Author: jonathan Date: Fri Jul 18 23:45:21 2008 New Revision: 19613 URL: http://wso2.org/svn/browse/wso2?view=rev&revision=19613
Log: Updating sample to show how to provision a service with confidential information (without sharing it with others who might want to use, examine, or download the service.) Modified: trunk/mashup/java/modules/samples/yahooGeoCode/yahooGeoCode.js Modified: trunk/mashup/java/modules/samples/yahooGeoCode/yahooGeoCode.js URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/samples/yahooGeoCode/yahooGeoCode.js?rev=19613&r1=19612&r2=19613&view=diff ============================================================================== --- trunk/mashup/java/modules/samples/yahooGeoCode/yahooGeoCode.js (original) +++ trunk/mashup/java/modules/samples/yahooGeoCode/yahooGeoCode.js Fri Jul 18 23:45:21 2008 @@ -23,17 +23,56 @@ "street" : "string" , "city" : "string", "state" : "AL | AK | AZ | AR | CA | CO | CT | DC | DE | FL | GA | HI | ID | IL | IN | IA | KS | KY | LA | ME | MD | MA | MI | MN | MS | MO | MT | NE | NV | NH | NJ | NM | NY | NC | ND | OH | OK | OR | PA | RC | SC | SD | TN | TX | UT | VT | VA | WA | WV | WI | WY" }; -geocode.outputType = "xml"; +geocode.outputType = "xml"; function geocode(street, city, state) { + var key = getApiKey(); + if (key == null) throw("You must first provision this service with a valid Yahoo API Key. See http://developer.yahoo.com/wsregapp/index.php.";); + var yahoo = new WSRequest(); var options = new Array(); options["useSOAP"] = "false"; options["HTTPMethod"] = "get"; yahoo.open(options, "http://local.yahooapis.com/MapsService/V1/geocode";, false); - var request = "<parameters><appid>rPJmz.HV34Hn654ySbBEOJf2i4nuae6LqGKX5EmrN30Q9aTeabb3vwThv2jRDN.rf3aAIw--</appid><street>" + street + "</street><city>" + city + "</city><state>" + state + "</state></parameters>"; + var request = "<parameters><appid>" + key + "</appid><street>" + street + "</street><city>" + city + "</city><state>" + state + "</state></parameters>"; yahoo.send(request); return yahoo.responseXML; } + +// This sample demonstrates provisioning a service with confidential information. By saving the apikey in +// the _private area, it will not be shared with others (unless they somehow have file system access). +// Thus the apikey is kept confidential. When someone downloads and uses the mashup, they must provide +// their own apikey in a write-once operation. The author need not worry that sharing the mashup will +// compromise the confidential information. A similar technique would work for usernames and passwords. + +provisionApiKey.documentation = <div>Before using the geocode service, register for a Yahoo API Key [1] and use it to provision the service (write-once only).<br/>[1] <a href="http://developer.yahoo.com/wsregapp/index.php";>http://developer.yahoo.com/wsregapp/index.php</a>.<br/> + For sample purposes (though it kind of defeats the exercise) you can use ours: "rPJmz.HV34Hn654ySbBEOJf2i4nuae6LqGKX5EmrN30Q9aTeabb3vwThv2jRDN.rf3aAIw--".</div> +provisionApiKey.inputTypes = {"key" : "string"}; +provisionApiKey.outputType = "boolean"; +function provisionApiKey (key) { + if (getApiKey() == null) { + var f = new File("_private/apikey.txt"); + if (!f.exists) + f.createFile(); + f.openForWriting(); + f.write(key); + f.close(); + } else throw ("Yahoo api key has already been provisioned for this service."); + return true; +} + +getApiKey.visible = false; +function getApiKey() { + var key = null; + + var f = new File("_private/apikey.txt"); + if (f.exists) { + f.openForReading(); + key = new XML(f.readAll()); + } + f.close(); + + return key; +} _______________________________________________ Mashup-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/mashup-dev
