Add security token to the iframe if it's defined in the context (issue1240043)

[lindner]

Reviewers: shindig.remailer_gmail.com,

Message:
here's a first step towards allowing security tokens to be added to the
iframe factory.



Please review this at http://codereview.appspot.com/1240043/show

Affected files:
  M  
java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java


Index:  
java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
diff --git  
a/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java  
b/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
index  
8c693199e0d395c9a4d7dd26a4dedbad431caf60..f4e15cb14362832c86e12d04e5b4b3e3de790ba9  
100644
---  
a/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
+++  
b/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
@@ -23,6 +23,9 @@ import com.google.inject.ImplementedBy;
 import com.google.inject.Inject;
 import com.google.inject.name.Named;

+import org.apache.commons.lang.StringUtils;
+import org.apache.shindig.auth.SecurityTokenDecoder;
+import org.apache.shindig.auth.SecurityTokenException;
 import org.apache.shindig.common.uri.Uri;
 import org.apache.shindig.common.uri.UriBuilder;
 import org.apache.shindig.config.ContainerConfig;
@@ -53,13 +56,19 @@ public class DefaultIframeUriManager implements  
IframeUriManager {

   private final ContainerConfig config;
   private final LockedDomainPrefixGenerator ldGen;
+  private final SecurityTokenDecoder securityTokenDecoder;
+
   private final List<String> ldSuffixes;
-
+
   @Inject
   public DefaultIframeUriManager(ContainerConfig config,
-                                 LockedDomainPrefixGenerator ldGen) {
+                                 LockedDomainPrefixGenerator ldGen,
+                                 SecurityTokenDecoder  
securityTokenDecoder) {
     this.config = config;
     this.ldGen = ldGen;
+    this.securityTokenDecoder = securityTokenDecoder;
+
+    // TODO this doesn't scale to large numbers of containers
     Collection<String> containers = config.getContainers();
     List<String> ldSuffixes =  
Lists.newArrayListWithCapacity(containers.size());
     for (String container : containers) {
@@ -141,7 +150,19 @@ public class DefaultIframeUriManager implements  
IframeUriManager {
       boolean upInFragment = !view.needsUserPrefSubstitution();
       addParam(uri, UriCommon.USER_PREF_PREFIX + up.getName(), data,  
useTpl, upInFragment);
     }
-
+
+    // Inject a security token if set in the context
+    try {
+      if (securityTokenDecoder != null && context.getToken() != null) {
+        String tokenVal =  
securityTokenDecoder.encodeToken(context.getToken());
+        if (StringUtils.isNotEmpty(tokenVal)) {
+          uri.addQueryParameter("st", tokenVal);
+        }
+      }
+    } catch (SecurityTokenException e) {
+      // ignore -- no security token
+    }
+
     if (versioner != null) {
       // Added on the query string, obviously not templated.
       addParam(uri, Param.VERSION.getKey(),