What I was going to do was set up a DB that has a list of the gadget links and size dimensions based off of the user's preferences and just call that.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 03, 2008 9:47 AM To: [email protected] Subject: Re: CAS Portal with Shindig Ok, i begin to understand what OAuth is used for.... and i think it's not really what i need.... Let's reexplain : I have a portal that can hold shindig gadgets (not social, for instance an RSS reader). The portal itself serves RSS feed that are protected resources. When i want to present a RSS gadget that use a reentrant RSS feed, how can shindig proxy bind the portal credentials throw a makeRequest call ? Let's see an example : http//myportal/site/veryprivatedocs/globalEarnings.rss is a feed that only me can see http://myportal/site/mydashboard is a collection of RSS Feeds gadgets and one of this gadget points to the precedent feed. In this case, the portal (the container) renders an iframe with the RSS gadget that calls gadgets.io.makeRequest method that binds to the makeRequest servlet of shindig. But how can the shindig servlet authentify itself as the same user of the portal (me) ? Thx for the explanations Le 2 oct. 08 à 11:59, Ian Boston a écrit : > My understanding of CAS is that is that its a WebISO type > Authentication System between browser and server, uses browser > redirects to a central CAS server for authenticating the user and > then redirects back to the target application. I cant remember if > there is a server to server credential exchange or if all credential > exchange is via the browser (like WebAuth). > > OAuth is a server to server authorization mechanism that allows a > User the ability to grant a server to talk to another server and > perform specific operations. eg MySpace can display your Flickr > album once you have told Flickr that its Ok, and transported the > OAuth token back from Flickr to MySpace so that the MySpace servers > can contact the Flickr web service directly. > > > So Shindig + CAS. > > Shingid itself doesn't authenticate the User, as its only re > reference implementation of the standard and not a full blown Social > Network Application. To make Shindig embedded into an application > you would put a CAS filter (either at mod_cas, or as a Servlet > Filter) over the URLs that need protecting, probably just the social- > api urls. > > Then in your implementation of the Service Provider Interfaces you > would bind to the CAS credentials and use that to ensure that the > service requests from the social API are bound to the logged in user > attached to the request thread. > > Does that make sense, if not say and I can point you to the code > that you need to implement. > > Ian > > On 2 Oct 2008, at 09:45, <[EMAIL PROTECTED]> <[EMAIL PROTECTED] > > wrote: > >> Hello, >> >> I'm developping a portal on top of an Open source ECM solution. This >> portal embeds shindig to serve opensocial gadgets. >> >> The portal is CAS compliant. Our problem is that when a gadget (for >> instance an RSS Reader) wants to access RSS Feed on this portal, >> shindig doesn't have the credentials to make the proxied request. >> >> I'm trying to explore the authentication mechanism of shindig, but if >> someone has any advice for me (where to begin ? OAuth explanation >> etc...) it would be great ! >> >> -- >> Damien METZLER >> >> >> >> >> Ce message et toutes les pièces jointes sont établis à l'attention >> exclusive de leurs destinataires et sont confidentiels. Si vous >> recevez ce message par erreur, merci de le détruire et d'en avertir >> immédiatement l'expéditeur. L'internet ne permettant pas d'assurer >> l'intégrité de ce message, le contenu de ce message ne représente >> en aucun cas un engagement de la part de Leroy Merlin. >> > -- Damien METZLER SIF - Leroy Merlin France - Tel : 03 28 80 89 03 Confidentiality Notice: The information contained in this electronic transmission is confidential and may be legally privileged. It is intended only for the addressee(s) named above. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by telephone (513) 229-5500 or by email ([EMAIL PROTECTED]). After replying, please erase it from your computer system.
