Re: appId in service APIs

Tue, 20 Jan 2009 17:05:16 -0800 

On Tue, Jan 20, 2009 at 02:00:33PM +0100, [email protected] wrote:
> Which classes Do I have to use in the server to generate this Token
> and stringify it? I have found the interfaces SecurityToken and
> SecurityTokenDecoder. But I haven't found a method that returns a
> String representation.

Dirty, proof of concept code: Don't really use it as is, just follow
what it does. This version won't even compile, since I ripped out some
internal extra tweaks. I used to use it from cmd line to generate
tokens for test calls, and have not even tried to put it inside some
server.

----------------------------------------------------------------------

  // These are keys from shindig's container.js
  private static final String SECURITY_TOKEN_TYPE = "gadgets.securityTokenType";
  public static final String SIGNED_FETCH_DOMAIN = "gadgets.signedFetchDomain";

  public static void main(String[] args) throws IOException, 
BlobCrypterException {
    if (args.length != 6) {
      System.out.println("Usage: PrintSecureToken owner viewer appId container 
appURL moduleId");
      System.exit(1);
    }

    String container = args[3];

    // These two lines will set up Guice with the PrintSecureToken
    // module, which in my example was basically a copy of my servlet's
    // modules
    Injector injector = Guice.createInjector(new PrintSecureToken());
    ContainerConfig config = injector.getInstance(ContainerConfig.class);

    String tokenType = config.get(container, SECURITY_TOKEN_TYPE);
    if ("secure".equals(tokenType)) {
      String domain = config.get(container, SIGNED_FETCH_DOMAIN);
      BasicBlobCrypter crypter = new BasicBlobCrypter(/* get the master key 
from somewhere */);

      BlobCrypterSecurityToken token = new BlobCrypterSecurityToken(crypter, 
container, domain);
      token.setOwnerId(args[0]);
      token.setViewerId(args[1]);
      token.setAppUrl(args[4]);
      token.setModuleId(args[5]);

      // The encrypted token does not preserve the appId, shindig is
      // transitioning to using just the appUrl everywhere

      String external = token.encrypt();

      System.out.println(URLEncoder.encode(external, "UTF-8"));
    }
  }
}

----------------------------------------------------------------------

Reply via email to