[
https://issues.apache.org/jira/browse/SHINDIG-1601?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13100814#comment-13100814
]
[email protected] commented on SHINDIG-1601:
--------------------------------------------------------
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/1666/
-----------------------------------------------------------
(Updated 2011-09-09 00:27:43.822761)
Review request for shindig and johnfargo.
Changes
-------
Updated based on suggestions from Dan, Henry, John, and Brian.
-New structure for the admin store.
-Uses the "uses" element in feature XML so features can declare which RCP
services they use. These services are then sent to the container when the
container requests the metadata for that gadget. The RPC code then arbitrates
RCP calls from the gadget -> container using this list.
Still left to do/investigate.
-handing of optional features. (We should not stop a gadget from rendering if
an optional features is denied by the admin, instead just don't include that JS
when the gadget renders.)
-Use a white list based on the admin store instead of the current blacklist
functionality.
-Secure IFR requests that could be made directly to render gadgets.
Summary
-------
We want to allow administrators of containers to secure the features gadgets
are allowed to use. We can do this by doing two things to the container.
1.) When the gadget preloads a gadget and requests the iFrame URL for the
gadget (indicating the container wants to render the gadget) we check the list
of allowed features for that gadget in that container. In theory the
administrator of the container would setup this list. If the gadget wants to
use a feature that is not in the list approved by the administrator the preload
fails.
2.) Secure what RPC service id a gadget can call. A gadget should only be able
to call the RPC service ids from the features the administrator has approved
for that gadget in that container. If the gadget tried to call and RPC service
id that is not in a feature the administrator has approved than the RPC call
will be "blocked".
THIS PATCH IS INCOMPLETE. I just want to start to get feedback on this before
I get too deep and have to go back and change something major. Currently this
patch implements number 1 above and part of number 2. There no code yet to
arbitrate the RPC calls, right now this patch only returns the allowed RPC
service IDs in the metadata request, but it doesn't do anything with them.
One of the major concerns I have is my use of <export type="rpc"..../> in the
feature XML files. I am not sure if I am using them in the intended way.
Hoping John H can take a look at that.
This addresses bug SHINDIG-1601.
https://issues.apache.org/jira/browse/SHINDIG-1601
Diffs (updated)
-----
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/FakeProcessor.java
1166802
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerServiceTest.java
1166802
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/admin/GadgetAdminDataTest.java
PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/admin/ServerAdminDataTest.java
PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/admin/FeatureAdminDataTest.java
PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/admin/ContainerAdminDataTest.java
PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/admin/BasicGadgetAdminStoreTest.java
PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerService.java
1166802
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/admin/ServerAdminData.java
PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/features/FeatureRegistry.java
1166802
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerApi.java
1166802
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/admin/GadgetAdminData.java
PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/admin/GadgetAdminModule.java
PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/admin/GadgetAdminStore.java
PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/admin/ContainerAdminData.java
PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/admin/FeatureAdminData.java
PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/admin/BasicGadgetAdminStore.java
PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/RenderingContext.java
1166802
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetException.java
1166802
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/pom.xml 1166802
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java
1166802
http://svn.apache.org/repos/asf/shindig/trunk/features/src/main/javascript/features/embeddedexperiences/feature.xml
1166802
http://svn.apache.org/repos/asf/shindig/trunk/features/src/main/javascript/features/open-views/feature.xml
1166802
http://svn.apache.org/repos/asf/shindig/trunk/features/src/main/javascript/features/rpc/rpc.js
1166802
http://svn.apache.org/repos/asf/shindig/trunk/features/src/main/javascript/features/container.util/util.js
1166802
http://svn.apache.org/repos/asf/shindig/trunk/features/src/main/javascript/features/container/container.js
1166802
http://svn.apache.org/repos/asf/shindig/trunk/config/container.js 1166802
http://svn.apache.org/repos/asf/shindig/trunk/config/gadget-admin.json
PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/content/samplecontainer/examples/commoncontainer/assembler.js
1166802
http://svn.apache.org/repos/asf/shindig/trunk/content/samplecontainer/examples/commoncontainer/viewController.js
1166802
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerTest.java
1166802
Diff: https://reviews.apache.org/r/1666/diff
Testing
-------
Created/updated unit tests.
Thanks,
Ryan
> Enhance Gadget Administration
> -----------------------------
>
> Key: SHINDIG-1601
> URL: https://issues.apache.org/jira/browse/SHINDIG-1601
> Project: Shindig
> Issue Type: New Feature
> Affects Versions: 3.0.0
> Reporter: Ryan Baxter
> Original Estimate: 672h
> Remaining Estimate: 672h
>
> We want to allow administrators of containers to secure the features gadgets
> are allowed to use. We can do this by doing two things to the container.
> 1.) When the gadget preloads a gadget and requests the iFrame URL for the
> gadget (indicating the container wants to render the gadget) we check the
> list of allowed features for that gadget in that container. In theory the
> administrator of the container would setup this list. If the gadget wants to
> use a feature that is not in the list approved by the administrator the
> preload fails.
> 2.) Secure what RPC service id a gadget can call. A gadget should only be
> able to call the RPC service ids from the features the administrator has
> approved for that gadget in that container. If the gadget tried to call and
> RPC service id that is not in a feature the administrator has approved than
> the RPC call will be "blocked".
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
