I just checked in a couple of classes that provide real security tokens, configured per-container. They are, for the moment, dead code. I don't want to remove the default usage of BasicSecurityTokenDecoder, because easy testing is too useful.
Any thoughts on how Shindig java deployments should opt-in to using these classes? Hand-written Guice modules? Configuration in containers.js?
