Author: etnu
Date: Tue Sep 2 01:56:21 2008
New Revision: 691158
URL: http://svn.apache.org/viewvc?rev=691158&view=rev
Log:
Fix for SHINDIG-555.
This patch eliminates the remaining ad hoc security token handling. All auth is
now done via the auth filter.
Due to the inability to overwrite bindings in the current version of Guice, I
have added a small, auth-only module for gadget rendering that is used when
running a standalone gadget rendering server. For full or social only servers,
the social binding is used. The gadget binding does not include oauth as a
valid auth handler.
With this change complete, many other pieces of code can probably be removed.
SecurityTokenDecoder is most likely an obsolete interface.
Added:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/AuthenticationModule.java
Modified:
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthInfo.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetRenderingTask.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpGadgetContext.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetServerTest.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetTestFixture.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetRenderingTaskTest.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/HttpGadgetContextTest.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/JsonRpcHandlerTest.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ServletTestFixture.java
incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.full.xml
incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.gadgets.xml
incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml
incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.xml
Modified:
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthInfo.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthInfo.java?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
---
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthInfo.java
(original)
+++
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthInfo.java
Tue Sep 2 01:56:21 2008
@@ -28,7 +28,7 @@
/**
* Constants for request attribute keys
*/
- enum Attribute {
+ public enum Attribute {
/** The security token */
SECURITY_TOKEN,
/** The named auth type */
@@ -86,8 +86,7 @@
* @param att The attribute
* @param value The value
*/
- private static<T> void setRequestAttribute(HttpServletRequest req,
- Attribute att, T value) {
+ private static<T> void setRequestAttribute(HttpServletRequest req, Attribute
att, T value) {
req.setAttribute(att.getId(), value);
}
@@ -99,8 +98,7 @@
* @return The value
*/
@SuppressWarnings("unchecked")
- private static<T> T getRequestAttribute(HttpServletRequest req,
- Attribute att) {
+ private static<T> T getRequestAttribute(HttpServletRequest req, Attribute
att) {
return (T)req.getAttribute(att.getId());
}
}
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java
Tue Sep 2 01:56:21 2008
@@ -104,8 +104,7 @@
/**
* @return The token associated with this request
*/
- @SuppressWarnings("unused")
- public SecurityToken getToken() throws GadgetException {
+ public SecurityToken getToken() {
return null;
}
}
Added:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/AuthenticationModule.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/AuthenticationModule.java?rev=691158&view=auto
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/AuthenticationModule.java
(added)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/AuthenticationModule.java
Tue Sep 2 01:56:21 2008
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shindig.gadgets.servlet;
+
+import org.apache.shindig.auth.AnonymousAuthenticationHandler;
+import org.apache.shindig.auth.AuthenticationHandler;
+import org.apache.shindig.auth.UrlParameterAuthenticationHandler;
+
+import com.google.common.collect.Lists;
+import com.google.inject.AbstractModule;
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.TypeLiteral;
+
+import java.util.List;
+
+/**
+ * Binds auth types used by gadget rendering. This should be used when running
a stand-alone gadget
+ * renderer.
+ */
+public class AuthenticationModule extends AbstractModule {
+
+ /** [EMAIL PROTECTED] */
+ @Override
+ protected void configure() {
+ bind(new
TypeLiteral<List<AuthenticationHandler>>(){}).toProvider(AuthProvider.class);
+ }
+
+ private static class AuthProvider implements
Provider<List<AuthenticationHandler>> {
+ private final List<AuthenticationHandler> handlers;
+
+ @Inject
+ public AuthProvider(UrlParameterAuthenticationHandler
urlParameterAuthHandler,
+ AnonymousAuthenticationHandler anonymoustAuthHandler) {
+ handlers = Lists.newArrayList(urlParameterAuthHandler,
anonymoustAuthHandler);
+ }
+
+ public List<AuthenticationHandler> get() {
+ return handlers;
+ }
+ }
+
+}
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetRenderingTask.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetRenderingTask.java?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetRenderingTask.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetRenderingTask.java
Tue Sep 2 01:56:21 2008
@@ -20,7 +20,6 @@
package org.apache.shindig.gadgets.servlet;
import org.apache.shindig.auth.SecurityToken;
-import org.apache.shindig.auth.SecurityTokenDecoder;
import org.apache.shindig.common.ContainerConfig;
import org.apache.shindig.common.util.Utf8UrlCoder;
import org.apache.shindig.gadgets.Gadget;
@@ -96,8 +95,6 @@
private final UrlGenerator urlGenerator;
- private final SecurityTokenDecoder tokenDecoder;
-
private GadgetContext context;
private final List<GadgetContentFilter> filters;
@@ -113,7 +110,7 @@
throws IOException {
this.request = request;
this.response = response;
- context = new HttpGadgetContext(request, tokenDecoder);
+ context = new HttpGadgetContext(request);
URI url = context.getUrl();
@@ -562,14 +559,12 @@
GadgetFeatureRegistry registry,
ContainerConfig containerConfig,
UrlGenerator urlGenerator,
- SecurityTokenDecoder tokenDecoder,
LockedDomainService lockedDomainService) {
this.server = server;
this.messageBundleFactory = messageBundleFactory;
this.registry = registry;
this.containerConfig = containerConfig;
this.urlGenerator = urlGenerator;
- this.tokenDecoder = tokenDecoder;
this.domainLocker = lockedDomainService;
filters = new LinkedList<GadgetContentFilter>();
}
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpGadgetContext.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpGadgetContext.java?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpGadgetContext.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpGadgetContext.java
Tue Sep 2 01:56:21 2008
@@ -19,17 +19,14 @@
package org.apache.shindig.gadgets.servlet;
+import org.apache.shindig.auth.AuthInfo;
import org.apache.shindig.auth.SecurityToken;
-import org.apache.shindig.auth.SecurityTokenDecoder;
-import org.apache.shindig.auth.SecurityTokenException;
import org.apache.shindig.gadgets.GadgetContext;
-import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.RenderingContext;
import org.apache.shindig.gadgets.UserPrefs;
import java.net.URI;
import java.net.URISyntaxException;
-import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Locale;
@@ -44,7 +41,6 @@
public static final String USERPREF_PARAM_PREFIX = "up_";
private final HttpServletRequest request;
- private final SecurityTokenDecoder tokenDecoder;
private final String container;
private final Boolean debug;
@@ -52,14 +48,12 @@
private final Locale locale;
private final Integer moduleId;
private final RenderingContext renderingContext;
- private final String tokenString;
private final URI url;
private final UserPrefs userPrefs;
private final String view;
- public HttpGadgetContext(HttpServletRequest request, SecurityTokenDecoder
tokenDecoder) {
+ public HttpGadgetContext(HttpServletRequest request) {
this.request = request;
- this.tokenDecoder = tokenDecoder;
container = getContainer(request);
debug = getDebug(request);
@@ -67,8 +61,6 @@
locale = getLocale(request);
moduleId = getModuleId(request);
renderingContext = getRenderingContext(request);
- // TODO: This shouldn't be depending on MakeRequest at all.
- tokenString =
request.getParameter(MakeRequestHandler.SECURITY_TOKEN_PARAM);
url = getUrl(request);
userPrefs = getUserPrefs(request);
view = getView(request);
@@ -128,19 +120,8 @@
}
@Override
- public SecurityToken getToken() throws GadgetException {
- if (tokenString == null || tokenString.length() == 0) {
- return super.getToken();
- } else {
- try {
- Map<String, String> tokenMap
- =
Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME, tokenString);
- return tokenDecoder.createToken(tokenMap);
- } catch (SecurityTokenException e) {
- throw new GadgetException(
- GadgetException.Code.INVALID_SECURITY_TOKEN, e);
- }
- }
+ public SecurityToken getToken() {
+ return AuthInfo.getSecurityToken(request);
}
@Override
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
Tue Sep 2 01:56:21 2008
@@ -18,9 +18,8 @@
*/
package org.apache.shindig.gadgets.servlet;
+import org.apache.shindig.auth.AuthInfo;
import org.apache.shindig.auth.SecurityToken;
-import org.apache.shindig.auth.SecurityTokenDecoder;
-import org.apache.shindig.auth.SecurityTokenException;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.util.Utf8UrlCoder;
import org.apache.shindig.gadgets.FeedProcessor;
@@ -40,7 +39,6 @@
import org.json.JSONObject;
import java.io.IOException;
-import java.util.Collections;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
@@ -57,7 +55,6 @@
public static final String UNPARSEABLE_CRUFT = "throw 1; < don't be evil' >";
public static final String POST_DATA_PARAM = "postData";
public static final String METHOD_PARAM = "httpMethod";
- public static final String SECURITY_TOKEN_PARAM = "st";
public static final String HEADERS_PARAM = "headers";
public static final String NOCACHE_PARAM = "nocache";
public static final String SIGN_VIEWER = "signViewer";
@@ -67,14 +64,11 @@
public static final String DEFAULT_NUM_ENTRIES = "3";
public static final String GET_SUMMARIES_PARAM = "getSummaries";
- private final SecurityTokenDecoder securityTokenDecoder;
private final ContentFetcherFactory contentFetcherFactory;
@Inject
- public MakeRequestHandler(ContentFetcherFactory contentFetcherFactory,
- SecurityTokenDecoder securityTokenDecoder) {
+ public MakeRequestHandler(ContentFetcherFactory contentFetcherFactory) {
this.contentFetcherFactory = contentFetcherFactory;
- this.securityTokenDecoder = securityTokenDecoder;
}
/**
@@ -240,14 +234,12 @@
* @param request
* @return A valid token for the given input.
*/
- private SecurityToken extractAndValidateToken(HttpServletRequest request)
- throws GadgetException {
- String token = getParameter(request, SECURITY_TOKEN_PARAM, "");
- try {
- return
securityTokenDecoder.createToken(Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
token));
- } catch (SecurityTokenException e) {
- throw new GadgetException(GadgetException.Code.INVALID_SECURITY_TOKEN,
e);
+ private SecurityToken extractAndValidateToken(HttpServletRequest request)
throws GadgetException {
+ SecurityToken token = AuthInfo.getSecurityToken(request);
+ if (token == null) {
+ throw new GadgetException(GadgetException.Code.INVALID_SECURITY_TOKEN);
}
+ return token;
}
/**
Modified:
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetServerTest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetServerTest.java?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetServerTest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetServerTest.java
Tue Sep 2 01:56:21 2008
@@ -47,8 +47,7 @@
}
@Override
- @SuppressWarnings("unused")
- public SecurityToken getToken() throws GadgetException {
+ public SecurityToken getToken() {
try {
return new BasicSecurityToken("o", "v", "a", "d", "u", "m");
} catch (BlobCrypterException bce) {
Modified:
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetTestFixture.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetTestFixture.java?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetTestFixture.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetTestFixture.java
Tue Sep 2 01:56:21 2008
@@ -19,7 +19,6 @@
package org.apache.shindig.gadgets;
-import org.apache.shindig.auth.SecurityTokenDecoder;
import org.apache.shindig.common.ContainerConfig;
import org.apache.shindig.common.cache.CacheProvider;
import org.apache.shindig.common.cache.DefaultCacheProvider;
@@ -31,26 +30,12 @@
import org.apache.shindig.gadgets.rewrite.BasicContentRewriterRegistry;
import org.apache.shindig.gadgets.rewrite.ContentRewriter;
import org.apache.shindig.gadgets.rewrite.NoOpContentRewriter;
-import org.apache.shindig.gadgets.servlet.GadgetRenderingTask;
-import org.apache.shindig.gadgets.servlet.HttpServletResponseRecorder;
-import org.apache.shindig.gadgets.servlet.HttpUtil;
-import org.apache.shindig.gadgets.servlet.JsonRpcHandler;
-import org.apache.shindig.gadgets.servlet.UrlGenerator;
import java.util.concurrent.ExecutorService;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
public abstract class GadgetTestFixture extends EasyMockTestCase {
- public final HttpServletRequest request = mock(HttpServletRequest.class);
- public final HttpServletResponse response = mock(HttpServletResponse.class);
- public final HttpServletResponseRecorder recorder = new
HttpServletResponseRecorder(response);
- public final SecurityTokenDecoder securityTokenDecoder
- = mock(SecurityTokenDecoder.class);
public final GadgetServer gadgetServer;
- public final ContentFetcherFactory fetcherFactory
- = mock(ContentFetcherFactory.class);
+ public final ContentFetcherFactory fetcherFactory =
mock(ContentFetcherFactory.class);
public final HttpFetcher fetcher = mock(HttpFetcher.class);
public final SigningFetcher signingFetcher = mock(SigningFetcher.class);
public final OAuthFetcher oauthFetcher = mock(OAuthFetcher.class);
@@ -61,27 +46,17 @@
new BasicMessageBundleFactory(fetcher, cacheProvider, 0, 0L, 0L);
public final GadgetFeatureRegistry registry;
public final ContainerConfig containerConfig = mock(ContainerConfig.class);
-
- public final GadgetRenderingTask gadgetRenderer;
- public final JsonRpcHandler jsonRpcHandler;
- public final UrlGenerator urlGenerator = mock(UrlGenerator.class);
- public final LockedDomainService lockedDomainService =
mock(LockedDomainService.class);
public final ContentRewriter rewriter = new NoOpContentRewriter();
public final FakeTimeSource timeSource = new FakeTimeSource();
public final ExecutorService executor = new TestExecutorService();
public final GadgetSpecFactory specFactory = new BasicGadgetSpecFactory(
fetcher, cacheProvider, new BasicContentRewriterRegistry(null),
executor, 0, 0L, 0L);
-
public GadgetTestFixture() {
try {
- HttpUtil.setTimeSource(timeSource);
registry = new GadgetFeatureRegistry(null, fetcher);
gadgetServer = new GadgetServer(executor, registry, blacklist,
fetcherFactory, specFactory, bundleFactory);
- gadgetRenderer = new GadgetRenderingTask(gadgetServer, bundleFactory,
- registry, containerConfig, urlGenerator, securityTokenDecoder,
lockedDomainService);
- jsonRpcHandler = new JsonRpcHandler(executor, gadgetServer,
urlGenerator);
} catch (Exception e) {
throw new RuntimeException(e);
}
Modified:
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetRenderingTaskTest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetRenderingTaskTest.java?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetRenderingTaskTest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetRenderingTaskTest.java
Tue Sep 2 01:56:21 2008
@@ -18,12 +18,13 @@
*/
package org.apache.shindig.gadgets.servlet;
+import static org.easymock.EasyMock.eq;
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.expectLastCall;
import static org.easymock.EasyMock.isA;
+import org.apache.shindig.auth.AuthInfo;
import org.apache.shindig.auth.SecurityToken;
-import org.apache.shindig.auth.SecurityTokenDecoder;
import org.apache.shindig.common.ContainerConfig;
import org.apache.shindig.common.testing.FakeGadgetToken;
import org.apache.shindig.common.uri.Uri;
@@ -43,12 +44,10 @@
import org.json.JSONObject;
import java.util.Collection;
-import java.util.Collections;
import java.util.Enumeration;
public class GadgetRenderingTaskTest extends ServletTestFixture {
-
- final static Enumeration<String> EMPTY_PARAMS = new Enumeration<String>() {
+ private static final Enumeration<String> EMPTY_PARAMS = new
Enumeration<String>() {
public boolean hasMoreElements() {
return false;
}
@@ -57,28 +56,30 @@
}
};
- final static Uri SPEC_URL = Uri.parse("http://example.org/gadget.xml";);
- final static HttpRequest SPEC_REQUEST = new HttpRequest(SPEC_URL);
- final static String CONTENT = "Hello, world!";
- final static String ALT_CONTENT = "Goodbye, city.";
- final static String SPEC_XML
- = "<Module>" +
- "<ModulePrefs title='hello'/>" +
- "<Content type='html' quirks='false'>" + CONTENT + "</Content>" +
- "<Content type='html' view='quirks' quirks='true'/>" +
- "<Content type='html' view='ALIAS'>" + ALT_CONTENT + "</Content>" +
- "</Module>";
- final static String LIBS = "dummy:blah";
-
- final static String PRELOAD_XML =
- "<Module>" +
- "<ModulePrefs title='hello'>" +
- "<Preload authz='oauth' href='http://oauth.example.com'/>" +
- "</ModulePrefs>" +
- "<Content type='html' quirks='false'>" + CONTENT + "</Content>" +
- "<Content type='html' view='quirks' quirks='true'/>" +
- "<Content type='html' view='ALIAS'>" + ALT_CONTENT + "</Content>" +
- "</Module>";
+ private static final Uri SPEC_URL =
Uri.parse("http://example.org/gadget.xml";);
+ private static final HttpRequest SPEC_REQUEST = new HttpRequest(SPEC_URL);
+ private static final String CONTENT = "Hello, world!";
+ private static final String ALT_CONTENT = "Goodbye, city.";
+ private static final String SPEC_XML =
+ "<Module>" +
+ "<ModulePrefs title='hello'/>" +
+ "<Content type='html' quirks='false'>" + CONTENT + "</Content>" +
+ "<Content type='html' view='quirks' quirks='true'/>" +
+ "<Content type='html' view='ALIAS'>" + ALT_CONTENT + "</Content>" +
+ "</Module>";
+ private static final String LIBS = "dummy:blah";
+
+ private static final String PRELOAD_XML =
+ "<Module>" +
+ "<ModulePrefs title='hello'>" +
+ "<Preload authz='oauth' href='http://oauth.example.com'/>" +
+ "</ModulePrefs>" +
+ "<Content type='html' quirks='false'>" + CONTENT + "</Content>" +
+ "<Content type='html' view='quirks' quirks='true'/>" +
+ "<Content type='html' view='ALIAS'>" + ALT_CONTENT + "</Content>" +
+ "</Module>";
+
+ private static final SecurityToken DUMMY_TOKEN = new FakeGadgetToken();
/**
* Performs boilerplate operations to get basic gadgets rendered
@@ -106,7 +107,6 @@
expect(request.getParameterNames()).andReturn(EMPTY_PARAMS);
expect(request.getParameter("container")).andReturn(null);
expect(request.getHeader("Host")).andReturn("www.example.org");
- expect(request.getParameter("st")).andStubReturn("fake-token");
}
private void expectLockedDomainCheck() throws Exception {
@@ -163,12 +163,10 @@
public void testOAuthPreload_data() throws Exception {
expectParseRequestParams(GadgetSpec.DEFAULT_VIEW);
expectFetchGadget(PRELOAD_XML, false);
- expect(securityTokenDecoder.createToken(
- Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
"fake-token"))).
- andStubReturn(mock(SecurityToken.class));
+ expect(request.getAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId()))
+ .andReturn(DUMMY_TOKEN).atLeastOnce();
OAuthFetcher oauthFetcher = mock(OAuthFetcher.class);
- expect(fetcherFactory.getOAuthFetcher(
- isA(SecurityToken.class), isA(OAuthArguments.class))).
+ expect(fetcherFactory.getOAuthFetcher(eq(DUMMY_TOKEN),
isA(OAuthArguments.class))).
andReturn(oauthFetcher);
expect(oauthFetcher.fetch(isA(HttpRequest.class))).
@@ -186,12 +184,10 @@
public void testOAuthPreload_metadata() throws Exception {
expectParseRequestParams(GadgetSpec.DEFAULT_VIEW);
expectFetchGadget(PRELOAD_XML, false);
- expect(securityTokenDecoder.createToken(
- Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
"fake-token"))).
- andStubReturn(mock(SecurityToken.class));
+ expect(request.getAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId()))
+ .andReturn(DUMMY_TOKEN).atLeastOnce();
OAuthFetcher oauthFetcher = mock(OAuthFetcher.class);
- expect(fetcherFactory.getOAuthFetcher(
- isA(SecurityToken.class), isA(OAuthArguments.class))).
+ expect(fetcherFactory.getOAuthFetcher(eq(DUMMY_TOKEN),
isA(OAuthArguments.class))).
andReturn(oauthFetcher);
HttpResponse resp = new HttpResponseBuilder()
@@ -266,10 +262,11 @@
}
public void testAuthTokenInjection_allparams() throws Exception {
- expect(request.getParameter("st")).andReturn("fake-token");
-
expect(securityTokenDecoder.createToken(Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
"fake-token"))).andReturn(
- new FakeGadgetToken().setUpdatedToken("updated-token")
- .setTrustedJson("{ \"foo\" : \"bar\" }"));
+ SecurityToken token = new FakeGadgetToken()
+ .setUpdatedToken("updated-token")
+ .setTrustedJson("{ \"foo\" : \"bar\" }");
+ expect(request.getAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId()))
+ .andReturn(token).atLeastOnce();
String content = parseBasicGadget(GadgetSpec.DEFAULT_VIEW, SPEC_XML);
JSONObject auth = parseShindigAuthConfig(content);
assertEquals("updated-token", auth.getString("authToken"));
@@ -277,18 +274,18 @@
}
public void testAuthTokenInjection_none() throws Exception {
- expect(request.getParameter("st")).andReturn("fake-token");
-
expect(securityTokenDecoder.createToken(Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
"fake-token"))).andReturn(
- new FakeGadgetToken());
+ expect(request.getAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId()))
+ .andReturn(DUMMY_TOKEN).atLeastOnce();
String content = parseBasicGadget(GadgetSpec.DEFAULT_VIEW, SPEC_XML);
JSONObject auth = parseShindigAuthConfig(content);
assertEquals(0, auth.length());
}
public void testAuthTokenInjection_trustedJson() throws Exception {
- expect(request.getParameter("st")).andReturn("fake-token");
-
expect(securityTokenDecoder.createToken(Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
"fake-token"))).andReturn(
- new FakeGadgetToken().setTrustedJson("trusted"));
+ SecurityToken token = new FakeGadgetToken()
+ .setTrustedJson("trusted");
+ expect(request.getAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId()))
+ .andReturn(token).atLeastOnce();
String content = parseBasicGadget(GadgetSpec.DEFAULT_VIEW, SPEC_XML);
JSONObject auth = parseShindigAuthConfig(content);
assertEquals(1, auth.length());
@@ -296,9 +293,10 @@
}
public void testAuthTokenInjection_updatedToken() throws Exception {
- expect(request.getParameter("st")).andReturn("fake-token");
-
expect(securityTokenDecoder.createToken(Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
"fake-token"))).andReturn(
- new FakeGadgetToken().setUpdatedToken("updated-token"));
+ SecurityToken token = new FakeGadgetToken()
+ .setUpdatedToken("updated-token");
+ expect(request.getAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId()))
+ .andReturn(token).atLeastOnce();
String content = parseBasicGadget(GadgetSpec.DEFAULT_VIEW, SPEC_XML);
JSONObject auth = parseShindigAuthConfig(content);
assertEquals(1, auth.length());
Modified:
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/HttpGadgetContextTest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/HttpGadgetContextTest.java?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/HttpGadgetContextTest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/HttpGadgetContextTest.java
Tue Sep 2 01:56:21 2008
@@ -19,16 +19,18 @@
import static org.easymock.EasyMock.expect;
+import org.apache.shindig.auth.AnonymousSecurityToken;
+import org.apache.shindig.auth.AuthInfo;
+import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.gadgets.GadgetContext;
-import org.apache.shindig.gadgets.GadgetTestFixture;
import java.util.Locale;
-public class HttpGadgetContextTest extends GadgetTestFixture {
+public class HttpGadgetContextTest extends ServletTestFixture {
public void testIgnoreCacheParam() {
expect(request.getParameter("nocache")).andReturn(Integer.toString(Integer.MAX_VALUE));
replay();
- GadgetContext context = new HttpGadgetContext(request,
securityTokenDecoder);
+ GadgetContext context = new HttpGadgetContext(request);
assertEquals(true, context.getIgnoreCache());
}
@@ -36,21 +38,29 @@
expect(request.getParameter("lang")).andReturn(Locale.CHINA.getLanguage());
expect(request.getParameter("country")).andReturn(Locale.CHINA.getCountry());
replay();
- GadgetContext context = new HttpGadgetContext(request,
securityTokenDecoder);
+ GadgetContext context = new HttpGadgetContext(request);
assertEquals(Locale.CHINA, context.getLocale());
}
public void testDebug() {
expect(request.getParameter("debug")).andReturn("1");
replay();
- GadgetContext context = new HttpGadgetContext(request,
securityTokenDecoder);
+ GadgetContext context = new HttpGadgetContext(request);
assertEquals(true, context.getDebug());
}
public void testGetParameter() {
expect(request.getParameter("foo")).andReturn("bar");
replay();
- GadgetContext context = new HttpGadgetContext(request,
securityTokenDecoder);
+ GadgetContext context = new HttpGadgetContext(request);
assertEquals("bar", context.getParameter("foo"));
}
+
+ public void testGetSecurityToken() throws Exception {
+ SecurityToken expected = new AnonymousSecurityToken();
+
expect(request.getAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId())).andReturn(expected);
+ replay();
+ GadgetContext context = new HttpGadgetContext(request);
+ assertEquals(expected, context.getToken());
+ }
}
\ No newline at end of file
Modified:
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/JsonRpcHandlerTest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/JsonRpcHandlerTest.java?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/JsonRpcHandlerTest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/JsonRpcHandlerTest.java
Tue Sep 2 01:56:21 2008
@@ -23,7 +23,6 @@
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.Gadget;
-import org.apache.shindig.gadgets.GadgetTestFixture;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.spec.GadgetSpec;
@@ -35,7 +34,7 @@
import java.util.Collections;
import java.util.Map;
-public class JsonRpcHandlerTest extends GadgetTestFixture {
+public class JsonRpcHandlerTest extends ServletTestFixture {
private static final Uri SPEC_URL = Uri.parse("http://example.org/g.xml";);
private static final HttpRequest SPEC_REQUEST = new HttpRequest(SPEC_URL);
private static final Uri SPEC_URL2 = Uri.parse("http://example.org/g2.xml";);
Modified:
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
Tue Sep 2 01:56:21 2008
@@ -22,9 +22,8 @@
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.isA;
+import org.apache.shindig.auth.AuthInfo;
import org.apache.shindig.auth.SecurityToken;
-import org.apache.shindig.auth.SecurityTokenDecoder;
-import org.apache.shindig.auth.SecurityTokenException;
import org.apache.shindig.common.testing.FakeGadgetToken;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.GadgetException;
@@ -54,8 +53,7 @@
private static final String RESPONSE_BODY = "makeRequest response body";
private static final SecurityToken DUMMY_TOKEN = new FakeGadgetToken();
- private final MakeRequestHandler handler = new
MakeRequestHandler(contentFetcherFactory,
- securityTokenDecoder);
+ private final MakeRequestHandler handler = new
MakeRequestHandler(contentFetcherFactory);
private void expectGetAndReturnBody(String response) throws Exception {
expectGetAndReturnBody(fetcher, response);
@@ -235,13 +233,9 @@
}
public void testSignedGetRequest() throws Exception {
- // Doesn't actually sign since it returns the standard fetcher.
- // Signing tests are in SigningFetcherTest
- expect(securityTokenDecoder.createToken(
- Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
"fake-token")))
- .andReturn(DUMMY_TOKEN);
- expect(request.getParameter(MakeRequestHandler.SECURITY_TOKEN_PARAM))
- .andReturn("fake-token").atLeastOnce();
+
+ expect(request.getAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId()))
+ .andReturn(DUMMY_TOKEN).atLeastOnce();
expect(request.getParameter(Preload.AUTHZ_ATTR))
.andReturn(Auth.SIGNED.toString()).atLeastOnce();
expect(signingFetcher.fetch(isA(HttpRequest.class)))
@@ -258,11 +252,8 @@
// Doesn't actually sign since it returns the standard fetcher.
// Signing tests are in SigningFetcherTest
expectPostAndReturnBody(signingFetcher, REQUEST_BODY, RESPONSE_BODY);
- expect(securityTokenDecoder.createToken(
- Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
"fake-token")))
- .andReturn(DUMMY_TOKEN);
- expect(request.getParameter(MakeRequestHandler.SECURITY_TOKEN_PARAM))
- .andReturn("fake-token").atLeastOnce();
+ expect(request.getAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId()))
+ .andReturn(DUMMY_TOKEN).atLeastOnce();
expect(request.getParameter(Preload.AUTHZ_ATTR))
.andReturn(Auth.SIGNED.toString()).atLeastOnce();
replay();
@@ -280,11 +271,8 @@
// Signing tests are in SigningFetcherTest
expectGetAndReturnBody(signingFetcher, RESPONSE_BODY);
FakeGadgetToken authToken = new
FakeGadgetToken().setUpdatedToken("updated");
- expect(securityTokenDecoder.createToken
- (Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
"fake-token")))
- .andReturn(authToken);
- expect(request.getParameter(MakeRequestHandler.SECURITY_TOKEN_PARAM))
- .andReturn("fake-token").atLeastOnce();
+ expect(request.getAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId()))
+ .andReturn(authToken).atLeastOnce();
expect(request.getParameter(Preload.AUTHZ_ATTR))
.andReturn(Auth.SIGNED.toString()).atLeastOnce();
replay();
@@ -301,11 +289,8 @@
// OAuth tests are in OAuthFetcherTest
expectGetAndReturnBody(oauthFetcher, RESPONSE_BODY);
FakeGadgetToken authToken = new
FakeGadgetToken().setUpdatedToken("updated");
- expect(securityTokenDecoder.createToken(
- Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
"fake-token")))
- .andReturn(authToken);
- expect(request.getParameter(MakeRequestHandler.SECURITY_TOKEN_PARAM))
- .andReturn("fake-token").atLeastOnce();
+ expect(request.getAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId()))
+ .andReturn(authToken).atLeastOnce();
expect(request.getParameter(Preload.AUTHZ_ATTR))
.andReturn(Auth.OAUTH.toString()).atLeastOnce();
// This isn't terribly accurate, but is close enough for this test.
@@ -343,13 +328,10 @@
}
public void testBadSecurityTokenThrows() throws Exception {
- expect(request.getParameter(MakeRequestHandler.SECURITY_TOKEN_PARAM))
- .andReturn("fake-token").atLeastOnce();
+ expect(request.getAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId()))
+ .andReturn(null).atLeastOnce();
expect(request.getParameter(Preload.AUTHZ_ATTR))
.andReturn(Auth.SIGNED.toString()).atLeastOnce();
- expect(securityTokenDecoder.createToken(
- Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
"fake-token")))
- .andThrow(new SecurityTokenException("No!"));
replay();
try {
Modified:
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java
Tue Sep 2 01:56:21 2008
@@ -26,6 +26,7 @@
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
+
import org.json.JSONException;
import org.json.JSONObject;
@@ -47,9 +48,8 @@
= Collections.enumeration(Collections.<String>emptyList());
private final MakeRequestServlet servlet = new MakeRequestServlet();
- private final MakeRequestHandler handler = new
MakeRequestHandler(contentFetcherFactory,
- securityTokenDecoder);
-
+ private final MakeRequestHandler handler = new
MakeRequestHandler(contentFetcherFactory);
+
private final HttpRequest internalRequest = new HttpRequest(REQUEST_URL);
private final HttpResponse internalResponse = new
HttpResponse(RESPONSE_BODY);
Modified:
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ServletTestFixture.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ServletTestFixture.java?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ServletTestFixture.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ServletTestFixture.java
Tue Sep 2 01:56:21 2008
@@ -27,6 +27,7 @@
import org.apache.shindig.common.util.DateUtil;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.GadgetTestFixture;
+import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.oauth.OAuthArguments;
import org.apache.commons.lang.StringUtils;
@@ -34,22 +35,36 @@
import java.util.Arrays;
import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
/**
* Contains everything needed for making servlet requests.
*/
public class ServletTestFixture extends GadgetTestFixture {
+ public final HttpServletRequest request = mock(HttpServletRequest.class);
+ public final HttpServletResponse response = mock(HttpServletResponse.class);
+ public final HttpServletResponseRecorder recorder = new
HttpServletResponseRecorder(response);
+ public final GadgetRenderingTask gadgetRenderer;
+ public final JsonRpcHandler jsonRpcHandler;
+ public final UrlGenerator urlGenerator = mock(UrlGenerator.class);
+ public final LockedDomainService lockedDomainService =
mock(LockedDomainService.class);
private final long testStartTime = timeSource.currentTimeMillis();
public ServletTestFixture() {
try {
// TODO: This is horrible. It needs to be fixed.
+ HttpUtil.setTimeSource(timeSource);
expect(contentFetcherFactory.get()).andReturn(fetcher).anyTimes();
expect(contentFetcherFactory.getSigningFetcher(isA(SecurityToken.class)))
.andReturn(signingFetcher).anyTimes();
expect(contentFetcherFactory.getOAuthFetcher(
isA(SecurityToken.class), isA(OAuthArguments.class)))
.andReturn(oauthFetcher).anyTimes();
+ gadgetRenderer = new GadgetRenderingTask(gadgetServer, bundleFactory,
+ registry, containerConfig, urlGenerator, lockedDomainService);
+ jsonRpcHandler = new JsonRpcHandler(executor, gadgetServer,
urlGenerator);
} catch (GadgetException e) {
throw new RuntimeException(e);
}
Modified:
incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.full.xml
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.full.xml?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
--- incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.full.xml
(original)
+++ incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.full.xml
Tue Sep 2 01:56:21 2008
@@ -32,15 +32,25 @@
</context-param>
<filter>
- <filter-name>oauthFilter</filter-name>
+ <filter-name>authFilter</filter-name>
<filter-class>org.apache.shindig.auth.AuthenticationServletFilter</filter-class>
</filter>
<filter-mapping>
- <filter-name>oauthFilter</filter-name>
+ <filter-name>authFilter</filter-name>
<url-pattern>/social/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>authFilter</filter-name>
+ <url-pattern>/gadgets/ifr</url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
+ <filter-name>authFilter</filter-name>
+ <url-pattern>/gadgets/makeRequest</url-pattern>
+ </filter-mapping>
+
<listener>
<listener-class>org.apache.shindig.common.servlet.GuiceServletContextListener</listener-class>
</listener>
Modified:
incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.gadgets.xml
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.gadgets.xml?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
--- incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.gadgets.xml
(original)
+++ incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.gadgets.xml
Tue Sep 2 01:56:21 2008
@@ -26,13 +26,28 @@
<!-- If you have your own Guice module(s), put them here as a
colon-separated list. -->
<context-param>
<param-name>guice-modules</param-name>
-
<param-value>org.apache.shindig.gadgets.servlet.HttpGuiceModule</param-value>
+
<param-value>org.apache.shindig.gadgets.servlet.HttpGuiceModule:org.apache.shindig.gadgets.servlet.AuthenticationModule</param-value>
</context-param>
<listener>
<listener-class>org.apache.shindig.common.servlet.GuiceServletContextListener</listener-class>
</listener>
+ <filter>
+ <filter-name>authFilter</filter-name>
+
<filter-class>org.apache.shindig.auth.AuthenticationServletFilter</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>authFilter</filter-name>
+ <url-pattern>/gadgets/ifr</url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
+ <filter-name>authFilter</filter-name>
+ <url-pattern>/gadgets/makeRequest</url-pattern>
+ </filter-mapping>
+
<!-- Render a Gadget -->
<servlet>
<servlet-name>xml-to-html</servlet-name>
Modified:
incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
--- incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml
(original)
+++ incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml
Tue Sep 2 01:56:21 2008
@@ -30,12 +30,12 @@
</context-param>
<filter>
- <filter-name>oauthFilter</filter-name>
+ <filter-name>authFilter</filter-name>
<filter-class>org.apache.shindig.auth.AuthenticationServletFilter</filter-class>
</filter>
<filter-mapping>
- <filter-name>oauthFilter</filter-name>
+ <filter-name>authFilter</filter-name>
<url-pattern>/social/*</url-pattern>
</filter-mapping>
Modified: incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.xml
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.xml?rev=691158&r1=691157&r2=691158&view=diff
==============================================================================
--- incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.xml
(original)
+++ incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.xml Tue Sep
2 01:56:21 2008
@@ -32,15 +32,25 @@
</context-param>
<filter>
- <filter-name>oauthFilter</filter-name>
+ <filter-name>authFilter</filter-name>
<filter-class>org.apache.shindig.auth.AuthenticationServletFilter</filter-class>
</filter>
<filter-mapping>
- <filter-name>oauthFilter</filter-name>
+ <filter-name>authFilter</filter-name>
<url-pattern>/social/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>authFilter</filter-name>
+ <url-pattern>/gadgets/ifr</url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
+ <filter-name>authFilter</filter-name>
+ <url-pattern>/gadgets/makeRequest</url-pattern>
+ </filter-mapping>
+
<listener>
<listener-class>org.apache.shindig.common.servlet.GuiceServletContextListener</listener-class>
</listener>
