Hi Venkat, That is expected. Tests in Shindig may start failing if you are building with customizations in shindig.properties or container.js configuration files. The EndToEndTest assumes that the security token is not encrypted and is sending an unencrypted token to the server. The server is trying to validate the token and is failing.
You can either build Shindig without tests (as part of the maven build) or you can inject your own PropertiesModule via Guice to utilize your own shindig.properties and container.js files at runtime. Regards, -Stanton From: "Mahadevan, Venkat" <[email protected]> To: "[email protected]" <[email protected]>, Date: 05/14/2012 11:07 Subject: Re: Send Security Token with each request by default Hi Stanton Thanks for the reply. We want all requests to shindig include a token, looks like this is currently available as you have mentioned. Also can you let me know what I am getting errors while running mvn install. I have changed container.js with "gadgets.securityTokenType" to secure and added the path to the file which contains the key to "gadgets.securityTokenKey". I am getting this error: INFO: The security token or credential is malformed and cannot be parsed. Results : org.apache.shindig.auth.SecurityTokenException: Invalid security token canonical:john.doe:test:domain:appUrl:1:default:1337008734 at org.apache.shindig.auth.BlobCrypterSecurityTokenCodec.createToken(BlobCrypt erSecurityTokenCodec.java:140) Failed tests: fetchPerson(org.apache.shindig.server.endtoend.EndToEndTest): test method fetchTwoProperties did not finish fetchPeople(org.apache.shindig.server.endtoend.EndToEndTest): test method fetchPluralUsers did not finish at org.apache.shindig.auth.DefaultSecurityTokenCodec.createToken(DefaultSecuri tyTokenCodec.java:69) notFoundError(org.apache.shindig.server.endtoend.EndToEndTest): test method notFoundError did not finish at org.apache.shindig.auth.UrlParameterAuthenticationHandler.getSecurityTokenF romRequest(UrlParameterAuthenticationHandler.java:63) The createToken() method in BlobCrypterSecurityTokenCodec is looking for fields.length to be 2 but in this case we have fields.length as 8 since the token is "canonical:john.doe:test:domain:appUrl:1:default:1337011522" Maybe I am doing something wrong. Is there any configuration that I am missing? Regards Venkat On 5/14/12 10:20 AM, "Stanton Sievers" <[email protected]> wrote: >Hi Venkat, > >Can you clarify exactly what requests you want the security token to be >sent on? Today it should be sent on any osapi.* request, any makeRequest >(since [1]), and any request using OAuth. The only requests it shouldn't >flow on would be those to the content proxy, for urls obtained through >gadgets.io.getProxyUrl(). > >On a side note, one can set >"gadgets.uri.iframe.alwaysAppendSecurityToken" >to true in the container.js to ensure that a security token is always >available to the gadget on the ifr url. > >[1] https://issues.apache.org/jira/browse/SHINDIG-1768 > >Best regards, >-Stanton > > > >From: "Mahadevan, Venkat" <[email protected]> >To: "[email protected]" <[email protected]>, >Date: 05/14/2012 09:56 >Subject: Send Security Token with each request by default > > > >Hi > >Is there a way in Shindig trunk to enable sending security tokens with >every request? > > > >Thanks >Venkat > > >
