request.getHeaderNames()).andReturn(EMPTY_ENUM).anyTimes();
expect(request.getParameter(MakeRequestHandler.METHOD_PARAM))
.andReturn("GET").anyTimes();
expect(request.getParameter(Param.URL.getKey()))
.andReturn(REQUEST_URL.toString()).anyTimes();
+ expect(request.getParameter(Param.GADGET.getKey()))
+ .andReturn(REQUEST_GADGET.toString()).anyTimes();
+ expect(gadgetAdminStore.isWhitelisted(isA(String.class), isA(String.class))).andReturn(true);
}
private void setupGet() {
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ServletTestFixture.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ServletTestFixture.java?rev=1178561&r1=1178560&r2=1178561&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ServletTestFixture.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ServletTestFixture.java Mon Oct 3 20:35:14 2011
@@ -18,22 +18,23 @@
*/
package org.apache.shindig.gadgets.servlet;
+import java.util.Arrays;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.apache.shindig.common.EasyMockTestCase;
import org.apache.shindig.common.servlet.HttpServletResponseRecorder;
import org.apache.shindig.gadgets.FeedProcessor;
import org.apache.shindig.gadgets.FeedProcessorImpl;
import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.http.RequestPipeline;
+import org.apache.shindig.gadgets.process.Processor;
import org.apache.shindig.gadgets.rewrite.CaptureRewriter;
import org.apache.shindig.gadgets.rewrite.DefaultResponseRewriterRegistry;
import org.apache.shindig.gadgets.rewrite.ResponseRewriter;
import org.apache.shindig.gadgets.rewrite.ResponseRewriterRegistry;
-import java.util.Arrays;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
import com.google.inject.Provider;
/**
@@ -51,6 +52,7 @@ public abstract class ServletTestFixture
public final HttpServletResponse response = mock(HttpServletResponse.class);
public final HttpServletResponseRecorder recorder = new HttpServletResponseRecorder(response);
public final LockedDomainService lockedDomainService = mock(LockedDomainService.class);
+ public final Processor processor = mock(Processor.class);
public final Provider<FeedProcessor> feedProcessorProvider = new Provider<FeedProcessor>() {
public FeedProcessor get() {
return new FeedProcessorImpl();