org.apache.shindig.gadgets
Interface LockedDomainService

All Known Implementing Classes:

HashLockedDomainService

public interface LockedDomainService

Interface for locked domain, a security mechanism that ensures that a gadget is always registered on a fixed, unique domain. This prevents attacks from other gadgets that are rendered on the same domain, since all modern web browsers implement a same origin policy that prevents pages served from different hosts from accessing each other's data.

Method Summary

boolean	gadgetCanRender(String host, Gadget gadget, String container) Check whether a gadget should be allowed to render on a particular host.
String	getLockedDomainForGadget(Gadget gadget, String container) Calculate the locked domain for a particular gadget on a particular container.
boolean	isSafeForOpenProxy(String host)

Method Detail

isSafeForOpenProxy

boolean isSafeForOpenProxy(String host)

Returns:

True if the host is safe for use with the open proxy.

gadgetCanRender

boolean gadgetCanRender(String host,
                        Gadget gadget,
                        String container)

Check whether a gadget should be allowed to render on a particular host.

Parameters:

host - host name for the content

gadget - URL of the gadget

container - container

Returns:

true if the gadget can render

getLockedDomainForGadget

String getLockedDomainForGadget(Gadget gadget,
                                String container)

Calculate the locked domain for a particular gadget on a particular container.

Parameters:

gadget - URL of the gadget

container - name of the container page

Returns:

the host name on which the gadget should render, or null if locked domain should not be used to render this gadget.