> > If I want to give a try to the secure security tokens, is it mandatory > to use a custom container (ie a kind of dynamically generated > samplecontainer.html & associated .js) and make my tokens generated > server side ?
Self-response, if someone else is trying to do the same thing than me ;-) In attachment, a sample JSP container that works with a secure token ... Steps to make all of this working : 1) Generate a b64 key for example, like explained in org.apache.shindig.auth.BlobCrypterSecurityTokenDecoder : dd if=/dev/random bs=32 count=1 | openssl base64 > /tmp/key.txt 2) Configure Shindig to use this kind of security token : in (config/)container.js be sure to configure the following lines correctly : // Use an insecure security token by default //"gadgets.securityTokenType" : "insecure", // Uncomment these to switch to a secure version "gadgets.securityTokenType" : "secure", "gadgets.securityTokenKeyFile" : "<path to the generated key file, /tmp/key.txt for example>", 3) Edit the provided jsp to put your key ... (and eventually point to the gadget URL you want) 4)Play around : mvn clean install mvn -Prun browse http://localhost:8080/gadgets/files/container/samplesecuretoken.jsp Regards -- Thomas Sauzedde
<%@ page import="org.apache.shindig.common.crypto.BasicBlobCrypter, org.apache.shindig.auth.BlobCrypterSecurityToken, org.apache.shindig.common.util.Utf8UrlCoder" %> <% String key = "PUT YOUR OWN B64 KEY HERE"; // You can also update the gadget url to be rendered below ... String gadgetUrl = "http://localhost:8080/gadgets/files/samplecontainer/examples/oauth.xml";; BasicBlobCrypter blobCrypter = new BasicBlobCrypter(key.getBytes()); BlobCrypterSecurityToken st = new BlobCrypterSecurityToken(blobCrypter, "default", "localhost"); st.setViewerId("owner"); st.setOwnerId("owner"); st.setAppUrl(gadgetUrl); String token = Utf8UrlCoder.encode(st.encrypt()); %> <!DOCTYPE html> <html> <head> <title>Sample: Simple Container</title> <!-- default container look and feel --> <link rel="stylesheet" href="gadgets.css"> <script type="text/javascript" src="../../js/rpc.js?c=1&debug=1"></script> <script type="text/javascript" src="cookies.js"></script> <script type="text/javascript" src="util.js"></script> <script type="text/javascript" src="gadgets.js"></script> <script type="text/javascript" src="cookiebaseduserprefstore.js"></script> <script type="text/javascript"> var specUrlcontacts = '<%= gadgetUrl %>'; var stoken = '<%= token %>'; // This container lays out and renders gadgets itself. function renderGadgets() { var gadget = gadgets.container.createGadget({specUrl: specUrlcontacts, secureToken: stoken}); gadgets.container.addGadget(gadget); gadgets.container.layoutManager.setGadgetChromeIds( ['gadget-chrome-x', 'gadget-chrome-y']); gadgets.container.renderGadget(gadget); }; </script> </head> <body onLoad="renderGadgets()"> <h2>Sample: Simple Container</h2> <div id="gadget-chrome-x" class="gadgets-gadget-chrome"></div> </body> </html>
