Hi Could you please create an issue and attach a patch[1]
Cheers, Vincent [1] http://incubator.apache.org/shindig/community/index.html#Creating_and_submitting_a_patch 2009/4/10 Pan Jie(潘劼) <[email protected]>: > Hi all, > It seems signed fetch does work for java shindig in trunk. > > A gadget like this: > *var* params = {}; > params[gadgets.io.RequestParameters.AUTHORIZATION] = > gadgets.io.AuthorizationType.SIGNED; > gadgets.io.makeRequest('http://example.org', result_callback, params); > > Browser will send a http post to "/gadgets/makeRequest" with post data > "oauthState=". > > Shindig will initialize OAuthArguments here: > > http://svn.apache.org/repos/asf/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthArguments.java > L114:origClientState = getRequestParam(request, CLIENT_STATE_PARAM, null); > > and L175: > private static String getRequestParam(HttpServletRequest request, String > name, String def) { > String val = request.getParameter(name); // Here name == "oauthState", > request.getParameter("oauthState') == "" > if (val == null) { > val = def; > } > return val; > } > > So origClientState will be "" rather than null. > > When signed fetching, OAuthRequest will construct an OAuthClientState: > http://svn.apache.org/repos/asf/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java > L166: > public HttpResponse fetch(HttpRequest request) { > realRequest = request; > clientState = new OAuthClientState( > fetcherConfig.getStateCrypter(), > request.getOAuthArguments().getOrigClientState()); > responseParams = new OAuthResponseParams(request.getSecurityToken(), > request, > fetcherConfig.getStateCrypter()); > try { > return fetchNoThrow(); > } catch (RuntimeException e) { > // We log here to record the request/response pairs that created the > failure. > responseParams.logDetailedWarning("OAuth fetch unexpected fatal > error", e); > throw e; > } > } > > http://svn.apache.org/repos/asf/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthClientState.java > L69: > public OAuthClientState(BlobCrypter crypter, String stateBlob) { > this.crypter = crypter; > Map<String, String> state = null; > if (stateBlob != null) { > try { > state = crypter.unwrap(stateBlob, CLIENT_STATE_MAX_AGE_SECS); > } catch (BlobCrypterException e) { > // Probably too old, pretend we never saw it at all. > } > } > if (state == null) { > state = Maps.newHashMap(); > } > this.state = state; > } > > Here statBlob is ""(which should be null) and crypter.unwrap will through an > exception. > > I think function OAuthArguments.getRequestParam should be changed to: > private static String getRequestParam(HttpServletRequest request, String > name, String def) { > String val = request.getParameter(name); > if (val == null || val.length() == 0) { // if val.length() == 0, we > should use default value. > val = def; > } > return val; > } > > After change, signed fetch works for Java shindig. > > -- > Warm Regards, > > Pan Jie > [email protected] >
