On Wed, Jul 1, 2009 at 10:58 AM, Jesse Ciancetta <[email protected]>wrote:
> Hi, > > I've got a Shindig deployment on my internal network that I'm using to > render both internally and externally developed/hosted gadgets. I need to > put some security measures in place to ensure that an external gadget can’t > do something like makeRequest an internal resource and then push it out to > some external server. However, internal gadgets should still be allowed to > access internal resources. > > It looks like there are three endpoints I need to be concerned with -- > ProxyServlet, MakeRequestServlet and ConcatProxyServlet. I am thinking the > easiest way for me to add this security is to write a Servlet filter to run > in front of each of these services which will look at the http referrer, > pull out the gadget spec URL, check to see if it’s an internal or external > gadget, and then decide whether or not to allow the request to proceed or > just return an HTTP 403. > > Does that sound like a reasonable approach? I missing any other places > where I might need to put these restrictions in place? I would recommend a custom HttpFetcher that delegates to two others: 1. The default fetcher, configured to use a proxy. 2. One that routes internally, but only with the presence of a valid security token that correctly identifies a trusted app. > > > Thanks! > > --Jesse >
