-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/8153/
-----------------------------------------------------------
(Updated Jan. 9, 2013, 1:22 a.m.)
Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich
Thompson.
Description
-------
We have uncovered several use cases request that:
1. Container's abilty to require a ST for all gadgets and cause it to refresh
2. Container determines that all STs are invalid (e.g. the user logged out, SSO
session times out, etc) ... should be able to force an immediate refresh to
reflect the new log in state. where the container wants to force the use of STs
on all requests.
However, there is no API in the container can call to force a refresh of all
STs due to a change it knows about (change of logged in user) and if the gadget
does not request the "auth-refresh" indirectly, shindig will not refresh its
token.
related java code:
Boolean needsTokenRefresh =
isFieldIncluded(fields, "needstokenrefresh") ?
gadget.getAllFeatures().contains("auth-refresh") : null;
This patch is about:
1. update the container feature, export one api for container to be able to
force token refresh on all sites. Update the feature.xml for container feature
because it actually invoke the gadget rpc call "update_security_token" which
resides in feature auth-refresh but it only have shindig-auth in its
dependency, sometimes, when gadget doesn't explicitly require auth-refresh, it
leads to the case that shindig will not refresh its token. change dependency to
"security-token" which does not include much new feature dependency.
In addition, at server side when return the metadata, take
"gadgets.uri.iframe.alwaysAppendSecurityToken" into consideration as well.
Original review request from EriK is https://reviews.apache.org/r/6724/.
This addresses bug shindig-1863.
https://issues.apache.org/jira/browse/shindig-1863
Diffs
-----
http://svn.apache.org/repos/asf/shindig/trunk/features/src/main/javascript/features/container/container.js
1383008
http://svn.apache.org/repos/asf/shindig/trunk/features/src/main/javascript/features/container/feature.xml
1383008
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerService.java
1383189
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerServiceTest.java
1383189
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerTest.java
1383189
Diff: https://reviews.apache.org/r/8153/diff/
Testing
-------
Thanks,
Marshall Shi
