You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Hafiz A Haq <ha...@gmail.com> on 2010/04/01 07:19:23 UTC
Protecting gadget resources
Hi everyone,
I am working on integrating shindig with an enterprise application and one
of the requirements is to secure the gadget and resources using filter. The
filter intercepts any requests, validates and redirects to the gadget xml if
it is a valid request. When trying the url from browser, it redirects
properly to the gadget xml and displays it in the browser. But when the
request is from shindig, it breaks at the following line
GadgetSpec spec = gadgetSpecFactory.getGadgetSpec(context);
in Processor.java
with the following error
org.apache.shindig.common.xml.XmlException: The entity name must immediately
follow the '&' in the entity reference. At: (13,24)
Can anyone throw some light on why this error happens.
Thanks and Regards,
Hafiz
--
He who asks is a fool for five minutes, but he who does not ask remains a
fool forever.
Re: Protecting gadget resources
Posted by Hafiz A Haq <ha...@gmail.com>.
haaaa, that's true, the request was not redirected to the gadget xml but the
login page... silly....
let me see if this is gonna fix my problem.
Thanks Mat.
Best Regards,
Hafiz
On 1 April 2010 13:28, Mat Mannion <ma...@gmail.com> wrote:
> Hi Hafiz,
>
> It looks like this is a problem caused by your XML not being valid.
> Something like this might be able to help:
> http://www.validome.org/xml/
>
> Regards,
>
> Mat
>
> On 1 April 2010 08:29, Hafiz A Haq <ha...@gmail.com> wrote:
> > Thank you Jacky, I am still confused about the root cause, cuz i tried
> > changing shindig code to allow redirects and even then i get the
> following
> > error
> > org.apache.shindig.gadgets.spec.SpecParserException:
> > org.apache.shindig.common.xml.XmlException: The entity name must
> immediately
> > follow the '&' in the entity reference. At: (13,24)
> >
> > I have no idea what this means.
> >
> > Please let me know if anyone has an idea.
> >
> > Thanks and Regards,
> > Hafiz
> >
> > On 1 April 2010 12:19, Jacky Wang (王超) <ch...@google.com> wrote:
> >
> >> Hi Hafiz,
> >>
> >> Thanks for sharing your idea towards the gadget spec fetching.
> >>
> >> IMHO, one of the reasons that spec fetching disallows redirects
> following
> >> is, it will be much harder for the social site admin to verify and
> approve
> >> the gadget.
> >>
> >> For your case, I'm thinking that whether it's possible to rewrite the
> >> servlet to achieve the application-layer proxying that doesn't involve a
> >> redirection? The basic architecture is:
> >>
> >> request for fetching the spec ---> frontend with filter control ---[if
> >> verification passed]---> async fetch real xml from backend.
> >>
> >> just my $0.02.
> >>
> >> Regards,
> >> Jacky
> >>
> >> On Thu, Apr 1, 2010 at 2:02 PM, Hafiz A Haq <ha...@gmail.com>
> wrote:
> >>
> >> > I think i found out what could be the issue.
> >> >
> >> > in org.apache.shindig.gadgets.http.BasicHttpFetcher , i see
> >> > httpMethod.setFollowRedirects(false); which could be the problem as I
> am
> >> > redirecting the gadget to a protected resource after vaidating the
> >> request,
> >> > which i guess is not acceptable as per shindig code.
> >> > instead i am getting java.net.SocketTimeoutException: Read timed out
> >> >
> >> > Hmmm, should i try changing shindig code?
> >> >
> >> > Thanks and Regards,
> >> > Hafiz
> >> >
> >> > On 1 April 2010 10:49, Hafiz A Haq <ha...@gmail.com> wrote:
> >> >
> >> > > Hi everyone,
> >> > >
> >> > > I am working on integrating shindig with an enterprise application
> and
> >> > one
> >> > > of the requirements is to secure the gadget and resources using
> filter.
> >> > The
> >> > > filter intercepts any requests, validates and redirects to the
> gadget
> >> xml
> >> > if
> >> > > it is a valid request. When trying the url from browser, it
> redirects
> >> > > properly to the gadget xml and displays it in the browser. But when
> the
> >> > > request is from shindig, it breaks at the following line
> >> > > GadgetSpec spec = gadgetSpecFactory.getGadgetSpec(context);
> >> > > in Processor.java
> >> > >
> >> > > with the following error
> >> > >
> >> > > org.apache.shindig.common.xml.XmlException: The entity name must
> >> > > immediately follow the '&' in the entity reference. At: (13,24)
> >> > >
> >> > > Can anyone throw some light on why this error happens.
> >> > >
> >> > > Thanks and Regards,
> >> > > Hafiz
> >> > >
> >> > >
> >> > > --
> >> > > He who asks is a fool for five minutes, but he who does not ask
> remains
> >> a
> >> > > fool forever.
> >> > >
> >> >
> >> >
> >> >
> >> > --
> >> > He who asks is a fool for five minutes, but he who does not ask
> remains a
> >> > fool forever.
> >> >
> >>
> >>
> >>
> >> --
> >> Best Regards,
> >>
> >> Jacky Wang
> >> (Office) +86-10-6250-3316
> >> (Mobile) +86-1381-0018-677
> >> Kejian Building, Tsinghua Science Park Building 6
> >> No.1 Zhongguancun East Road, Haidian District
> >> Beijing P.R.China 100084
> >>
> >
> >
> >
> > --
> > He who asks is a fool for five minutes, but he who does not ask remains a
> > fool forever.
> >
>
>
>
> --
> Mat Mannion
> Web Developer
> e-lab, IT Services
> University of Warwick
> Coventry
> CV4 7AL
>
> Tel: 024 765 74433
> Email: M.Mannion@warwick.ac.uk
>
--
He who asks is a fool for five minutes, but he who does not ask remains a
fool forever.
Re: Protecting gadget resources
Posted by Mat Mannion <ma...@gmail.com>.
Hi Hafiz,
It looks like this is a problem caused by your XML not being valid.
Something like this might be able to help:
http://www.validome.org/xml/
Regards,
Mat
On 1 April 2010 08:29, Hafiz A Haq <ha...@gmail.com> wrote:
> Thank you Jacky, I am still confused about the root cause, cuz i tried
> changing shindig code to allow redirects and even then i get the following
> error
> org.apache.shindig.gadgets.spec.SpecParserException:
> org.apache.shindig.common.xml.XmlException: The entity name must immediately
> follow the '&' in the entity reference. At: (13,24)
>
> I have no idea what this means.
>
> Please let me know if anyone has an idea.
>
> Thanks and Regards,
> Hafiz
>
> On 1 April 2010 12:19, Jacky Wang (王超) <ch...@google.com> wrote:
>
>> Hi Hafiz,
>>
>> Thanks for sharing your idea towards the gadget spec fetching.
>>
>> IMHO, one of the reasons that spec fetching disallows redirects following
>> is, it will be much harder for the social site admin to verify and approve
>> the gadget.
>>
>> For your case, I'm thinking that whether it's possible to rewrite the
>> servlet to achieve the application-layer proxying that doesn't involve a
>> redirection? The basic architecture is:
>>
>> request for fetching the spec ---> frontend with filter control ---[if
>> verification passed]---> async fetch real xml from backend.
>>
>> just my $0.02.
>>
>> Regards,
>> Jacky
>>
>> On Thu, Apr 1, 2010 at 2:02 PM, Hafiz A Haq <ha...@gmail.com> wrote:
>>
>> > I think i found out what could be the issue.
>> >
>> > in org.apache.shindig.gadgets.http.BasicHttpFetcher , i see
>> > httpMethod.setFollowRedirects(false); which could be the problem as I am
>> > redirecting the gadget to a protected resource after vaidating the
>> request,
>> > which i guess is not acceptable as per shindig code.
>> > instead i am getting java.net.SocketTimeoutException: Read timed out
>> >
>> > Hmmm, should i try changing shindig code?
>> >
>> > Thanks and Regards,
>> > Hafiz
>> >
>> > On 1 April 2010 10:49, Hafiz A Haq <ha...@gmail.com> wrote:
>> >
>> > > Hi everyone,
>> > >
>> > > I am working on integrating shindig with an enterprise application and
>> > one
>> > > of the requirements is to secure the gadget and resources using filter.
>> > The
>> > > filter intercepts any requests, validates and redirects to the gadget
>> xml
>> > if
>> > > it is a valid request. When trying the url from browser, it redirects
>> > > properly to the gadget xml and displays it in the browser. But when the
>> > > request is from shindig, it breaks at the following line
>> > > GadgetSpec spec = gadgetSpecFactory.getGadgetSpec(context);
>> > > in Processor.java
>> > >
>> > > with the following error
>> > >
>> > > org.apache.shindig.common.xml.XmlException: The entity name must
>> > > immediately follow the '&' in the entity reference. At: (13,24)
>> > >
>> > > Can anyone throw some light on why this error happens.
>> > >
>> > > Thanks and Regards,
>> > > Hafiz
>> > >
>> > >
>> > > --
>> > > He who asks is a fool for five minutes, but he who does not ask remains
>> a
>> > > fool forever.
>> > >
>> >
>> >
>> >
>> > --
>> > He who asks is a fool for five minutes, but he who does not ask remains a
>> > fool forever.
>> >
>>
>>
>>
>> --
>> Best Regards,
>>
>> Jacky Wang
>> (Office) +86-10-6250-3316
>> (Mobile) +86-1381-0018-677
>> Kejian Building, Tsinghua Science Park Building 6
>> No.1 Zhongguancun East Road, Haidian District
>> Beijing P.R.China 100084
>>
>
>
>
> --
> He who asks is a fool for five minutes, but he who does not ask remains a
> fool forever.
>
--
Mat Mannion
Web Developer
e-lab, IT Services
University of Warwick
Coventry
CV4 7AL
Tel: 024 765 74433
Email: M.Mannion@warwick.ac.uk
Re: Protecting gadget resources
Posted by Hafiz A Haq <ha...@gmail.com>.
Thank you Jacky, I am still confused about the root cause, cuz i tried
changing shindig code to allow redirects and even then i get the following
error
org.apache.shindig.gadgets.spec.SpecParserException:
org.apache.shindig.common.xml.XmlException: The entity name must immediately
follow the '&' in the entity reference. At: (13,24)
I have no idea what this means.
Please let me know if anyone has an idea.
Thanks and Regards,
Hafiz
On 1 April 2010 12:19, Jacky Wang (王超) <ch...@google.com> wrote:
> Hi Hafiz,
>
> Thanks for sharing your idea towards the gadget spec fetching.
>
> IMHO, one of the reasons that spec fetching disallows redirects following
> is, it will be much harder for the social site admin to verify and approve
> the gadget.
>
> For your case, I'm thinking that whether it's possible to rewrite the
> servlet to achieve the application-layer proxying that doesn't involve a
> redirection? The basic architecture is:
>
> request for fetching the spec ---> frontend with filter control ---[if
> verification passed]---> async fetch real xml from backend.
>
> just my $0.02.
>
> Regards,
> Jacky
>
> On Thu, Apr 1, 2010 at 2:02 PM, Hafiz A Haq <ha...@gmail.com> wrote:
>
> > I think i found out what could be the issue.
> >
> > in org.apache.shindig.gadgets.http.BasicHttpFetcher , i see
> > httpMethod.setFollowRedirects(false); which could be the problem as I am
> > redirecting the gadget to a protected resource after vaidating the
> request,
> > which i guess is not acceptable as per shindig code.
> > instead i am getting java.net.SocketTimeoutException: Read timed out
> >
> > Hmmm, should i try changing shindig code?
> >
> > Thanks and Regards,
> > Hafiz
> >
> > On 1 April 2010 10:49, Hafiz A Haq <ha...@gmail.com> wrote:
> >
> > > Hi everyone,
> > >
> > > I am working on integrating shindig with an enterprise application and
> > one
> > > of the requirements is to secure the gadget and resources using filter.
> > The
> > > filter intercepts any requests, validates and redirects to the gadget
> xml
> > if
> > > it is a valid request. When trying the url from browser, it redirects
> > > properly to the gadget xml and displays it in the browser. But when the
> > > request is from shindig, it breaks at the following line
> > > GadgetSpec spec = gadgetSpecFactory.getGadgetSpec(context);
> > > in Processor.java
> > >
> > > with the following error
> > >
> > > org.apache.shindig.common.xml.XmlException: The entity name must
> > > immediately follow the '&' in the entity reference. At: (13,24)
> > >
> > > Can anyone throw some light on why this error happens.
> > >
> > > Thanks and Regards,
> > > Hafiz
> > >
> > >
> > > --
> > > He who asks is a fool for five minutes, but he who does not ask remains
> a
> > > fool forever.
> > >
> >
> >
> >
> > --
> > He who asks is a fool for five minutes, but he who does not ask remains a
> > fool forever.
> >
>
>
>
> --
> Best Regards,
>
> Jacky Wang
> (Office) +86-10-6250-3316
> (Mobile) +86-1381-0018-677
> Kejian Building, Tsinghua Science Park Building 6
> No.1 Zhongguancun East Road, Haidian District
> Beijing P.R.China 100084
>
--
He who asks is a fool for five minutes, but he who does not ask remains a
fool forever.
Re: Protecting gadget resources
Posted by "Jacky Wang (王超)" <ch...@google.com>.
Hi Hafiz,
Thanks for sharing your idea towards the gadget spec fetching.
IMHO, one of the reasons that spec fetching disallows redirects following
is, it will be much harder for the social site admin to verify and approve
the gadget.
For your case, I'm thinking that whether it's possible to rewrite the
servlet to achieve the application-layer proxying that doesn't involve a
redirection? The basic architecture is:
request for fetching the spec ---> frontend with filter control ---[if
verification passed]---> async fetch real xml from backend.
just my $0.02.
Regards,
Jacky
On Thu, Apr 1, 2010 at 2:02 PM, Hafiz A Haq <ha...@gmail.com> wrote:
> I think i found out what could be the issue.
>
> in org.apache.shindig.gadgets.http.BasicHttpFetcher , i see
> httpMethod.setFollowRedirects(false); which could be the problem as I am
> redirecting the gadget to a protected resource after vaidating the request,
> which i guess is not acceptable as per shindig code.
> instead i am getting java.net.SocketTimeoutException: Read timed out
>
> Hmmm, should i try changing shindig code?
>
> Thanks and Regards,
> Hafiz
>
> On 1 April 2010 10:49, Hafiz A Haq <ha...@gmail.com> wrote:
>
> > Hi everyone,
> >
> > I am working on integrating shindig with an enterprise application and
> one
> > of the requirements is to secure the gadget and resources using filter.
> The
> > filter intercepts any requests, validates and redirects to the gadget xml
> if
> > it is a valid request. When trying the url from browser, it redirects
> > properly to the gadget xml and displays it in the browser. But when the
> > request is from shindig, it breaks at the following line
> > GadgetSpec spec = gadgetSpecFactory.getGadgetSpec(context);
> > in Processor.java
> >
> > with the following error
> >
> > org.apache.shindig.common.xml.XmlException: The entity name must
> > immediately follow the '&' in the entity reference. At: (13,24)
> >
> > Can anyone throw some light on why this error happens.
> >
> > Thanks and Regards,
> > Hafiz
> >
> >
> > --
> > He who asks is a fool for five minutes, but he who does not ask remains a
> > fool forever.
> >
>
>
>
> --
> He who asks is a fool for five minutes, but he who does not ask remains a
> fool forever.
>
--
Best Regards,
Jacky Wang
(Office) +86-10-6250-3316
(Mobile) +86-1381-0018-677
Kejian Building, Tsinghua Science Park Building 6
No.1 Zhongguancun East Road, Haidian District
Beijing P.R.China 100084
Re: Protecting gadget resources
Posted by Hafiz A Haq <ha...@gmail.com>.
I think i found out what could be the issue.
in org.apache.shindig.gadgets.http.BasicHttpFetcher , i see
httpMethod.setFollowRedirects(false); which could be the problem as I am
redirecting the gadget to a protected resource after vaidating the request,
which i guess is not acceptable as per shindig code.
instead i am getting java.net.SocketTimeoutException: Read timed out
Hmmm, should i try changing shindig code?
Thanks and Regards,
Hafiz
On 1 April 2010 10:49, Hafiz A Haq <ha...@gmail.com> wrote:
> Hi everyone,
>
> I am working on integrating shindig with an enterprise application and one
> of the requirements is to secure the gadget and resources using filter. The
> filter intercepts any requests, validates and redirects to the gadget xml if
> it is a valid request. When trying the url from browser, it redirects
> properly to the gadget xml and displays it in the browser. But when the
> request is from shindig, it breaks at the following line
> GadgetSpec spec = gadgetSpecFactory.getGadgetSpec(context);
> in Processor.java
>
> with the following error
>
> org.apache.shindig.common.xml.XmlException: The entity name must
> immediately follow the '&' in the entity reference. At: (13,24)
>
> Can anyone throw some light on why this error happens.
>
> Thanks and Regards,
> Hafiz
>
>
> --
> He who asks is a fool for five minutes, but he who does not ask remains a
> fool forever.
>
--
He who asks is a fool for five minutes, but he who does not ask remains a
fool forever.