To support the new osapi JS feature which dynamically binds the set of available JSON-RPC services into the exposed API, the Shindig backend will attempt to fetch the available methods and inject them into the output. The default implementation does this by forming up a call to the specified endpoint in the container config in the format you noted. It doesn't pass a security token as its not really trying to auth on behalf of any given user, and in truth system.listMethods should require no auth. This works if you have the AnonymouseAuthenitcationHandler bound. To change this behavior bind your own implementation of RpcServiceLookup.
On Wed, May 6, 2009 at 2:27 PM, Jordan Zimmerman <[email protected]> wrote: > I just got latest and am running to what appears to be new behavior. > Shindig is making a bunch of calls of the form "host://servlet > /rpc?method=system.listMethods". Are these new? Am I supposed to let > these pass through to the Shindig code (I have a servlet filter)? Why > don't these include an "st" parameter? > > Jordan Zimmerman > Principal Software Architect > 831.647.4712 > 831.214.2990 (cell) > [email protected] > > SHOP*COMTM > Shop Smart, Save Big(tm) > www.shop.com > > This message (including any attachments) is intended only for > the use of the individual or entity to which it is addressed and > may contain information that is non-public, proprietary, > privileged, confidential, and exempt from disclosure under > applicable law or may constitute as attorney work product. > If you are not the intended recipient, you are hereby notified > that any use, dissemination, distribution, or copying of this > communication is strictly prohibited. If you have received this > communication in error, notify us immediately by telephone and > (i) destroy this message if a facsimile or (ii) delete this > message > immediately if this is an electronic communication. > > Thank you. >
