Hi,
I'm trying to enable secure tokens with the Java version of Shindig (1.0
release) and have run into an issue. The problem is that I can't seem to find
a way to enable secure tokens without either (1) modifying the value of the
"gadgets.securityTokenType" property directly in the default container.js file
or (2) copying the entire container.js file and then configuring the
shindig.properties file to load my custom copy instead of the default.
I understand the mechanics around creating custom container configurations and
how to take advantage of the nice inheritance framework that Shindig provides
for doing that (which seems to have been built specifically to keep from having
to copy or modify the container.js file directly), but the problem seems to be
that in the constructor of the DefaultSecurityTokenDecoder class, it decides
once and for all (for all containers) whether to use
BasicSecurityTokenDecoder's (insecure) or BlobCrypterSecurityTokenDecoder's
(secure) based on the value of the "gadgets.securityTokenType" property for the
"default" container configuration.
I've tried to create a custom container configuration that overrides the
required properties for the "default" container like this:
{"gadgets.container" : ["default"],
"gadgets.securityTokenType" : "secure",
"gadgets.securityTokenKeyFile" : "/some/dir/someKey.txt"}
and added a pointer to it to the list of containers in the shindig.properties
file, but that just seemed to confuse the container configuration inheritance
framework.
Is there some other way to do this without having to directly modify or copy
the default container.js file?
Thanks!
--Jesse
