----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/8153/#review15306 -----------------------------------------------------------
Call for review again! - Marshall Shi On Jan. 9, 2013, 1:22 a.m., Marshall Shi wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/8153/ > ----------------------------------------------------------- > > (Updated Jan. 9, 2013, 1:22 a.m.) > > > Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and > Rich Thompson. > > > Description > ------- > > We have uncovered several use cases request that: > 1. Container's abilty to require a ST for all gadgets and cause it to refresh > 2. Container determines that all STs are invalid (e.g. the user logged out, > SSO session times out, etc) ... should be able to force an immediate refresh > to reflect the new log in state. where the container wants to force the use > of STs on all requests. > > However, there is no API in the container can call to force a refresh of all > STs due to a change it knows about (change of logged in user) and if the > gadget does not request the "auth-refresh" indirectly, shindig will not > refresh its token. > > related java code: > > Boolean needsTokenRefresh = > isFieldIncluded(fields, "needstokenrefresh") ? > gadget.getAllFeatures().contains("auth-refresh") : null; > > This patch is about: > 1. update the container feature, export one api for container to be able to > force token refresh on all sites. Update the feature.xml for container > feature because it actually invoke the gadget rpc call > "update_security_token" which resides in feature auth-refresh but it only > have shindig-auth in its dependency, sometimes, when gadget doesn't > explicitly require auth-refresh, it leads to the case that shindig will not > refresh its token. change dependency to "security-token" which does not > include much new feature dependency. > > In addition, at server side when return the metadata, take > "gadgets.uri.iframe.alwaysAppendSecurityToken" into consideration as well. > > > Original review request from EriK is https://reviews.apache.org/r/6724/. > > > This addresses bug shindig-1863. > https://issues.apache.org/jira/browse/shindig-1863 > > > Diffs > ----- > > > http://svn.apache.org/repos/asf/shindig/trunk/features/src/main/javascript/features/container/container.js > 1383008 > > http://svn.apache.org/repos/asf/shindig/trunk/features/src/main/javascript/features/container/feature.xml > 1383008 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerService.java > 1383189 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerServiceTest.java > 1383189 > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerTest.java > 1383189 > > Diff: https://reviews.apache.org/r/8153/diff/ > > > Testing > ------- > > > Thanks, > > Marshall Shi > >