Hmmm are you saying that Shindig is put in different domain/ url so the request come from client will go to different URL without cookie?
- Henry On Wed, Jan 5, 2011 at 10:09 AM, Xandeco, Maxwell <[email protected]> wrote: > > Hi guys, > > We have to use a SSO secured server, that means all apps in the container > will be covered by the SSO system, even the gadgets spec XML. > > My server uses a user cookie sent by browser to authorize the access, it's a > simple SSO system, the add/render gadget flow it's basically: > > Browser --> RpcServlet --> JSONRpcHandler --> Processor --> GadgetSpecFactory > --> RequestPipeline --> HttpFetcher > > Shindig does a new request, with any association with the original client > request (that has all cookies necessary to pass over security handlers), it's > just like try access a url without login, so i got a 401 error, it's pretty > easy to replace implementations on shindig using google-guice, but the only > way i see here, is rewritten all classes involved in the process, because > after JSONRpcHandler the original request it's not passed through. > > How do you guys normally handle that, you always put spec in public urls? > > Cheers. > -- Thanks, Henry
