Author: ssievers
Date: Wed May 23 23:13:27 2012
New Revision: 1342085
URL: http://svn.apache.org/viewvc?rev=1342085&view=rev
Log:
SHINDIG-1773 | Content proxy needs to support proxy for OAuth protected
resources | Patch from Xiao Feng Yu. Thanks!
Added:
shindig/trunk/content/samplecontainer/examples/oauth2/oauth2_spring_proxy.xml
(with props)
Modified:
shindig/trunk/config/container.js
shindig/trunk/config/oauth2.json
shindig/trunk/content/samplecontainer/examples/commoncontainer/gadgetCollections.json
shindig/trunk/features/src/main/javascript/features/core.io/io.js
shindig/trunk/features/src/test/javascript/features/core.io/iotest.js
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyServlet.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriBase.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriManager.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/UriCommon.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java
shindig/trunk/java/server-resources/src/main/webapp/WEB-INF/web.xml
Modified: shindig/trunk/config/container.js
URL:
http://svn.apache.org/viewvc/shindig/trunk/config/container.js?rev=1342085&r1=1342084&r2=1342085&view=diff
==============================================================================
--- shindig/trunk/config/container.js (original)
+++ shindig/trunk/config/container.js Wed May 23 23:13:27 2012
@@ -156,7 +156,7 @@
"core.io" : {
// Note: ${Cur['gadgets.uri.proxy.path']} is an open proxy. Be careful how
you expose this!
// Note: These urls should be protocol relative (start with //)
- "proxyUrl" :
"//${Cur['default.domain.unlocked.client']}${Cur['gadgets.uri.proxy.path']}?container=%container%&refresh=%refresh%&url=%url%%rewriteMime%",
+ "proxyUrl" :
"//${Cur['default.domain.unlocked.client']}${Cur['gadgets.uri.proxy.path']}?container=%container%&refresh=%refresh%&url=%url%%authz%%rewriteMime%",
"jsonProxyUrl" :
"//${Cur['default.domain.locked.client']}${CONTEXT_ROOT}/gadgets/makeRequest",
// Note: this setting MUST be supplied in every container config object,
as there is no default if it is not supplied.
"unparseableCruft" : "throw 1; < don't be evil' >"
Modified: shindig/trunk/config/oauth2.json
URL:
http://svn.apache.org/viewvc/shindig/trunk/config/oauth2.json?rev=1342085&r1=1342084&r2=1342085&view=diff
==============================================================================
--- shindig/trunk/config/oauth2.json (original)
+++ shindig/trunk/config/oauth2.json Wed May 23 23:13:27 2012
@@ -73,6 +73,12 @@
"clientName" : "shindig_client2",
"allowModuleOverride" : "true"
}
+ },
+
"%origin%%contextRoot%/samplecontainer/examples/oauth2/oauth2_spring_proxy.xml"
: {
+ "springAPI" : {
+ "clientName" : "spring_client1",
+ "allowModuleOverride" : "true"
+ }
}
},
"clients" : {
@@ -123,6 +129,15 @@
"grant_type" : "code",
"client_id" : "testClientCredentialsClient",
"client_secret" : "clientCredentialsClient_secret"
+ },
+ "spring_client1" : {
+ "providerName" : "springProvider",
+ "redirect_uri" : "%origin%%contextRoot%/gadgets/oauth2callback",
+ "type" : "confidential",
+ "grant_type" : "code",
+ "client_id" : "tonr",
+ "client_secret" : "secret",
+ "sharedToken" : "false"
}
},
"providers" : {
@@ -161,6 +176,15 @@
"authorizationUrl" : "%origin%%contextRoot%/oauth2/authorize/",
"tokenUrl" : "%origin%%contextRoot%/oauth2/token"
}
+ },
+ "springProvider" : {
+ "client_authentication" : "Basic",
+ "usesAuthorizationHeader" : "true",
+ "usesUrlParameter" : "false",
+ "endpoints" : {
+ "authorizationUrl" : "%origin%/sparklr2/oauth/authorize",
+ "tokenUrl" : "%origin%/sparklr2/oauth/token"
+ }
}
}
}
Modified:
shindig/trunk/content/samplecontainer/examples/commoncontainer/gadgetCollections.json
URL:
http://svn.apache.org/viewvc/shindig/trunk/content/samplecontainer/examples/commoncontainer/gadgetCollections.json?rev=1342085&r1=1342084&r2=1342085&view=diff
==============================================================================
---
shindig/trunk/content/samplecontainer/examples/commoncontainer/gadgetCollections.json
(original)
+++
shindig/trunk/content/samplecontainer/examples/commoncontainer/gadgetCollections.json
Wed May 23 23:13:27 2012
@@ -84,6 +84,11 @@
"name" : "Test Gadget and Container Domain Configuration",
"Description" : "Tests Gadget and Container domain configuration
by trying to access container page information from within a gadget",
"apps" : [ {"name" : "Domain Test", "url" :
"/samplecontainer/examples/ContainerGadgetDomainTest.xml"} ]
+ },
+ {
+ "name" : "Sample gadget for context proxy with OAuth2",
+ "Description" : "Sample gadget that demonstrate use of context
proxy to retrieve resources protected by OAuth2",
+ "apps" : [ {"name" : "oauth2_context_proxy", "url" :
"/samplecontainer/examples/oauth2/oauth2_spring_proxy.xml"} ]
}
]
}
\ No newline at end of file
Added:
shindig/trunk/content/samplecontainer/examples/oauth2/oauth2_spring_proxy.xml
URL:
http://svn.apache.org/viewvc/shindig/trunk/content/samplecontainer/examples/oauth2/oauth2_spring_proxy.xml?rev=1342085&view=auto
==============================================================================
---
shindig/trunk/content/samplecontainer/examples/oauth2/oauth2_spring_proxy.xml
(added)
+++
shindig/trunk/content/samplecontainer/examples/oauth2/oauth2_spring_proxy.xml
Wed May 23 23:13:27 2012
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+-->
+<Module>
+ <ModulePrefs title="OAuth2 Content Proxy Demo">
+ <OAuth2>
+ <Service name="springAPI" scope="read">
+ </Service>
+ </OAuth2>
+ <Require feature="oauthpopup" />
+ </ModulePrefs>
+ <Content type="html">
+ <![CDATA[
+
+ <style>
+ #main {
+ margin: 0px;
+ padding: 0px;
+ font-size: small;
+ }
+ </style>
+
+ <div id="main" style="display: none">
+ <div id="control">
+ Photos from SPARKLR site
+ <div id="photos"></div>
+ </div>
+ </div>
+
+ <div id="approval" style="display: none">
+ <a href="#" id="personalize">Personalize this gadget</a>
+ <ol>
+ <b><u>In order to use this Demo Gadget you must</u></b>
+ <li>Get Sampe OAuth2 provider (SPARKLR) of Spring security on <a
href="https://github.com/SpringSource/spring-security-oauth";
target="_blank">https://github.com/SpringSource/spring-security-oauth</a>,
follow the instructions to build the war package.</li>
+ <li>Deploy the war package to your tomcat server with context root as
/sparklr2, you can find the war in samples/oauth2/sparklr/target if you build
it by yourself.</li>
+ <li>Restart the server</li>
+ <li>Click the link above to initiate the authorization process</li>
+ </ol>
+
+ </div>
+
+ <div id="waiting" style="display: none">
+ Please click
+ <a href="#" id="approvaldone">I've approved access</a>
+ once you've approved access to your data.
+ </div>
+
+ <div id="error" style="display:
none;background-color:yellow;font-size:xx-small;" title="An error occured
processing your request">
+ <div id="error_code"><u>code:</u></div>
+ <div id="error_uri"><u>uri:</u></div>
+ <div id="error_description"><u>description:</u></div>
+ <div id="error_explanation"><u>explanation:</u></div>
+ <div id="error_trace"><u>trace:</u></div>
+ </div>
+
+ <script type="text/javascript">
+ function getElement(x) {
+ return document.getElementById(x);
+ }
+
+ function addPhoto(parent, id) {
+ var requestParam = {};
+ requestParam[gadgets.io.RequestParameters.AUTHORIZATION]="OAUTH2";
+
requestParam[gadgets.io.RequestParameters.OAUTH_SERVICE_NAME]="springAPI";
+ var proxyUrl =
gadgets.io.getProxyUrl("http://localhost:8080/sparklr2/photos/"; + id,
requestParam);
+ var node = document.createElement("div");
+ node.innerHTML='<img src="' + proxyUrl + '"/>';
+ parent.appendChild(node);
+ }
+
+ function showOneSection(toshow) {
+ var sections = [ 'main', 'approval', 'waiting', 'error' ];
+ for (var i=0; i < sections.length; ++i) {
+ var s = sections[i];
+ var el = getElement(s);
+ if (s === toshow) {
+ el.style.display = "block";
+ } else {
+ el.style.display = "none";
+ }
+ }
+ }
+
+ function fetchData() {
+ url = "http://localhost:8080/sparklr2/photos?format=xml";;
+ var params = {};
+ params[gadgets.io.RequestParameters.CONTENT_TYPE] =
+ gadgets.io.ContentType.DOM;
+ params[gadgets.io.RequestParameters.AUTHORIZATION] =
+ gadgets.io.AuthorizationType.OAUTH2;
+ params[gadgets.io.RequestParameters.METHOD] =
+ gadgets.io.MethodType.GET;
+ params[gadgets.io.RequestParameters.OAUTH_SERVICE_NAME] = "springAPI";
+ params[gadgets.io.RequestParameters.REFRESH_INTERVAL] = "0";
+
+ gadgets.io.makeRequest(url, function (response) {
+ if (response.oauthApprovalUrl) {
+ var onOpen = function() {
+ showOneSection('waiting');
+ };
+ var onClose = function() {
+ fetchData();
+ };
+ var popup = new gadgets.oauth.Popup(response.oauthApprovalUrl,
+ null, onOpen, onClose);
+ getElement('personalize').onclick = popup.createOpenerOnClick();
+ getElement('approvaldone').onclick = popup.createApprovedOnClick();
+ showOneSection('approval');
+ } else if (response.data) {
+
//getElement('content').appendChild(document.createTextNode(response.data));
+ showOneSection('main');
+ var list = response.data.getElementsByTagName("photo");
+ for(var i=0; i<list.length; i++) {
+ addPhoto(document.getElementById("photos"),
list[i].getAttribute("id"));
+ }
+ } else {
+
getElement('error_code').appendChild(document.createTextNode(response.oauthError));
+
getElement('error_uri').appendChild(document.createTextNode(response.oauthErrorUri));
+
getElement('error_description').appendChild(document.createTextNode(response.oauthErrorText));
+
getElement('error_explanation').appendChild(document.createTextNode(response.oauthErrorExplanation));
+
getElement('error_trace').appendChild(document.createTextNode(response.oauthErrorTrace));
+ showOneSection('error');
+ }
+ }, params);
+ }
+
+ gadgets.util.registerOnLoadHandler(fetchData);
+ </script>
+ ]]>
+ </Content>
+</Module>
\ No newline at end of file
Propchange:
shindig/trunk/content/samplecontainer/examples/oauth2/oauth2_spring_proxy.xml
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: shindig/trunk/features/src/main/javascript/features/core.io/io.js
URL:
http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/core.io/io.js?rev=1342085&r1=1342084&r2=1342085&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/core.io/io.js (original)
+++ shindig/trunk/features/src/main/javascript/features/core.io/io.js Wed May
23 23:13:27 2012
@@ -528,15 +528,28 @@ gadgets.io = function() {
}
var urlParams = gadgets.util.getUrlParameters();
+ var st = shindig.auth.getSecurityToken();
+ var authz = params[gadgets.io.RequestParameters.AUTHORIZATION];
+ var serviceName =
params[gadgets.io.RequestParameters.OAUTH_SERVICE_NAME];
var rewriteMimeParam =
params['rewriteMime'] ? '&rewriteMime=' +
encodeURIComponent(params['rewriteMime']) : '';
+ var authParam = '';
+ if(authz) {
+ if(authz == gadgets.io.AuthorizationType.OAUTH || authz ==
gadgets.io.AuthorizationType.OAUTH2) {
+ authParam = '&authz=' + authz.toLowerCase() + '&st=' +
encodeURIComponent(st)
+ + '&OAUTH_SERVICE_NAME=' + encodeURIComponent(serviceName);
+ } else {
+ authParam = '&authz=' + authz.toLowerCase();
+ }
+ }
var ret = proxyUrl.replace('%url%', encodeURIComponent(url)).
replace('%host%', document.location.host).
replace('%rawurl%', url).
replace('%refresh%', encodeURIComponent(refresh)).
replace('%gadget%', encodeURIComponent(urlParams['url'])).
replace('%container%', encodeURIComponent(urlParams['container'] ||
urlParams['synd'] || 'default')).
+ replace('%authz%', authParam).
replace('%rewriteMime%', rewriteMimeParam);
if (ret.indexOf('//') == 0) {
ret = window.location.protocol + ret;
Modified: shindig/trunk/features/src/test/javascript/features/core.io/iotest.js
URL:
http://svn.apache.org/viewvc/shindig/trunk/features/src/test/javascript/features/core.io/iotest.js?rev=1342085&r1=1342084&r2=1342085&view=diff
==============================================================================
--- shindig/trunk/features/src/test/javascript/features/core.io/iotest.js
(original)
+++ shindig/trunk/features/src/test/javascript/features/core.io/iotest.js Wed
May 23 23:13:27 2012
@@ -53,6 +53,14 @@ IoTest.prototype.setSchemaless = functio
gadgets.io.preloaded_ = [];
};
+IoTest.prototype.setOAuthSupportEnabled = function() {
+ gadgets.config.init({ "core.io" : {
+ "proxyUrl" :
"http://example.com/proxy?url=%url%&refresh=%refresh%&g=%gadget%&c=%container%%authz%";,
+ "jsonProxyUrl" : "http://example.com/json";,
+ "unparseableCruft" : "throw 1; < don't be evil' >"}});
+ gadgets.io.preloaded_ = [];
+};
+
IoTest.prototype.tearDown = function() {
window.XMLHttpRequest = this.oldXMLHTTPRequest;
shindig.xhrwrapper = this.oldXhrWrapper;
@@ -68,6 +76,17 @@ IoTest.prototype.testGetProxyUrl = funct
proxied);
};
+IoTest.prototype.testGetProxyUrl_OAuthSupportEnabled = function() {
+ this.setOAuthSupportEnabled();
+ var proxied = gadgets.io.getProxyUrl("http://target.example.com/image.gif";,
{ 'AUTHORIZATION': "OAUTH2", 'OAUTH_SERVICE_NAME' : "some-service"});
+ this.assertEquals(
+
"http://example.com/proxy?url=http%3a%2f%2ftarget.example.com%2fimage.gif"; +
+ "&refresh=3600" +
+ "&g=http%3a%2f%2fwww.gadget.com%2fgadget.xml" +
+ "&c=foo&authz=oauth2&st=authtoken&OAUTH_SERVICE_NAME=some-service",
+ proxied);
+};
+
IoTest.prototype.testGetProxyUrl_nondefaultRefresh = function() {
var proxied = gadgets.io.getProxyUrl("http://target.example.com/image.gif";,
{ 'REFRESH_INTERVAL' : 30 });
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyServlet.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyServlet.java?rev=1342085&r1=1342084&r2=1342085&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyServlet.java
(original)
+++
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyServlet.java
Wed May 23 23:13:27 2012
@@ -18,16 +18,24 @@
*/
package org.apache.shindig.gadgets.servlet;
-import org.apache.commons.io.IOUtils;
+import com.google.inject.Inject;
+
+import org.apache.shindig.auth.AuthInfoUtil;
+import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.logging.i18n.MessageKeys;
import org.apache.shindig.common.servlet.InjectedServlet;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.uri.UriBuilder;
+import org.apache.shindig.gadgets.AuthType;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.http.HttpResponse;
+import org.apache.shindig.gadgets.oauth.OAuthArguments;
+import org.apache.shindig.gadgets.oauth2.OAuth2Arguments;
import org.apache.shindig.gadgets.uri.ProxyUriManager;
+import org.apache.commons.io.IOUtils;
+
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
@@ -37,8 +45,6 @@ import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import com.google.inject.Inject;
-
/**
* Handles open proxy requests (used in rewriting and for URLs returned by
gadgets.io.getProxyUrl).
*/
@@ -96,6 +102,20 @@ public class ProxyServlet extends Inject
try {
// Parse request uri:
ProxyUriManager.ProxyUri proxyUri = proxyUriManager.process(reqUri);
+ SecurityToken st = AuthInfoUtil.getSecurityTokenFromRequest(request);
+ proxyUri.setSecurityToken(st);
+ // get gadget from security token
+ if(proxyUri.getGadget() == null) {
+ if(st != null && !st.isAnonymous()) {
+ proxyUri.setGadget(st.getAppUrl());
+ }
+ }
+ AuthType authType = proxyUri.getAuthType();
+ if(AuthType.OAUTH.equals(authType)) {
+ proxyUri.setOAuthArguments(new OAuthArguments(AuthType.OAUTH,
request));
+ } else if(AuthType.OAUTH2.equals(authType)) {
+ proxyUri.setOAuth2Arguments(new OAuth2Arguments(request));
+ }
// TODO: Consider removing due to redundant logic.
String host = request.getHeader("Host");
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriBase.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriBase.java?rev=1342085&r1=1342084&r2=1342085&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriBase.java
(original)
+++
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriBase.java
Wed May 23 23:13:27 2012
@@ -158,6 +158,10 @@ public class ProxyUriBase {
return this;
}
+ public ProxyUriBase setGadget(String gadget) {
+ this.gadget = gadget;
+ return this;
+ }
public UriStatus getStatus() {
return status;
}
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriManager.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriManager.java?rev=1342085&r1=1342084&r2=1342085&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriManager.java
(original)
+++
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriManager.java
Wed May 23 23:13:27 2012
@@ -22,12 +22,16 @@ import com.google.common.annotations.Vis
import com.google.common.base.Objects;
import com.google.common.collect.Lists;
+import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.uri.UriBuilder;
+import org.apache.shindig.gadgets.AuthType;
import org.apache.shindig.gadgets.Gadget;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
+import org.apache.shindig.gadgets.oauth.OAuthArguments;
+import org.apache.shindig.gadgets.oauth2.OAuth2Arguments;
import org.apache.shindig.gadgets.uri.UriCommon.Param;
import java.util.List;
@@ -53,6 +57,10 @@ public interface ProxyUriManager {
private Integer resizeWidth;
private Integer resizeQuality;
private boolean resizeNoExpand;
+ private SecurityToken securityToken;
+ private AuthType authType;
+ private OAuth2Arguments oauth2Arguments;
+ private OAuthArguments oauthArguments;
// If "true" then the original content should be returned to the user
// instead of internal server errors.
@@ -68,6 +76,9 @@ public interface ProxyUriManager {
if
(AccelUriManager.CONTAINER.equals(gadget.getContext().getContainer())) {
setReturnOriginalContentOnError(true);
}
+ if(authType == null) {
+ authType = AuthType.NONE;
+ }
}
public ProxyUri(Integer refresh, boolean debug, boolean noCache,
@@ -77,6 +88,9 @@ public interface ProxyUriManager {
if (AccelUriManager.CONTAINER.equals(container)) {
setReturnOriginalContentOnError(true);
}
+ if(authType == null) {
+ authType = AuthType.NONE;
+ }
}
public ProxyUri(UriStatus status, Uri resource, Uri base) {
@@ -95,6 +109,18 @@ public interface ProxyUriManager {
public String getHtmlTagContext() {
return htmlTagContext;
}
+ public SecurityToken getSecurityToken() {
+ return securityToken;
+ }
+ public AuthType getAuthType() {
+ return authType;
+ }
+ public OAuthArguments getOAuthArguments() {
+ return oauthArguments;
+ }
+ public OAuth2Arguments getOAuth2Arguments() {
+ return oauth2Arguments;
+ }
@Override
public boolean equals(Object obj) {
@@ -113,14 +139,18 @@ public interface ProxyUriManager {
&& Objects.equal(this.resizeQuality, objUri.resizeQuality)
&& Objects.equal(this.resizeNoExpand, objUri.resizeNoExpand)
&& Objects.equal(this.returnOriginalContentOnError,
objUri.returnOriginalContentOnError)
- && Objects.equal(this.htmlTagContext, objUri.htmlTagContext));
+ && Objects.equal(this.htmlTagContext, objUri.htmlTagContext)
+ && Objects.equal(this.securityToken, objUri.securityToken)
+ && Objects.equal(this.authType, objUri.authType))
+ && Objects.equal(this.oauthArguments, objUri.oauthArguments)
+ && Objects.equal(this.oauth2Arguments, objUri.oauth2Arguments);
}
@Override
public int hashCode() {
return Objects.hashCode(super.hashCode(), resource, fallbackUrl,
resizeHeight,
resizeWidth, resizeQuality, resizeNoExpand,
returnOriginalContentOnError,
- htmlTagContext);
+ htmlTagContext, securityToken, authType, oauthArguments,
oauth2Arguments);
}
/* (non-Javadoc)
@@ -138,6 +168,7 @@ public interface ProxyUriManager {
returnOriginalContentOnError = uri.getQueryParameter(
Param.RETURN_ORIGINAL_CONTENT_ON_ERROR.getKey());
htmlTagContext =
uri.getQueryParameter(Param.HTML_TAG_CONTEXT.getKey());
+ authType = AuthType.parse(uri.getQueryParameter(Param.AUTHZ.getKey()));
}
}
@@ -154,6 +185,26 @@ public interface ProxyUriManager {
return this;
}
+ public ProxyUri setSecurityToken(SecurityToken securityToken) {
+ this.securityToken = securityToken;
+ return this;
+ }
+
+ public ProxyUri setAuthType(AuthType authType) {
+ this.authType = authType;
+ return this;
+ }
+
+ public ProxyUri setOAuthArguments(OAuthArguments oauthArgments) {
+ this.oauthArguments = oauthArgments;
+ return this;
+ }
+
+ public ProxyUri setOAuth2Arguments(OAuth2Arguments oauth2Arguments) {
+ this.oauth2Arguments = oauth2Arguments;
+ return this;
+ }
+
public Uri getResource() {
return resource;
}
@@ -219,6 +270,13 @@ public interface ProxyUriManager {
req.setParam(Param.RETURN_ORIGINAL_CONTENT_ON_ERROR.getKey(),
returnOriginalContentOnError);
req.setParam(Param.HTML_TAG_CONTEXT.getKey(), htmlTagContext);
+ req.setSecurityToken(securityToken);
+ req.setAuthType(authType);
+ if(AuthType.OAUTH.equals(authType)) {
+ req.setOAuthArguments(oauthArguments);
+ } else if(AuthType.OAUTH2.equals(authType)) {
+ req.setOAuth2Arguments(oauth2Arguments);
+ }
return req;
}
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/UriCommon.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/UriCommon.java?rev=1342085&r1=1342084&r2=1342085&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/UriCommon.java
(original)
+++
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/UriCommon.java
Wed May 23 23:13:27 2012
@@ -61,6 +61,10 @@ public interface UriCommon {
NO_EXPAND("no_expand"),
FALLBACK_URL_PARAM("fallback_url"),
+ // proxy authz params:
+ OAUTH_SERVICE_NAME("OAUTH_SERVICE_NAME"),
+ AUTHZ("authz"),
+
RETURN_ORIGINAL_CONTENT_ON_ERROR("rooe"),
// The html tag which requested this proxy uri. For example, "script" when
// "<script src='blah.js'></script>" is being proxied.
Modified:
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java?rev=1342085&r1=1342084&r2=1342085&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java
(original)
+++
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java
Wed May 23 23:13:27 2012
@@ -22,14 +22,15 @@ import static org.easymock.EasyMock.capt
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.isA;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Map;
+import com.google.common.base.Objects;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Maps;
import org.apache.shindig.common.EasyMockTestCase;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.util.FakeTimeSource;
import org.apache.shindig.config.ContainerConfig;
+import org.apache.shindig.gadgets.AuthType;
import org.apache.shindig.gadgets.Gadget;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.admin.GadgetAdminStore;
@@ -37,6 +38,8 @@ import org.apache.shindig.gadgets.http.H
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.http.HttpResponseBuilder;
import org.apache.shindig.gadgets.http.RequestPipeline;
+import org.apache.shindig.gadgets.oauth.OAuthArguments;
+import org.apache.shindig.gadgets.oauth2.OAuth2Arguments;
import org.apache.shindig.gadgets.rewrite.CaptureRewriter;
import org.apache.shindig.gadgets.rewrite.DefaultResponseRewriterRegistry;
import org.apache.shindig.gadgets.rewrite.DomWalker;
@@ -46,13 +49,15 @@ import org.apache.shindig.gadgets.rewrit
import org.apache.shindig.gadgets.rewrite.RewritingException;
import org.apache.shindig.gadgets.uri.ProxyUriManager;
import org.apache.shindig.gadgets.uri.UriCommon.Param;
+
import org.easymock.Capture;
import org.easymock.EasyMock;
import org.junit.Test;
-import com.google.common.base.Objects;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.Maps;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
public class ProxyHandlerTest extends EasyMockTestCase {
private final static String GADGET = "http://some/gadget.xml";;
@@ -470,6 +475,70 @@ public class ProxyHandlerTest extends Ea
verify();
}
+ @Test
+ public void testWithOAuth2() throws Exception {
+ String url = "http://example.org/oauth2";;
+ String domain = "example.org";
+ setupProxyRequestMock(domain, url, false, -1, null, null);
+ setupGadgetAdminMock(true);
+ Map<String, String> options = new HashMap<String, String>();
+ options.put("OAUTH_SERVICE_NAME", "example");
+ options.put("OAUTH_SCOPE", "scope1 scope2");
+ request.setAuthType(AuthType.OAUTH2);
+ request.setOAuth2Arguments(new OAuth2Arguments(AuthType.OAUTH2, options));
+
+ options = new HashMap<String, String>();
+ options.put("OAUTH_SERVICE_NAME", "example");
+ options.put("OAUTH_SCOPE", "scope1 scope2");
+ HttpRequest req = new HttpRequest(Uri.parse(url))
+ .setAuthType(AuthType.OAUTH2)
+ .setGadget(Uri.parse(""))
+ .setContainer("default")
+ .setOAuth2Arguments(new OAuth2Arguments(AuthType.OAUTH2, options));
+
+ HttpResponse resp = new HttpResponseBuilder()
+ .setResponseString("Hello")
+ .create();
+ expect(pipeline.execute(req)).andReturn(resp);
+
+ replay();
+ HttpResponse response = proxyHandler.fetch(request);
+ verify();
+
+ assertEquals("Hello", response.getResponseAsString());
+ }
+
+ @Test
+ public void testWithOAuth() throws Exception {
+ String url = "http://example.org/oauth2";;
+ String domain = "example.org";
+ setupProxyRequestMock(domain, url, false, -1, null, null);
+ setupGadgetAdminMock(true);
+ Map<String, String> options = new HashMap<String, String>();
+ options.put("OAUTH_SERVICE_NAME", "example");
+ request.setAuthType(AuthType.OAUTH);
+ request.setOAuthArguments(new OAuthArguments(AuthType.OAUTH, options));
+
+ options = new HashMap<String, String>();
+ options.put("OAUTH_SERVICE_NAME", "example");
+ HttpRequest req = new HttpRequest(Uri.parse(url))
+ .setAuthType(AuthType.OAUTH)
+ .setGadget(Uri.parse(""))
+ .setContainer("default")
+ .setOAuthArguments(new OAuthArguments(AuthType.OAUTH, options));
+
+ HttpResponse resp = new HttpResponseBuilder()
+ .setResponseString("Hello")
+ .create();
+ expect(pipeline.execute(req)).andReturn(resp);
+
+ replay();
+ HttpResponse response = proxyHandler.fetch(request);
+ verify();
+
+ assertEquals("Hello", response.getResponseAsString());
+ }
+
private void expectMime(String expectedMime, String contentMime, String
outputMime)
throws Exception {
String url = "http://example.org/file.img?"; +
Param.REWRITE_MIME_TYPE.getKey() +
Modified:
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java?rev=1342085&r1=1342084&r2=1342085&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java
(original)
+++
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java
Wed May 23 23:13:27 2012
@@ -21,18 +21,26 @@ package org.apache.shindig.gadgets.servl
import static junitx.framework.StringAssert.assertContains;
import static org.easymock.EasyMock.expect;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
import org.apache.shindig.common.uri.Uri;
+import org.apache.shindig.gadgets.AuthType;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.http.HttpResponse;
+import org.apache.shindig.gadgets.oauth.OAuthArguments;
+import org.apache.shindig.gadgets.oauth2.OAuth2Arguments;
import org.apache.shindig.gadgets.uri.ProxyUriManager;
+import org.apache.shindig.gadgets.uri.ProxyUriManager.ProxyUri;
+
import org.junit.Before;
import org.junit.Test;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletResponse;
@@ -216,4 +224,64 @@ public class ProxyServletTest extends Se
assertEquals(HttpServletResponse.SC_BAD_REQUEST,
recorder.getHttpStatusCode());
assertContains("wrong domain", recorder.getResponseAsString());
}
+
+ @Test
+ public void testDoGetWithOAuth2() throws Exception {
+ Map<String, String> options = new HashMap<String, String>();
+ options.put("OAUTH_SERVICE_NAME", "example");
+ ProxyUriManager.ProxyUri proxyUri = new ProxyUri(-1, false, true,
"default", "http://example.org/gadget.xml";, REQUEST_URL);
+ proxyUri.setAuthType(AuthType.OAUTH2);
+
+ Uri uri = Uri.parse(BASIC_SYNTAX_URL +
"&authz=oauth2&OAUTH_SERVICE_NAME=example&container=default&gadget=http://example.org/gadget.xml";);
+ expect(proxyUriManager.process(uri)).andReturn(proxyUri);
+ expect(request.getScheme()).andReturn(uri.getScheme());
+ expect(request.getServerName()).andReturn(uri.getAuthority());
+ expect(request.getServerPort()).andReturn(80);
+ expect(request.getRequestURI()).andReturn(uri.getPath());
+ expect(request.getQueryString()).andReturn(uri.getQuery());
+ expect(request.getHeader("Host")).andReturn(uri.getAuthority());
+ expect(request.getParameter("OAUTH_SERVICE_NAME")).andReturn("example");
+
expect(request.getParameterNames()).andReturn(Collections.enumeration(options.keySet()));
+
expect(lockedDomainService.isSafeForOpenProxy(uri.getAuthority())).andReturn(true);
+
+ ProxyUriManager.ProxyUri pUri = new ProxyUri(-1, false, true, "default",
"http://example.org/gadget.xml";, REQUEST_URL);
+ pUri.setAuthType(AuthType.OAUTH2);
+ pUri.setOAuth2Arguments(new OAuth2Arguments(AuthType.OAUTH2, options));
+
+ expect(proxyHandler.fetch(pUri)).andReturn(new
HttpResponse(RESPONSE_BODY));
+ replay();
+ servlet.doGet(request, recorder);
+ verify();
+ assertResponseOk(HttpResponse.SC_OK, RESPONSE_BODY);
+ }
+
+ @Test
+ public void testDoGetWithOAuth() throws Exception {
+ Map<String, String> options = new HashMap<String, String>();
+ options.put("OAUTH_SERVICE_NAME", "example");
+ ProxyUriManager.ProxyUri proxyUri = new ProxyUri(-1, false, true,
"default", "http://example.org/gadget.xml";, REQUEST_URL);
+ proxyUri.setAuthType(AuthType.OAUTH);
+
+ Uri uri = Uri.parse(BASIC_SYNTAX_URL +
"&authz=oauth&OAUTH_SERVICE_NAME=example&container=default&gadget=http://example.org/gadget.xml";);
+ expect(proxyUriManager.process(uri)).andReturn(proxyUri);
+ expect(request.getScheme()).andReturn(uri.getScheme());
+ expect(request.getServerName()).andReturn(uri.getAuthority());
+ expect(request.getServerPort()).andReturn(80);
+ expect(request.getRequestURI()).andReturn(uri.getPath());
+ expect(request.getQueryString()).andReturn(uri.getQuery());
+ expect(request.getHeader("Host")).andReturn(uri.getAuthority());
+ expect(request.getParameter("OAUTH_SERVICE_NAME")).andReturn("example");
+
expect(request.getParameterNames()).andReturn(Collections.enumeration(options.keySet()));
+
expect(lockedDomainService.isSafeForOpenProxy(uri.getAuthority())).andReturn(true);
+
+ ProxyUriManager.ProxyUri pUri = new ProxyUri(-1, false, true, "default",
"http://example.org/gadget.xml";, REQUEST_URL);
+ pUri.setAuthType(AuthType.OAUTH);
+ pUri.setOAuthArguments(new OAuthArguments(AuthType.OAUTH, options));
+
+ expect(proxyHandler.fetch(pUri)).andReturn(new
HttpResponse(RESPONSE_BODY));
+ replay();
+ servlet.doGet(request, recorder);
+ verify();
+ assertResponseOk(HttpResponse.SC_OK, RESPONSE_BODY);
+ }
}
Modified: shindig/trunk/java/server-resources/src/main/webapp/WEB-INF/web.xml
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/server-resources/src/main/webapp/WEB-INF/web.xml?rev=1342085&r1=1342084&r2=1342085&view=diff
==============================================================================
--- shindig/trunk/java/server-resources/src/main/webapp/WEB-INF/web.xml
(original)
+++ shindig/trunk/java/server-resources/src/main/webapp/WEB-INF/web.xml Wed May
23 23:13:27 2012
@@ -147,6 +147,7 @@
<url-pattern>/social/*</url-pattern>
<url-pattern>/gadgets/ifr</url-pattern>
<url-pattern>/gadgets/makeRequest</url-pattern>
+ <url-pattern>/gadgets/proxy</url-pattern>
<url-pattern>/gadgets/api/rpc/*</url-pattern>
<url-pattern>/gadgets/api/rest/*</url-pattern>
<url-pattern>/rpc/*</url-pattern>
![http://target.example.com/image.gif"](http://target.example.com/image.gif"){kind=link}
![http://example.com/proxy?url=http%3a%2f%2ftarget.example.com%2fimage.gif"](http://example.com/proxy?url=http%3a%2f%2ftarget.example.com%2fimage.gif"){kind=link}