Hi Tim, On Wed, Nov 17, 2010 at 2:21 PM, Tim Wintle <tim.win...@teamrubber.com>wrote:
> On Wed, 2010-11-17 at 09:10 +0530, Nuwan Bandara wrote: > > Hi Devs, > > > > I am facing a difficulty, while using shindig to make session aware calls > to > > fetch gadget xmls. My requirement is as follows. > > > > When shindig is running as the gadget renderer, and when there are > gadgets > > hosted in the same container, there should be a mechanism to use the > current > > http session when fetching these gadget xmls. The requirement is, there > can > > be gadgets which are specific to some users (based on roles), and if the > web > > application supports user/role based permissions, if shindig makes > session > > aware requests to the container, only the permitted gadgets can be > retrieved > > from the container. > > Unless I'm misunderstanding the problem you are trying to solve, the way > I approach this is from a different angle. The gadgets themselves are > publicly available, but all data the gadgets fetch is done via an http > request (normally json) to the container domain, which handles roles. > Yes, I believe thats one way of doing it. In my case, I need the users to prevent from adding gadgets from the gadgets store which they don't have rights to use. Hence I need to protect the gadget xml itself. Regards, /Nuwan > > For example, we have Clients, and each client has multiple accounts. The > gadgets appear on either client pages or account pages. > > All content put in the gadget XML is publicly available, and not > sensitive. > > Sensitive data is requested client-side from an api on the container > domain, which checks the user's roles for the requested data. > > As we're largely reporting fairly fast changing data, it has the benefit > that most users have primed caches when viewing the gadgets, and it's > only the API calls that are repeated for the majority of displays. > > Tim Wintle > > > -- Thanks & Regards, Nuwan Bandara - www.nuwanbando.com - Stranger Than Fiction [ http://www.linkedin.com/in/nuwanbandara ] [ http://www.twitter.com/nuwanbando ]
