Hi Nuwan: This is actually a somewhat common pattern, assuming I understand you correctly.
One question, how do you propose to get session information to the gadget renderer in the first place? Typically the renderer is hosted on a jail domain isolated from any container, so the security token is occasionally used. Injection of some kind of Provider<SessionContext> is injected where this evaluation is needed -- such as the HttpFetcher impl, and perhaps the RequestPipeline as well to ensure that caching is consistent w/ whatever policy you're implementing as well. --j On Tue, Nov 16, 2010 at 7:40 PM, Nuwan Bandara <bandara.nu...@gmail.com>wrote: > Hi Devs, > > I am facing a difficulty, while using shindig to make session aware calls > to > fetch gadget xmls. My requirement is as follows. > > When shindig is running as the gadget renderer, and when there are gadgets > hosted in the same container, there should be a mechanism to use the > current > http session when fetching these gadget xmls. The requirement is, there can > be gadgets which are specific to some users (based on roles), and if the > web > application supports user/role based permissions, if shindig makes session > aware requests to the container, only the permitted gadgets can be > retrieved > from the container. > > I am aware this is not always the case where gadgets are taken from > external > locations, but if this is also supported in a configurable manner, I > believe > it would be quite useful. WDYT ? > > Regards, > /Nuwan >