org.apache.shindig.gadgets
Class HashLockedDomainService

java.lang.Object
  org.apache.shindig.gadgets.HashLockedDomainService

All Implemented Interfaces:

LockedDomainService

public class HashLockedDomainService
extends Object
implements LockedDomainService

Locked domain implementation based on sha1. The generated domain takes the form: base32(sha1(gadget url)). Other domain locking schemes are possible as well.

Field Summary

static String	LOCKED_DOMAIN_REQUIRED_KEY
static String	LOCKED_DOMAIN_SUFFIX_KEY

Constructor Summary

HashLockedDomainService(ContainerConfig config, boolean enabled)
Create a LockedDomainService

Method Summary

boolean	gadgetCanRender(String host, Gadget gadget, String container) Check whether a gadget should be allowed to render on a particular host.
String	getLockedDomainForGadget(Gadget gadget, String container) Calculate the locked domain for a particular gadget on a particular container.
boolean	isEnabled()
boolean	isSafeForOpenProxy(String host)
void	setLockSecurityTokens(Boolean lockSecurityTokens) Allows a renderer to render all gadgets that require a security token on a locked domain.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOCKED_DOMAIN_REQUIRED_KEY

public static final String LOCKED_DOMAIN_REQUIRED_KEY

See Also:

Constant Field Values

LOCKED_DOMAIN_SUFFIX_KEY

public static final String LOCKED_DOMAIN_SUFFIX_KEY

See Also:

Constant Field Values

Constructor Detail

HashLockedDomainService

@Inject
public HashLockedDomainService(ContainerConfig config,
                                      boolean enabled)

Create a LockedDomainService

Parameters:

config - per-container configuration

enabled - whether this service should do anything at all.

Method Detail

setLockSecurityTokens

@Inject(optional=true)
public void setLockSecurityTokens(Boolean lockSecurityTokens)

Allows a renderer to render all gadgets that require a security token on a locked domain. This is recommended security practice, as it secures the token from other gadgets, but because the "security-token" dependency on "locked-domain" is both implicit (added by GadgetSpec code for OAuth elements) and/or transitive (included by opensocial and opensocial-templates features), turning this behavior by default may take some by surprise. As such, we provide this flag. If false (by default), locked-domain will apply only when the gadget's Requires/Optional sections include it. Otherwise, the transitive dependency tree will be traversed to make this decision.

Parameters:

lockSecurityTokens - If true, locks domains for all gadgets requiring security-token.

isEnabled

public boolean isEnabled()

isSafeForOpenProxy

public boolean isSafeForOpenProxy(String host)

Specified by:

isSafeForOpenProxy in interface LockedDomainService

Returns:

True if the host is safe for use with the open proxy.

gadgetCanRender

public boolean gadgetCanRender(String host,
                               Gadget gadget,
                               String container)

Description copied from interface: LockedDomainService

Check whether a gadget should be allowed to render on a particular host.

Specified by:

gadgetCanRender in interface LockedDomainService

Parameters:

host - host name for the content

gadget - URL of the gadget

container - container

Returns:

true if the gadget can render

getLockedDomainForGadget

public String getLockedDomainForGadget(Gadget gadget,
                                       String container)

Description copied from interface: LockedDomainService

Calculate the locked domain for a particular gadget on a particular container.

Specified by:

getLockedDomainForGadget in interface LockedDomainService

Parameters:

gadget - URL of the gadget

container - name of the container page

Returns:

the host name on which the gadget should render, or null if locked domain should not be used to render this gadget.