Hi all,
It seems signed fetch does work for java shindig in trunk.
A gadget like this:
*var* params = {};
params[gadgets.io.RequestParameters.AUTHORIZATION] =
gadgets.io.AuthorizationType.SIGNED;
gadgets.io.makeRequest('http://example.org', result_callback, params);
Browser will send a http post to "/gadgets/makeRequest" with post data
"oauthState=".
Shindig will initialize OAuthArguments here:
http://svn.apache.org/repos/asf/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthArguments.java
L114:origClientState = getRequestParam(request, CLIENT_STATE_PARAM, null);
and L175:
private static String getRequestParam(HttpServletRequest request, String
name, String def) {
String val = request.getParameter(name); // Here name == "oauthState",
request.getParameter("oauthState') == ""
if (val == null) {
val = def;
}
return val;
}
So origClientState will be "" rather than null.
When signed fetching, OAuthRequest will construct an OAuthClientState:
http://svn.apache.org/repos/asf/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
L166:
public HttpResponse fetch(HttpRequest request) {
realRequest = request;
clientState = new OAuthClientState(
fetcherConfig.getStateCrypter(),
request.getOAuthArguments().getOrigClientState());
responseParams = new OAuthResponseParams(request.getSecurityToken(),
request,
fetcherConfig.getStateCrypter());
try {
return fetchNoThrow();
} catch (RuntimeException e) {
// We log here to record the request/response pairs that created the
failure.
responseParams.logDetailedWarning("OAuth fetch unexpected fatal
error", e);
throw e;
}
}
http://svn.apache.org/repos/asf/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthClientState.java
L69:
public OAuthClientState(BlobCrypter crypter, String stateBlob) {
this.crypter = crypter;
Map<String, String> state = null;
if (stateBlob != null) {
try {
state = crypter.unwrap(stateBlob, CLIENT_STATE_MAX_AGE_SECS);
} catch (BlobCrypterException e) {
// Probably too old, pretend we never saw it at all.
}
}
if (state == null) {
state = Maps.newHashMap();
}
this.state = state;
}
Here statBlob is ""(which should be null) and crypter.unwrap will through an
exception.
I think function OAuthArguments.getRequestParam should be changed to:
private static String getRequestParam(HttpServletRequest request, String
name, String def) {
String val = request.getParameter(name);
if (val == null || val.length() == 0) { // if val.length() == 0, we
should use default value.
val = def;
}
return val;
}
After change, signed fetch works for Java shindig.
--
Warm Regards,
Pan Jie
[email protected]
