On Wed, 2010-11-17 at 09:10 +0530, Nuwan Bandara wrote: > Hi Devs, > > I am facing a difficulty, while using shindig to make session aware calls to > fetch gadget xmls. My requirement is as follows. > > When shindig is running as the gadget renderer, and when there are gadgets > hosted in the same container, there should be a mechanism to use the current > http session when fetching these gadget xmls. The requirement is, there can > be gadgets which are specific to some users (based on roles), and if the web > application supports user/role based permissions, if shindig makes session > aware requests to the container, only the permitted gadgets can be retrieved > from the container.
Unless I'm misunderstanding the problem you are trying to solve, the way I approach this is from a different angle. The gadgets themselves are publicly available, but all data the gadgets fetch is done via an http request (normally json) to the container domain, which handles roles. For example, we have Clients, and each client has multiple accounts. The gadgets appear on either client pages or account pages. All content put in the gadget XML is publicly available, and not sensitive. Sensitive data is requested client-side from an api on the container domain, which checks the user's roles for the requested data. As we're largely reporting fairly fast changing data, it has the benefit that most users have primed caches when viewing the gadgets, and it's only the API calls that are repeated for the majority of displays. Tim Wintle
