Jasha, I am seeing exactly the same thing now that I've enabled "secure". The encodeToken in BlobSecurityTokeCodec throws an exception because the token is of type Proxy and not BlobCrypterSecurityToken. Not sure how to get this cast so that it can be encrypted. This only happened once I used a gadget that needed osapi (where wantsSecurityToken in DefaultIframeUriManager becomes true).
doug On 7/4/11 12:28 PM, "Jasha Joachimsthal" <[email protected]> wrote: > Is there anyone who can answer my questions? > > Jasha > > On 28 June 2011 14:52, Jasha Joachimsthal <[email protected]> wrote: >> I think I've found the cause (but no proper solution yet). When the gadget >> metadata are requested through gadgets/ifr the BeanDelegator called by >> GadgetHandlerService doesn't create a BlobSecurityToken but a Proxy instance >> containing the BlobSecurityToken. >> Then the SecurityToken in BlobCrypterSecurityTokenCodec#encodeToken returns >> false for "token instanceof BlobCrypterSecurityToken" which leads to an >> exception. Trying to cast the token to BlobCrypterSecurityToken leads to a >> ClassCastException. >> Of course I can create my own BlobCrypterSecurityTokenCodec which overrides >> the encodeToken by constructing a BlobCrypterSecurityToken, but I wonder if >> I should end up in the BeanDelegator that creates the Proxy. What should be >> the right way to get the iframe url with security token? >> Jasha Joachimsthal >> Europe - Amsterdam - Oosteinde 11, 1017 WT Amsterdam - +31(0)20 522 4466 >> US - Boston - 1 Broadway, Cambridge, MA 02142 - +1 877 414 4776 (toll free) >> >> www.onehippo.com >> >> >> On 28 June 2011 11:57, Jasha Joachimsthal <[email protected]> >> wrote: >>> >>> Hi, >>> I'm trying to get oAuth work in the Rave container with Shindig 3 but >>> something goes wrong with the security token. As SecurityTokenCodec I use >>> the DefaultSecurityTokenCodec with tokenType 'secure' and a generated >>> keyfile with the token key. >>> Before rendering the gadget there's a call that works: >>> shindig.auth.updateSecurityToken('default:mysecuritytoken'); // >>> mysecuritytoken is a BlobCrypterSecurityToken >>> Then when container.preloadGadgets is performed a call >>> to container.navigateGadget is done (see [1]). This returns an iframe url >>> with %st% as secure token instead of the securityToken. How can I get the >>> container return an iframe url with the valid security token instead of >>> %st%? >>> >>> [1] http://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal/src/mai >>> n/webapp/script/rave_opensocial.js >>> Regards, >>> Jasha Joachimsthal >>> Europe - Amsterdam - Oosteinde 11, 1017 WT Amsterdam - +31(0)20 522 4466 >>> US - Boston - 1 Broadway, Cambridge, MA 02142 - +1 877 414 4776 (toll >>> free) >>> >>> www.onehippo.com >> >> >
