Hi guys, We have to use a SSO secured server, that means all apps in the container will be covered by the SSO system, even the gadgets spec XML.
My server uses a user cookie sent by browser to authorize the access, it's a simple SSO system, the add/render gadget flow it's basically: Browser --> RpcServlet --> JSONRpcHandler --> Processor --> GadgetSpecFactory --> RequestPipeline --> HttpFetcher Shindig does a new request, with any association with the original client request (that has all cookies necessary to pass over security handlers), it's just like try access a url without login, so i got a 401 error, it's pretty easy to replace implementations on shindig using google-guice, but the only way i see here, is rewritten all classes involved in the process, because after JSONRpcHandler the original request it's not passed through. How do you guys normally handle that, you always put spec in public urls? Cheers.
