is everyone using xml over a public url? without any authentication? On Wed, Jan 5, 2011 at 4:09 PM, Xandeco, Maxwell <[email protected]>wrote:
> > Hi guys, > > We have to use a SSO secured server, that means all apps in the container > will be covered by the SSO system, even the gadgets spec XML. > > My server uses a user cookie sent by browser to authorize the access, it's > a simple SSO system, the add/render gadget flow it's basically: > > Browser --> RpcServlet --> JSONRpcHandler --> Processor --> > GadgetSpecFactory --> RequestPipeline --> HttpFetcher > > Shindig does a new request, with any association with the original client > request (that has all cookies necessary to pass over security handlers), > it's just like try access a url without login, so i got a 401 error, it's > pretty easy to replace implementations on shindig using google-guice, but > the only way i see here, is rewritten all classes involved in the process, > because after JSONRpcHandler the original request it's not passed through. > > How do you guys normally handle that, you always put spec in public urls? > > Cheers. >
