rave-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jc...@apache.org
Subject svn commit: r1221866 - in /incubator/rave/trunk: ./ rave-portal-resources/src/main/resources/ rave-portal-resources/src/main/webapp/script/ rave-portal/src/main/dist/ rave-providers/rave-opensocial-provider/src/main/java/org/apache/rave/provider/openso...
Date Wed, 21 Dec 2011 20:22:36 GMT
Author: jcian
Date: Wed Dec 21 20:22:35 2011
New Revision: 1221866

URL: http://svn.apache.org/viewvc?rev=1221866&view=rev
Log:
RAVE-158: Remove the hacks that are in place while we wait for Shindig patches to become available in a stable Shindig release.  This commit upgrades us to Shindig 3.0 beta4 and removes the hacks that we'd put in place while we waited for the beta4 release.

Added:
    incubator/rave/trunk/rave-shindig/src/main/java/org/apache/rave/opensocial/service/impl/DefaultOAuth2Service.java
Removed:
    incubator/rave/trunk/rave-shindig/src/main/java/org/apache/shindig/auth/
    incubator/rave/trunk/rave-shindig/src/test/java/org/apache/shindig/
Modified:
    incubator/rave/trunk/pom.xml
    incubator/rave/trunk/rave-portal-resources/src/main/resources/security_token_encryption_key.txt
    incubator/rave/trunk/rave-portal-resources/src/main/webapp/script/rave_opensocial.js
    incubator/rave/trunk/rave-portal/src/main/dist/README
    incubator/rave/trunk/rave-providers/rave-opensocial-provider/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java
    incubator/rave/trunk/rave-shindig/src/main/java/org/apache/rave/opensocial/service/impl/DefaultMediaItemService.java
    incubator/rave/trunk/rave-shindig/src/main/resources/modules-context.xml
    incubator/rave/trunk/rave-shindig/src/main/resources/rave.shindig.properties
    incubator/rave/trunk/rave-shindig/src/main/resources/security_token_encryption_key.txt
    incubator/rave/trunk/rave-shindig/src/main/webapp/WEB-INF/classes/containers/default/container.js
    incubator/rave/trunk/rave-shindig/src/main/webapp/WEB-INF/web.xml
    incubator/rave/trunk/rave-shindig/src/test/java/org/apache/rave/commoncontainer/ConfigurablePropertiesModuleTest.java
    incubator/rave/trunk/rave-shindig/src/test/resources/rave.shindig.custom.properties
    incubator/rave/trunk/rave-shindig/src/test/resources/rave.shindig.properties

Modified: incubator/rave/trunk/pom.xml
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/pom.xml?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/pom.xml (original)
+++ incubator/rave/trunk/pom.xml Wed Dec 21 20:22:35 2011
@@ -44,7 +44,7 @@
     </scm>
 
     <properties>
-        <apache.shindig.version>3.0.0-beta2</apache.shindig.version>
+        <apache.shindig.version>3.0.0-beta4</apache.shindig.version>
         <org.springframework.version>3.0.5.RELEASE</org.springframework.version>
         <org.springframework.mobile.version>1.0.0.M3</org.springframework.mobile.version>        
         <jstl.version>1.2</jstl.version>

Modified: incubator/rave/trunk/rave-portal-resources/src/main/resources/security_token_encryption_key.txt
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-portal-resources/src/main/resources/security_token_encryption_key.txt?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/rave-portal-resources/src/main/resources/security_token_encryption_key.txt (original)
+++ incubator/rave/trunk/rave-portal-resources/src/main/resources/security_token_encryption_key.txt Wed Dec 21 20:22:35 2011
@@ -17,7 +17,6 @@ under the License.
 
 --
 
-Note that the Shindig code that reads this file only reads the first line, so the actual encryption key at runtime when
-using this key file ends up being just the first line in this file (normally this file would just contain a single line
-with the encryption key).  See the source of the Shindig Java class org.apache.shindig.common.crypto.BasicBlobCrypter
-for more info on how this key is used and how to generate a secure key.
\ No newline at end of file
+Note that this file would normally just contain a single line with the encryption key...  See the source of the Shindig 
+Java class org.apache.shindig.common.crypto.BasicBlobCrypter for more info on how this key is used and how to generate 
+a secure key.
\ No newline at end of file

Modified: incubator/rave/trunk/rave-portal-resources/src/main/webapp/script/rave_opensocial.js
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-portal-resources/src/main/webapp/script/rave_opensocial.js?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/rave-portal-resources/src/main/webapp/script/rave_opensocial.js (original)
+++ incubator/rave/trunk/rave-portal-resources/src/main/webapp/script/rave_opensocial.js Wed Dec 21 20:22:35 2011
@@ -99,9 +99,7 @@ rave.opensocial = rave.opensocial || (fu
             preloadConfig[osapi.container.ContainerConfig.PRELOAD_REF_TIME] = null;
 
             //Preload our data into the common container
-            //TODO RAVE-158: Submit a patch to Shindig common container to make the preloadFromConfig_ method public so preloaded
-            //gadget metadata and security tokens can be incrementally be pushed into the container cache.
-            container.preloadFromConfig_(preloadConfig);
+            container.preloadCaches(preloadConfig);
             renderNewGadget(gadget);
         } else {
             rave.errorWidget(gadget.regionWidgetId, "Unable to render OpenSocial Gadget: <br /><br />" + validationResult.error);

Modified: incubator/rave/trunk/rave-portal/src/main/dist/README
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-portal/src/main/dist/README?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/rave-portal/src/main/dist/README (original)
+++ incubator/rave/trunk/rave-portal/src/main/dist/README Wed Dec 21 20:22:35 2011
@@ -4,7 +4,7 @@ ABOUT
 
 Apache Rave is a new web and social mashup engine. Its goal is to provide an out-of-the-box as well as an extendible lightweight Java platform to host, serve and aggregate (Open)Social Gadgets and services through a highly customizable and Web 2.0 friendly front-end. For more information, see http://incubator.apache.org/rave/
 
-The binary release includes Tomcat 6 and two WAR files: Apache Rave and Apache Shindig 3.0.0-beta2.  This is a self-contained release: you should be able to run Rave with no additional downloads.
+The binary release includes Tomcat 6 and two WAR files: Apache Rave and Apache Shindig.  This is a self-contained release: you should be able to run Rave with no additional downloads.
 
 MINIMUM REQUIREMENTS
 

Modified: incubator/rave/trunk/rave-providers/rave-opensocial-provider/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-providers/rave-opensocial-provider/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/rave-providers/rave-opensocial-provider/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java (original)
+++ incubator/rave/trunk/rave-providers/rave-opensocial-provider/src/main/java/org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.java Wed Dec 21 20:22:35 2011
@@ -19,19 +19,16 @@
 
 package org.apache.rave.provider.opensocial.service.impl;
 
-import org.apache.rave.portal.model.Page;
-import org.apache.rave.portal.model.Region;
-import org.apache.rave.portal.model.RegionWidget;
-import org.apache.rave.portal.model.User;
-import org.apache.rave.portal.model.Widget;
+import org.apache.commons.io.FileUtils;
+import org.apache.rave.portal.model.*;
 import org.apache.rave.portal.service.UserService;
 import org.apache.rave.provider.opensocial.exception.SecurityTokenException;
 import org.apache.rave.provider.opensocial.service.SecurityTokenService;
+import org.apache.shindig.auth.AbstractSecurityToken;
 import org.apache.shindig.auth.BlobCrypterSecurityToken;
 import org.apache.shindig.auth.SecurityToken;
 import org.apache.shindig.common.crypto.BasicBlobCrypter;
 import org.apache.shindig.common.crypto.BlobCrypter;
-import org.apache.shindig.common.util.CharsetUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -41,7 +38,8 @@ import org.springframework.stereotype.Se
 
 import java.io.File;
 import java.io.IOException;
-import java.lang.reflect.Method;
+import java.util.HashMap;
+import java.util.Map;
 
 @Service
 public class EncryptedBlobSecurityTokenService implements SecurityTokenService {
@@ -66,18 +64,18 @@ public class EncryptedBlobSecurityTokenS
         this.domain = domain;
 
         if (encryptionKey.startsWith(EMBEDDED_KEY_PREFIX)) {
-            byte[] key = CharsetUtil.getUtf8Bytes(encryptionKey.substring(EMBEDDED_KEY_PREFIX.length()));
-            this.blobCrypter = new BasicBlobCrypter(key);
+            this.blobCrypter = new BasicBlobCrypter(encryptionKey.substring(EMBEDDED_KEY_PREFIX.length()));
         } else if (encryptionKey.startsWith(CLASSPATH_KEY_PREFIX)) {
             try {
                 File file = new ClassPathResource(encryptionKey.substring(CLASSPATH_KEY_PREFIX.length())).getFile();
-                this.blobCrypter = new BasicBlobCrypter(file);
+                this.blobCrypter = new BasicBlobCrypter(FileUtils.readFileToString(file, "UTF-8"));
             } catch (IOException e) {
                 throw new SecurityException("Unable to load encryption key from classpath resource: " + encryptionKey);
             }
         } else {
             try {
-                this.blobCrypter = new BasicBlobCrypter(new File(encryptionKey));
+                File file = new File(encryptionKey);
+                this.blobCrypter = new BasicBlobCrypter(FileUtils.readFileToString(file, "UTF-8"));
             } catch (IOException e) {
                 throw new SecurityException("Unable to load encryption key from file: " + encryptionKey);
             }
@@ -116,12 +114,8 @@ public class EncryptedBlobSecurityTokenS
             encryptedSecurityToken = encryptedSecurityToken.substring((container + ":").length());
 
             //Decrypt
-            //TODO RAVE-158: This hack is in place until we can get a patch applied to shindig to make the target method public
-            Method decryptMethod = BlobCrypterSecurityToken.class.getDeclaredMethod("decrypt", BlobCrypter.class,
-                    String.class, String.class, String.class, String.class);
-            decryptMethod.setAccessible(true);
-            securityToken = (SecurityToken) decryptMethod.invoke(null, blobCrypter, container, domain,
-                    encryptedSecurityToken, null);
+            Map<String, String> values = blobCrypter.unwrap(encryptedSecurityToken);
+            securityToken = new BlobCrypterSecurityToken(container, domain, null, values);
         } catch (Exception e) {
             throw new SecurityTokenException("Error creating security token from encrypted string: " +
                     encryptedSecurityToken, e);
@@ -155,12 +149,15 @@ public class EncryptedBlobSecurityTokenS
             throws SecurityTokenException {
         User user = userService.getAuthenticatedUser();
 
-        BlobCrypterSecurityToken securityToken = new BlobCrypterSecurityToken(blobCrypter, container, domain);
-        securityToken.setAppUrl(regionWidget.getWidget().getUrl());
-        securityToken.setModuleId(regionWidget.getEntityId());
-        securityToken.setOwnerId(String.valueOf(regionWidget.getRegion().getPage().getOwner().getEntityId()));
-        securityToken.setViewerId(String.valueOf(user.getEntityId()));
-        securityToken.setTrustedJson("");
+        Map<String, String> values = new HashMap<String, String>();
+        values.put(AbstractSecurityToken.Keys.APP_URL.getKey(), regionWidget.getWidget().getUrl());
+        values.put(AbstractSecurityToken.Keys.MODULE_ID.getKey(), String.valueOf(regionWidget.getEntityId()));
+        values.put(AbstractSecurityToken.Keys.OWNER.getKey(),
+                String.valueOf(regionWidget.getRegion().getPage().getOwner().getEntityId()));
+        values.put(AbstractSecurityToken.Keys.VIEWER.getKey(), String.valueOf(user.getEntityId()));
+        values.put(AbstractSecurityToken.Keys.TRUSTED_JSON.getKey(), "");
+
+        BlobCrypterSecurityToken securityToken = new BlobCrypterSecurityToken(container, domain, null, values);
 
         if (logger.isTraceEnabled()) {
             logger.trace("Token created for regionWidget " + regionWidget.toString() + " and user " + user.toString());
@@ -173,7 +170,7 @@ public class EncryptedBlobSecurityTokenS
         String encryptedToken = null;
 
         try {
-            encryptedToken = securityToken.encrypt();
+            encryptedToken = container + ":" + blobCrypter.wrap(securityToken.toMap());
             if (logger.isTraceEnabled()) {
                 logger.trace("Encrypted token created from security token: " + securityToken.toString() +
                         " -- encrypted token is: " + encryptedToken);

Modified: incubator/rave/trunk/rave-shindig/src/main/java/org/apache/rave/opensocial/service/impl/DefaultMediaItemService.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-shindig/src/main/java/org/apache/rave/opensocial/service/impl/DefaultMediaItemService.java?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/rave-shindig/src/main/java/org/apache/rave/opensocial/service/impl/DefaultMediaItemService.java (original)
+++ incubator/rave/trunk/rave-shindig/src/main/java/org/apache/rave/opensocial/service/impl/DefaultMediaItemService.java Wed Dec 21 20:22:35 2011
@@ -33,9 +33,6 @@ import javax.servlet.http.HttpServletRes
 import java.util.Set;
 import java.util.concurrent.Future;
 
-/**
-
- */
 @Service
 public class DefaultMediaItemService implements MediaItemService {
     @Override

Added: incubator/rave/trunk/rave-shindig/src/main/java/org/apache/rave/opensocial/service/impl/DefaultOAuth2Service.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-shindig/src/main/java/org/apache/rave/opensocial/service/impl/DefaultOAuth2Service.java?rev=1221866&view=auto
==============================================================================
--- incubator/rave/trunk/rave-shindig/src/main/java/org/apache/rave/opensocial/service/impl/DefaultOAuth2Service.java (added)
+++ incubator/rave/trunk/rave-shindig/src/main/java/org/apache/rave/opensocial/service/impl/DefaultOAuth2Service.java Wed Dec 21 20:22:35 2011
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.rave.opensocial.service.impl;
+
+import org.apache.shindig.protocol.ProtocolException;
+import org.apache.shindig.social.core.oauth2.*;
+import org.springframework.stereotype.Service;
+
+import javax.servlet.http.HttpServletResponse;
+
+@Service
+public class DefaultOAuth2Service implements OAuth2Service {
+    @Override
+    public OAuth2DataService getDataService() {
+        throw new ProtocolException(HttpServletResponse.SC_NOT_IMPLEMENTED, "Not Implemented");
+    }
+
+    @Override
+    public void authenticateClient(OAuth2NormalizedRequest req) throws OAuth2Exception {
+        throw new ProtocolException(HttpServletResponse.SC_NOT_IMPLEMENTED, "Not Implemented");
+    }
+
+    @Override
+    public void validateRequestForAuthCode(OAuth2NormalizedRequest req) throws OAuth2Exception {
+        throw new ProtocolException(HttpServletResponse.SC_NOT_IMPLEMENTED, "Not Implemented");
+    }
+
+    @Override
+    public void validateRequestForAccessToken(OAuth2NormalizedRequest req) throws OAuth2Exception {
+        throw new ProtocolException(HttpServletResponse.SC_NOT_IMPLEMENTED, "Not Implemented");
+    }
+
+    @Override
+    public void validateRequestForResource(OAuth2NormalizedRequest req, Object resourceRequest) throws OAuth2Exception {
+        throw new ProtocolException(HttpServletResponse.SC_NOT_IMPLEMENTED, "Not Implemented");
+    }
+
+    @Override
+    public OAuth2Code grantAuthorizationCode(OAuth2NormalizedRequest req) {
+        throw new ProtocolException(HttpServletResponse.SC_NOT_IMPLEMENTED, "Not Implemented");
+    }
+
+    @Override
+    public OAuth2Code grantAccessToken(OAuth2NormalizedRequest req) {
+        throw new ProtocolException(HttpServletResponse.SC_NOT_IMPLEMENTED, "Not Implemented");
+    }
+
+    @Override
+    public OAuth2Code grantRefreshToken(OAuth2NormalizedRequest req) {
+        throw new ProtocolException(HttpServletResponse.SC_NOT_IMPLEMENTED, "Not Implemented");
+    }
+
+    @Override
+    public OAuth2Code generateAuthorizationCode(OAuth2NormalizedRequest req) {
+        throw new ProtocolException(HttpServletResponse.SC_NOT_IMPLEMENTED, "Not Implemented");
+    }
+
+    @Override
+    public OAuth2Code generateAccessToken(OAuth2NormalizedRequest req) {
+        throw new ProtocolException(HttpServletResponse.SC_NOT_IMPLEMENTED, "Not Implemented");
+    }
+
+    @Override
+    public OAuth2Code generateRefreshToken(OAuth2NormalizedRequest req) {
+        throw new ProtocolException(HttpServletResponse.SC_NOT_IMPLEMENTED, "Not Implemented");
+    }
+}

Modified: incubator/rave/trunk/rave-shindig/src/main/resources/modules-context.xml
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-shindig/src/main/resources/modules-context.xml?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/rave-shindig/src/main/resources/modules-context.xml (original)
+++ incubator/rave/trunk/rave-shindig/src/main/resources/modules-context.xml Wed Dec 21 20:22:35 2011
@@ -22,12 +22,16 @@
 
     <!-- Define the Default Guice Modules Here-->
     <bean class="org.apache.rave.commoncontainer.ConfigurablePropertiesModule" />
+    <bean class="org.apache.shindig.gadgets.DefaultGuiceModule" />
     <bean class="org.apache.shindig.social.core.config.SocialApiGuiceModule" />
-    <bean class="org.apache.shindig.auth.ClasspathAwareDefaultSecurityTokenCodec$TemporarySecurityTokenGuiceModule" />
     <bean class="org.apache.rave.gadgets.oauth.inject.OAuthGuiceModule"/>
-    <bean class="org.apache.shindig.gadgets.DefaultGuiceModule" />
+    <bean class="org.apache.shindig.gadgets.oauth2.OAuth2Module"/>
+    <bean class="org.apache.shindig.gadgets.oauth2.OAuth2MessageModule"/>
+    <bean class="org.apache.shindig.gadgets.oauth2.handler.OAuth2HandlerModule"/>
+    <bean class="org.apache.shindig.gadgets.oauth2.persistence.sample.OAuth2PersistenceModule"/>
     <bean class="org.apache.shindig.common.cache.ehcache.EhCacheModule" />
     <bean class="org.apache.shindig.sample.shiro.ShiroGuiceModule" />
     <bean class="org.apache.shindig.sample.container.SampleContainerGuiceModule" />
     <bean class="org.apache.shindig.extras.ShindigExtrasGuiceModule" />
+    <bean class="org.apache.shindig.gadgets.admin.GadgetAdminModule" />
 </beans>
\ No newline at end of file

Modified: incubator/rave/trunk/rave-shindig/src/main/resources/rave.shindig.properties
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-shindig/src/main/resources/rave.shindig.properties?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/rave-shindig/src/main/resources/rave.shindig.properties (original)
+++ incubator/rave/trunk/rave-shindig/src/main/resources/rave.shindig.properties Wed Dec 21 20:22:35 2011
@@ -56,12 +56,9 @@ shindig.features.default=res://features/
 # Location of container configurations (comma separated)
 shindig.containers.default=res://containers/default/container.js
 
-# A file containing blacklisted gadgets.
-shindig.blacklist.file=
-
 ### Inbound OAuth support
 # The URL base to use for full OAuth support (three-legged)
-shindig.oauth.base-url=/oauth/
+shindig.oauth.base-url=/oauth
 shindig.oauth.authorize-action=/WEB-INF/authorize.jsp
 # The range to the past and future of timestamp for OAuth token validation. Default to 5 minutes
 shindig.oauth.validator-max-timestamp-age-ms=300000
@@ -70,9 +67,24 @@ shindig.oauth.validator-max-timestamp-ag
 shindig.signing.state-key=
 shindig.signing.key-name=
 shindig.signing.key-file=
-shindig.signing.global-callback-url=http://localhost:8080/gadgets/oauthcallback
+shindig.signing.global-callback-url=http://%authority%%contextRoot%/gadgets/oauthcallback
 shindig.signing.enable-signed-callbacks=true
 
+### If a OAuth2Client does not specify a redirect uri it will default here
+shindig.oauth2.global-redirect-uri=http://%authority%%contextRoot%/gadgets/oauth2callback
+### Setting to true will cause the registered OAuth2Persistence plugin to load it's values
+### with what's in config/oauth2.json, no meaning without a second persistence implementation.
+shindig.oauth2.import=false
+### Determines if the import will start by removing everything currently in persistence.
+shindig.oauth2.import.clean=false
+# Set to true if you want to allow the use of 3-party (authorization_code) OAuth 2.0 flow when viewer != owner.
+# This setting is not recommeneded for pages that allow user-controlled javascript, since
+# that javascript could be used to make unauthorized requests on behalf of the viewer of the page
+shindig.oauth2.viewer-access-tokens-enabled=true
+# Set to true to send extended trace messages to the client.  Probably want this to be false for
+# production systems and true for test/development.
+shindig.oauth2.send-trace-to-client=true
+
 # Set to true if you want to allow the use of 3-legged OAuth tokens when viewer != owner.
 # This setting is not recommeneded for pages that allow user-controlled javascript, since
 # that javascript could be used to make unauthorized requests on behalf of the viewer of the page
@@ -81,14 +93,12 @@ shindig.signing.viewer-access-tokens-ena
 # If enabled here, configuration values can be found in container configuration files.
 shindig.locked-domain.enabled=false
 
-# TODO (Shindig): This needs to be moved to container configuration.
+# TODO: This needs to be moved to container configuration.
 shindig.content-rewrite.only-allow-excludes=false
 shindig.content-rewrite.include-urls=.*
 shindig.content-rewrite.exclude-urls=
 shindig.content-rewrite.include-tags=body,embed,img,input,link,script,style
 shindig.content-rewrite.expires=86400
-shindig.content-rewrite.proxy-url=%contextRoot%/gadgets/proxy?container=default&url=
-shindig.content-rewrite.concat-url=%contextRoot%/gadgets/concat?container=default&
 shindig.content-rewrite.enable-split-js-concat=true
 shindig.content-rewrite.enable-single-resource-concat=false
 
@@ -101,7 +111,7 @@ shindig.gadget-rewrite.default-forced-li
 
 #
 # Allow supported JavaScript features required by a gadget to be externalized on demand
-shindig.gadget-rewrite.externalize-feature-libs=false
+shindig.gadget-rewrite.externalize-feature-libs=true
 
 # Configuration for image rewriter
 shindig.image-rewrite.max-inmem-bytes = 1048576
@@ -209,3 +219,15 @@ org.apache.shindig.gadgets.uri.urlMaxLen
 
 # Default cachettl value for versioned url in seconds. Here default value is 1 year.
 org.apache.shindig.gadgets.servlet.longLivedRefreshSec=31536000
+
+# Closure compiler optimization level.  One of advanced|simple|whitespace_only|none.
+# Defaults to simple.
+shindig.closure.compile.level=simple
+
+# OAuth 2.0 authorization code, access token, and refresh token expiration times.
+# 5 * 60 * 1000 = 300000 = 5 minutes
+# 5 * 60 * 60 * 1000 = 18000000 = 5 hours
+# 5 * 60 * 60 * 1000 * 24 = 432000000 = 5 days
+shindig.oauth2.authCodeExpiration=300000
+shindig.oauth2.accessTokenExpiration=18000000
+shindig.oauth2.refreshTokenExpiration=432000000
\ No newline at end of file

Modified: incubator/rave/trunk/rave-shindig/src/main/resources/security_token_encryption_key.txt
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-shindig/src/main/resources/security_token_encryption_key.txt?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/rave-shindig/src/main/resources/security_token_encryption_key.txt (original)
+++ incubator/rave/trunk/rave-shindig/src/main/resources/security_token_encryption_key.txt Wed Dec 21 20:22:35 2011
@@ -17,7 +17,6 @@ under the License.
 
 --
 
-Note that the Shindig code that reads this file only reads the first line, so the actual encryption key at runtime when
-using this key file ends up being just the first line in this file (normally this file would just contain a single line 
-with the encryption key).  See the source of the Shindig Java class org.apache.shindig.common.crypto.BasicBlobCrypter
-for more info on how this key is used and how to generate a secure key.
\ No newline at end of file
+Note that this file would normally just contain a single line with the encryption key...  See the source of the Shindig 
+Java class org.apache.shindig.common.crypto.BasicBlobCrypter for more info on how this key is used and how to generate 
+a secure key.
\ No newline at end of file

Modified: incubator/rave/trunk/rave-shindig/src/main/webapp/WEB-INF/classes/containers/default/container.js
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-shindig/src/main/webapp/WEB-INF/classes/containers/default/container.js?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/rave-shindig/src/main/webapp/WEB-INF/classes/containers/default/container.js (original)
+++ incubator/rave/trunk/rave-shindig/src/main/webapp/WEB-INF/classes/containers/default/container.js Wed Dec 21 20:22:35 2011
@@ -26,7 +26,7 @@
 //  change
 //		{"gadgets.container" : ["default"],
 //  to
-//		{"gadgets.container" : ["myContainer"],
+//		{"gadgets.container" : ["myContainer"],
 // And make your changes that you need to myContainer.js.
 // Just make sure on the iframe URL you specify &container=myContainer
 // for it to use that config.
@@ -44,7 +44,10 @@
 
 // Container must be an array; this allows multiple containers
 // to share configuration.
-// TODO (copied from Shindig): Move out accel container config into a separate accel.js file.
+
+// Note that you can embed values directly or you can choose to have values read from a file on disk
+// or read from the classpath ("foo-key" : "file:///foo-file.txt" || "foo-key" : "res://foo-file.txt")
+// TODO: Move out accel container config into a separate accel.js file.
 {"gadgets.container" : ["default", "accel"],
 
 // Set of regular expressions to validate the parent parameter. This is
@@ -56,11 +59,16 @@
 "gadgets.parent" : null,
 
 // Should all gadgets be forced on to a locked domain?
-"gadgets.lockedDomainRequired" : false,
+"gadgets.uri.iframe.lockedDomainRequired" : false,
 
 // DNS domain on which gadgets should render.
-"gadgets.lockedDomainSuffix" : "-a.example.com:8080",
-	
+// Default Uri config: these must be overridden - specified here for testing purposes
+"gadgets.uri.iframe.unlockedDomain": "${Cur['defaultShindigTestAuthority']}",
+// When setting up the server to enable locked domains, you should set this to something that does not
+// attempt to use the authority at all.  Ideally it would be another hostname that points to this server.
+// Example: unlockedDomain="shindig.example.com" lockedDomainSuffix="-locked.gadgets.example.com"
+"gadgets.uri.iframe.lockedDomainSuffix": "${Cur['defaultShindigTestAuthority']}",
+
 // Origins for CORS requests and/or Referer validation
 // Indicate a set of origins or an entry with * to indicate that all origins are allowed
 "gadgets.parentOrigins" : ["*"],
@@ -71,45 +79,36 @@
 // query parameters will be added.
 "gadgets.iframeBaseUri" : "${CONTEXT_ROOT}/gadgets/ifr",
 "gadgets.uri.iframe.basePath" : "${CONTEXT_ROOT}/gadgets/ifr",
+"gadgets.uri.iframe.alwaysAppendSecurityToken" : true,
 
 // jsUriTemplate will have %host% and %js% substituted.
 // No locked domain special cases, but jsUriTemplate must
 // never conflict with a lockedDomainSuffix.
 "gadgets.jsUriTemplate" : "http://%host%${CONTEXT_ROOT}/gadgets/js/%js%",
 
-//New configuration for iframeUri generation:
-"gadgets.uri.iframe.lockedDomainSuffix" :  "-a.example.com:8080",
-"gadgets.uri.iframe.unlockedDomain" : "www.example.com:8080",
-"gadgets.uri.iframe.basePath" : "${CONTEXT_ROOT}/gadgets/ifr",
-"gadgets.uri.iframe.alwaysAppendSecurityToken" : true,
-
 "gadgets.uri.js.host" : "http://www.example.com/",
 "gadgets.uri.js.path" : "${CONTEXT_ROOT}/gadgets/js",
-	
-	
+
 // Callback URL.  Scheme relative URL for easy switch between https/http.
 "gadgets.uri.oauth.callbackTemplate" : "//%host%${CONTEXT_ROOT}/gadgets/oauthcallback",
 
-// Use an insecure security token by default
-//"gadgets.securityTokenType" : "insecure",
-
 // Config param to load Opensocial data for social
 // preloads in data pipelining.  %host% will be
 // substituted with the current host.
 "gadgets.osDataUri" : "http://%host%${CONTEXT_ROOT}/rpc",
 
-// Uncomment these to switch to a secure version
-"gadgets.securityTokenType" : "secure",
-"gadgets.securityTokenKeyFile" : "classpath:security_token_encryption_key.txt",
-
-// URI for the default shindig test instance.
-//"defaultShindigTestHost": "http://${SERVER_HOST}:${SERVER_PORT}",
-"defaultShindigTestHost":"http://%authority%",
-
+// Use an insecure security token by default
+//"gadgets.securityTokenType" : "insecure",
 
-// Authority (host:port without scheme) for the proxy and concat servlets.
-//"defaultShindigProxyConcatAuthority": "${SERVER_HOST}:${SERVER_PORT}",
-"defaultShindigProxyConcatAuthority":"%authority%",
+// Uncomment the securityTokenType and one of the securityTokenKey's to switch to a secure version.
+// Note that you can choose to use an embedded key, a filesystem reference or a classpath reference.
+// The best way to generate a key is to do something like this:
+// dd if=/dev/random bs=32 count=1 | openssl base64
+//
+"gadgets.securityTokenType" : "secure",
+//"gadgets.securityTokenKey" : "default-insecure-embedded-key",
+//"gadgets.securityTokenKey" : "file:///path/to/key/file.txt",
+"gadgets.securityTokenKey" : "res://security_token_encryption_key.txt",
 
 // OS 2.0 Gadget DOCTYPE: used in Gadgets with @specificationVersion 2.0 or greater and
 // quirksmode on Gadget has not been set.
@@ -117,12 +116,15 @@
 "gadgets.doctype_pubid" : "",
 "gadgets.doctype_sysid" : "",
 
-// Default Uri config: these must be overridden - specified here for testing purposes
-"gadgets.uri.iframe.unlockedDomain": "${Cur['defaultShindigTestHost']}",
-"gadgets.uri.iframe.lockedDomainSuffix": "${Cur['defaultShindigTestHost']}",
+
+// Authority (host:port without scheme) for the default shindig test instance.
+"defaultShindigTestAuthority":"%authority%",
+
+// Authority (host:port without scheme) for the proxy and concat servlets.
+"defaultShindigProxyConcatAuthority":"%authority%",
 
 // Default Js Uri config: also must be overridden.
-"gadgets.uri.js.host": "${Cur['defaultShindigTestHost']}",
+"gadgets.uri.js.host": "//${Cur['defaultShindigTestAuthority']}",
 "gadgets.uri.js.path": "${CONTEXT_ROOT}/gadgets/js",
 
 // Default concat Uri config; used for testing.
@@ -134,6 +136,12 @@
 "gadgets.uri.proxy.host" : "${Cur['defaultShindigProxyConcatAuthority']}",
 "gadgets.uri.proxy.path" : "${CONTEXT_ROOT}/gadgets/proxy",
 
+//Enables/Disables feature administration
+"gadgets.admin.enableFeatureAdministration" : "false",
+
+//Enables whitelist checks
+"gadgets.admin.enableGadgetWhitelist" : "false",
+
 // This config data will be passed down to javascript. Please
 // configure your object using the feature name rather than
 // the javascript name.
@@ -158,6 +166,11 @@
       "isOnlyVisible" : true,
       "urlTemplate" : "http://localhost${CONTEXT_ROOT}/gadgets/canvas?{var}",
       "aliases" : ["FULL_PAGE"]
+    },
+    "default" : {
+      "isOnlyVisible" : false,
+      "urlTemplate" : "http://localhost${CONTEXT_ROOT}/gadgets/default?{var}",
+      "aliases" : ["home", "profile", "canvas"]
     }
   },
   "tabs": {
@@ -287,7 +300,7 @@
   },
   "osapi" : {
     // The endpoints to query for available JSONRPC/REST services
-    "endPoints" : [ "http://%host%${CONTEXT_ROOT}/rpc" ]
+    "endPoints" : [ "//%host%${CONTEXT_ROOT}/rpc" ]
   },
   "osml": {
     // OSML library resource.  Can be set to null or the empty string to disable OSML
@@ -298,6 +311,9 @@
     "serverBase": "${CONTEXT_ROOT}/gadgets/"
   },
   "container" : {
-    "relayPath": "${CONTEXT_ROOT}/gadgets/files/container/rpc_relay.html"
+    "relayPath": "${CONTEXT_ROOT}/gadgets/files/container/rpc_relay.html",
+
+    //Enables/Disables the RPC arbitrator functionality in the common container
+    "enableRpcArbitration": false
   }
 }}

Modified: incubator/rave/trunk/rave-shindig/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-shindig/src/main/webapp/WEB-INF/web.xml?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/rave-shindig/src/main/webapp/WEB-INF/web.xml (original)
+++ incubator/rave/trunk/rave-shindig/src/main/webapp/WEB-INF/web.xml Wed Dec 21 20:22:35 2011
@@ -35,70 +35,102 @@
         </param-value>
     </context-param>
 
-    <filter>
+    <!--
+      Syntax: <key>=<value> separated by a newline
+
+      system.properties specifies the environmental variables that will be set to the JVM System Properties at server startup time.
+      Alternatively, you may add these values in your app server (ex: Tomcat) as
+      VM arguments like this: -Dshindig.host="my.production.shindig.server.com".
+
+      Here are a few properties that can be set for Shindig:
+      shindig.host: the server name that Shindig is deployed and running on
+      shindig.port: the port number of shindig.host server
+
+      Make sure you escape all HTML values for the web.xml to be parsed correctly.
+      -->
+       <context-param>
+         <param-name>system.properties</param-name>
+         <param-value>
+         <![CDATA[
+            shindig.host=
+            shindig.port=
+            aKey=/shindig/gadgets/proxy?container=default&url=
+         ]]>
+         </param-value>
+      </context-param>
+
+      <filter>
         <filter-name>hostFilter</filter-name>
         <filter-class>org.apache.shindig.common.servlet.HostFilter</filter-class>
-    </filter>
-    <filter-mapping>
+      </filter>
+      <filter-mapping>
         <filter-name>hostFilter</filter-name>
         <url-pattern>/gadgets/ifr</url-pattern>
         <url-pattern>/gadgets/js/*</url-pattern>
         <url-pattern>/gadgets/proxy/*</url-pattern>
         <url-pattern>/gadgets/concat</url-pattern>
+        <url-pattern>/gadgets/makeRequest</url-pattern>
         <url-pattern>/rpc/*</url-pattern>
         <url-pattern>/rest/*</url-pattern>
-    </filter-mapping>
-
-    <filter>
-        <filter-name>ShiroFilter</filter-name>
-        <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
-        <init-param>
-            <param-name>config</param-name>
-            <param-value>
-                # The ShiroFilter configuration is very powerful and flexible, while still remaining succinct.
-                # Please read the comprehensive example, with full comments and explanations, in the JavaDoc:
-                #
-                # http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html
-                [main]
-                shindigSampleRealm = org.apache.shindig.sample.shiro.SampleShiroRealm
-                securityManager.realm = $shindigSampleRealm
-                authc.loginUrl = /login.jsp
-
-                [urls]
-                # The /login.jsp is not restricted to authenticated users (otherwise no one could log in!), but
-                # the 'authc' filter must still be specified for it so it can process that url's
-                # login submissions. It is 'smart' enough to allow those requests through as specified by the
-                # shiro.loginUrl above.
-                /login.jsp = authc
+      </filter-mapping>
 
-                /oauth/authorize/** = authc
+        <filter>
+            <filter-name>ShiroFilter</filter-name>
+            <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
+            <init-param>
+                <param-name>config</param-name>
+                <param-value>
+                <![CDATA[
+                    # The ShiroFilter configuration is very powerful and flexible, while still remaining succinct.
+                    # Please read the comprehensive example, with full comments and explanations, in the JavaDoc:
+                    #
+                    # http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html
+                    [main]
+                    shindigSampleRealm = org.apache.shindig.sample.shiro.SampleShiroRealm
+                    securityManager.realm = $shindigSampleRealm
+                    authc.loginUrl = /login.jsp
+
+                    [urls]
+                    # The /login.jsp is not restricted to authenticated users (otherwise no one could log in!), but
+                    # the 'authc' filter must still be specified for it so it can process that url's
+                    # login submissions. It is 'smart' enough to allow those requests through as specified by the
+                    # shiro.loginUrl above.
+                    /login.jsp = authc
+
+                    /oauth/authorize/** = authc
+                    /oauth2/authorize/** = authc
+                ]]>
+                </param-value>
+            </init-param>
+        </filter>
 
-            </param-value>
-        </init-param>
-    </filter>
-
-    <filter>
+      <filter>
         <filter-name>authFilter</filter-name>
         <filter-class>org.apache.shindig.auth.AuthenticationServletFilter</filter-class>
-    </filter>
+      </filter>
 
-    <filter>
+      <filter>
         <filter-name>etagFilter</filter-name>
         <filter-class>org.apache.shindig.gadgets.servlet.ETagFilter</filter-class>
-    </filter>
+      </filter>
+
 
+      <filter-mapping>
+          <filter-name>ShiroFilter</filter-name>
+          <url-pattern>/oauth/authorize</url-pattern>
+      </filter-mapping>
 
-    <filter-mapping>
-        <filter-name>ShiroFilter</filter-name>
-        <url-pattern>/oauth/authorize</url-pattern>
-    </filter-mapping>
+      <filter-mapping>
+          <filter-name>ShiroFilter</filter-name>
+          <url-pattern>/oauth2/authorize</url-pattern>
+      </filter-mapping>
 
-    <filter-mapping>
-        <filter-name>ShiroFilter</filter-name>
-        <url-pattern>*.jsp</url-pattern>
-    </filter-mapping>
+      <filter-mapping>
+          <filter-name>ShiroFilter</filter-name>
+          <url-pattern>*.jsp</url-pattern>
+      </filter-mapping>
 
-    <filter-mapping>
+      <filter-mapping>
         <filter-name>authFilter</filter-name>
         <url-pattern>/social/*</url-pattern>
         <url-pattern>/gadgets/ifr</url-pattern>
@@ -107,17 +139,17 @@
         <url-pattern>/gadgets/api/rest/*</url-pattern>
         <url-pattern>/rpc/*</url-pattern>
         <url-pattern>/rest/*</url-pattern>
-    </filter-mapping>
+      </filter-mapping>
 
-    <filter-mapping>
+      <filter-mapping>
         <filter-name>etagFilter</filter-name>
         <url-pattern>*</url-pattern>
-    </filter-mapping>
+      </filter-mapping>
 
 <!--
-    <listener>
+      <listener>
         <listener-class>org.apache.shindig.common.servlet.GuiceServletContextListener</listener-class>
-    </listener>
+      </listener>
 -->
 
     <!-- Initialize Spring LAST -->
@@ -125,167 +157,192 @@
         <listener-class>org.apache.rave.inject.GuiceBindingSpringContextLoaderListener</listener-class>
     </listener>
 
-    <!-- Render a Gadget -->
-    <servlet>
+      <!-- Render a Gadget -->
+      <servlet>
         <servlet-name>xml-to-html</servlet-name>
         <servlet-class>
-            org.apache.shindig.gadgets.servlet.GadgetRenderingServlet
+          org.apache.shindig.gadgets.servlet.GadgetRenderingServlet
         </servlet-class>
-    </servlet>
+      </servlet>
 
-    <servlet>
+      <servlet>
         <servlet-name>accel</servlet-name>
         <servlet-class>
-            org.apache.shindig.gadgets.servlet.HtmlAccelServlet
+          org.apache.shindig.gadgets.servlet.HtmlAccelServlet
         </servlet-class>
-    </servlet>
+      </servlet>
 
-    <!-- Proxy -->
-    <servlet>
+      <!-- Proxy -->
+      <servlet>
         <servlet-name>proxy</servlet-name>
         <servlet-class>
-            org.apache.shindig.gadgets.servlet.ProxyServlet
+          org.apache.shindig.gadgets.servlet.ProxyServlet
         </servlet-class>
-    </servlet>
+      </servlet>
 
-    <!-- makeRequest -->
-    <servlet>
+      <!-- makeRequest -->
+      <servlet>
         <servlet-name>makeRequest</servlet-name>
         <servlet-class>
-            org.apache.shindig.gadgets.servlet.MakeRequestServlet
+          org.apache.shindig.gadgets.servlet.MakeRequestServlet
         </servlet-class>
-    </servlet>
+      </servlet>
 
-    <!-- Concat -->
-    <servlet>
+      <!-- Concat -->
+      <servlet>
         <servlet-name>concat</servlet-name>
         <servlet-class>
-            org.apache.shindig.gadgets.servlet.ConcatProxyServlet
+          org.apache.shindig.gadgets.servlet.ConcatProxyServlet
         </servlet-class>
-    </servlet>
+      </servlet>
 
-    <!-- OAuth callback -->
-    <servlet>
+      <!-- OAuth callback -->
+      <servlet>
         <servlet-name>oauthCallback</servlet-name>
         <servlet-class>
-            org.apache.shindig.gadgets.servlet.OAuthCallbackServlet
+          org.apache.shindig.gadgets.servlet.OAuthCallbackServlet
         </servlet-class>
-    </servlet>
+      </servlet>
 
-    <!-- Metadata RPC -->
-    <servlet>
+      <!-- OAuth2 callback -->
+      <servlet>
+        <servlet-name>oauth2callback</servlet-name>
+        <servlet-class>
+          org.apache.shindig.gadgets.servlet.OAuth2CallbackServlet
+        </servlet-class>
+      </servlet>
+
+      <!-- Metadata RPC -->
+      <servlet>
         <servlet-name>metadata</servlet-name>
         <servlet-class>
-            org.apache.shindig.gadgets.servlet.RpcServlet
+          org.apache.shindig.gadgets.servlet.RpcServlet
         </servlet-class>
-    </servlet>
+      </servlet>
 
-    <!-- javascript serving -->
-    <servlet>
+      <!-- javascript serving -->
+      <servlet>
         <servlet-name>js</servlet-name>
         <servlet-class>org.apache.shindig.gadgets.servlet.JsServlet</servlet-class>
-    </servlet>
+      </servlet>
 
-    <servlet>
+      <servlet>
         <servlet-name>restapiServlet</servlet-name>
         <servlet-class>
-            org.apache.shindig.protocol.DataServiceServlet
+          org.apache.shindig.protocol.DataServiceServlet
         </servlet-class>
         <init-param>
-            <param-name>handlers</param-name>
-            <param-value>org.apache.shindig.handlers</param-value>
+          <param-name>handlers</param-name>
+          <param-value>org.apache.shindig.handlers</param-value>
         </init-param>
-    </servlet>
+      </servlet>
 
-    <!-- Serve social RPC api -->
-    <servlet>
+      <!-- Serve social RPC api -->
+      <servlet>
         <servlet-name>jsonRpcServlet</servlet-name>
         <servlet-class>
-            org.apache.shindig.protocol.JsonRpcServlet
+          org.apache.shindig.protocol.JsonRpcServlet
         </servlet-class>
         <init-param>
-            <param-name>handlers</param-name>
-            <param-value>org.apache.shindig.handlers</param-value>
+          <param-name>handlers</param-name>
+          <param-value>org.apache.shindig.handlers</param-value>
         </init-param>
-    </servlet>
+      </servlet>
 
-    <!-- Serve sample OAuth apis -->
-    <servlet>
+      <!-- Serve sample OAuth apis -->
+      <servlet>
         <servlet-name>sampleOAuth</servlet-name>
         <servlet-class>
-            org.apache.shindig.social.sample.oauth.SampleOAuthServlet
+          org.apache.shindig.social.sample.oauth.SampleOAuthServlet
         </servlet-class>
-    </servlet>
+      </servlet>
 
-    <servlet>
+      <!-- Serve OAuth 2 APIs -->
+      <servlet>
+        <servlet-name>OAuth2Servlet</servlet-name>
+        <servlet-class>
+          org.apache.shindig.social.core.oauth2.OAuth2Servlet
+        </servlet-class>
+      </servlet>
+
+      <servlet>
         <servlet-name>rpcSwf</servlet-name>
         <servlet-class>
-            org.apache.shindig.gadgets.servlet.RpcSwfServlet
+          org.apache.shindig.gadgets.servlet.RpcSwfServlet
         </servlet-class>
-    </servlet>
+      </servlet>
 
-    <servlet-mapping>
+      <servlet-mapping>
         <servlet-name>js</servlet-name>
         <url-pattern>/gadgets/js/*</url-pattern>
-    </servlet-mapping>
+      </servlet-mapping>
 
-    <servlet-mapping>
+      <servlet-mapping>
         <servlet-name>proxy</servlet-name>
         <url-pattern>/gadgets/proxy/*</url-pattern>
-    </servlet-mapping>
+      </servlet-mapping>
 
-    <servlet-mapping>
+      <servlet-mapping>
         <servlet-name>makeRequest</servlet-name>
         <url-pattern>/gadgets/makeRequest</url-pattern>
-    </servlet-mapping>
+      </servlet-mapping>
 
-    <servlet-mapping>
+      <servlet-mapping>
         <servlet-name>jsonRpcServlet</servlet-name>
         <url-pattern>/rpc/*</url-pattern>
         <url-pattern>/gadgets/api/rpc/*</url-pattern>
         <url-pattern>/social/rpc/*</url-pattern>
-    </servlet-mapping>
+      </servlet-mapping>
 
-    <servlet-mapping>
+      <servlet-mapping>
         <servlet-name>restapiServlet</servlet-name>
         <url-pattern>/rest/*</url-pattern>
         <url-pattern>/gadgets/api/rest/*</url-pattern>
         <url-pattern>/social/rest/*</url-pattern>
-    </servlet-mapping>
+      </servlet-mapping>
 
-    <servlet-mapping>
+      <servlet-mapping>
         <servlet-name>concat</servlet-name>
         <url-pattern>/gadgets/concat</url-pattern>
-    </servlet-mapping>
+      </servlet-mapping>
 
-    <servlet-mapping>
+      <servlet-mapping>
         <servlet-name>oauthCallback</servlet-name>
         <url-pattern>/gadgets/oauthcallback</url-pattern>
-    </servlet-mapping>
+      </servlet-mapping>
+
+      <servlet-mapping>
+        <servlet-name>oauth2callback</servlet-name>
+        <url-pattern>/gadgets/oauth2callback</url-pattern>
+      </servlet-mapping>
 
-    <servlet-mapping>
+      <servlet-mapping>
         <servlet-name>xml-to-html</servlet-name>
         <url-pattern>/gadgets/ifr</url-pattern>
-    </servlet-mapping>
+      </servlet-mapping>
 
-    <servlet-mapping>
+      <servlet-mapping>
         <servlet-name>accel</servlet-name>
         <url-pattern>/gadgets/accel</url-pattern>
-    </servlet-mapping>
+      </servlet-mapping>
 
-    <servlet-mapping>
+      <servlet-mapping>
         <servlet-name>metadata</servlet-name>
         <url-pattern>/gadgets/metadata</url-pattern>
-    </servlet-mapping>
+      </servlet-mapping>
 
-    <servlet-mapping>
+      <servlet-mapping>
         <servlet-name>sampleOAuth</servlet-name>
         <url-pattern>/oauth/*</url-pattern>
-    </servlet-mapping>
+      </servlet-mapping>
 
-    <servlet-mapping>
+      <servlet-mapping>
+        <servlet-name>OAuth2Servlet</servlet-name>
+        <url-pattern>/oauth2/*</url-pattern>
+      </servlet-mapping>
+
+      <servlet-mapping>
         <servlet-name>rpcSwf</servlet-name>
         <url-pattern>/xpc*</url-pattern>
-    </servlet-mapping>
-
-</web-app>
+      </servlet-mapping>
+    </web-app>

Modified: incubator/rave/trunk/rave-shindig/src/test/java/org/apache/rave/commoncontainer/ConfigurablePropertiesModuleTest.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-shindig/src/test/java/org/apache/rave/commoncontainer/ConfigurablePropertiesModuleTest.java?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/rave-shindig/src/test/java/org/apache/rave/commoncontainer/ConfigurablePropertiesModuleTest.java (original)
+++ incubator/rave/trunk/rave-shindig/src/test/java/org/apache/rave/commoncontainer/ConfigurablePropertiesModuleTest.java Wed Dec 21 20:22:35 2011
@@ -40,8 +40,8 @@ public class ConfigurablePropertiesModul
 
         assertEquals("Default container.js location", "res://containers/default/container.js",
                 properties.getProperty("shindig.containers.default"));
-        assertEquals("No contextRoot", "/gadgets/proxy?container=default&url=",
-                properties.getProperty("shindig.content-rewrite.proxy-url"));
+        assertEquals("No contextRoot", "http://%authority%/gadgets/oauthcallback",
+                properties.getProperty("shindig.signing.global-callback-url"));
     }
 
     @Test
@@ -53,8 +53,8 @@ public class ConfigurablePropertiesModul
 
         assertEquals("Default container.js location", "res://containers/default/container.js",
                 properties.getProperty("shindig.containers.default"));
-        assertEquals("Replaced contextRoot", "shindigcontext/gadgets/proxy?container=default&url=",
-                properties.getProperty("shindig.content-rewrite.proxy-url"));
+        assertEquals("Replaced contextRoot", "http://%authority%shindigcontext/gadgets/oauthcallback",
+                properties.getProperty("shindig.signing.global-callback-url"));
 
         System.clearProperty("shindig.contextroot");
     }
@@ -69,8 +69,8 @@ public class ConfigurablePropertiesModul
         assertEquals("Custom container.js location",
                 "res://containers/default/container.js,res://containers/default/testcontainer.js",
                 properties.getProperty("shindig.containers.default"));
-        assertEquals("Custom contextRoot", "customContext/gadgets/proxy?container=default&url=",
-                properties.getProperty("shindig.content-rewrite.proxy-url"));
+        assertEquals("Custom contextRoot", "http://%authority%customContext/gadgets/oauthcallback",
+                properties.getProperty("shindig.signing.global-callback-url"));
         assertEquals("Custom shindig host", "127.0.0.1",
                 properties.getProperty("shindig.host"));
 
@@ -89,8 +89,8 @@ public class ConfigurablePropertiesModul
         assertEquals("Custom container.js location",
                 "res://containers/default/container.js,res://containers/default/testcontainer.js",
                 properties.getProperty("shindig.containers.default"));
-        assertEquals("Replaced contextRoot", "shindigcontext/gadgets/proxy?container=default&url=",
-                properties.getProperty("shindig.content-rewrite.proxy-url"));
+        assertEquals("Replaced contextRoot", "http://%authority%shindigcontext/gadgets/oauthcallback",
+                properties.getProperty("shindig.signing.global-callback-url"));
         assertEquals("Different shindig host", "127.0.0.2",
                 properties.getProperty("shindig.host"));
 

Modified: incubator/rave/trunk/rave-shindig/src/test/resources/rave.shindig.custom.properties
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-shindig/src/test/resources/rave.shindig.custom.properties?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/rave-shindig/src/test/resources/rave.shindig.custom.properties (original)
+++ incubator/rave/trunk/rave-shindig/src/test/resources/rave.shindig.custom.properties Wed Dec 21 20:22:35 2011
@@ -54,12 +54,9 @@ shindig.features.default=res://features/
 # Location of container configurations (comma separated)
 shindig.containers.default=res://containers/default/container.js,res://containers/default/testcontainer.js
 
-# A file containing blacklisted gadgets.
-shindig.blacklist.file=
-
 ### Inbound OAuth support
 # The URL base to use for full OAuth support (three-legged)
-shindig.oauth.base-url=/oauth/
+shindig.oauth.base-url=/oauth
 shindig.oauth.authorize-action=/WEB-INF/authorize.jsp
 # The range to the past and future of timestamp for OAuth token validation. Default to 5 minutes
 shindig.oauth.validator-max-timestamp-age-ms=300000
@@ -68,9 +65,24 @@ shindig.oauth.validator-max-timestamp-ag
 shindig.signing.state-key=
 shindig.signing.key-name=
 shindig.signing.key-file=
-shindig.signing.global-callback-url=http://localhost:8080%contextRoot%/gadgets/oauthcallback
+shindig.signing.global-callback-url=http://%authority%%contextRoot%/gadgets/oauthcallback
 shindig.signing.enable-signed-callbacks=true
 
+### If a OAuth2Client does not specify a redirect uri it will default here
+shindig.oauth2.global-redirect-uri=http://%authority%%contextRoot%/gadgets/oauth2callback
+### Setting to true will cause the registered OAuth2Persistence plugin to load it's values
+### with what's in config/oauth2.json, no meaning without a second persistence implementation.
+shindig.oauth2.import=false
+### Determines if the import will start by removing everything currently in persistence.
+shindig.oauth2.import.clean=false
+# Set to true if you want to allow the use of 3-party (authorization_code) OAuth 2.0 flow when viewer != owner.
+# This setting is not recommeneded for pages that allow user-controlled javascript, since
+# that javascript could be used to make unauthorized requests on behalf of the viewer of the page
+shindig.oauth2.viewer-access-tokens-enabled=true
+# Set to true to send extended trace messages to the client.  Probably want this to be false for
+# production systems and true for test/development.
+shindig.oauth2.send-trace-to-client=true
+
 # Set to true if you want to allow the use of 3-legged OAuth tokens when viewer != owner.
 # This setting is not recommeneded for pages that allow user-controlled javascript, since
 # that javascript could be used to make unauthorized requests on behalf of the viewer of the page
@@ -79,14 +91,12 @@ shindig.signing.viewer-access-tokens-ena
 # If enabled here, configuration values can be found in container configuration files.
 shindig.locked-domain.enabled=false
 
-# TODO (copied from Shindig): This needs to be moved to container configuration.
+# TODO: This needs to be moved to container configuration.
 shindig.content-rewrite.only-allow-excludes=false
 shindig.content-rewrite.include-urls=.*
 shindig.content-rewrite.exclude-urls=
 shindig.content-rewrite.include-tags=body,embed,img,input,link,script,style
 shindig.content-rewrite.expires=86400
-shindig.content-rewrite.proxy-url=%contextRoot%/gadgets/proxy?container=default&url=
-shindig.content-rewrite.concat-url=%contextRoot%/gadgets/concat?container=default&
 shindig.content-rewrite.enable-split-js-concat=true
 shindig.content-rewrite.enable-single-resource-concat=false
 
@@ -99,7 +109,7 @@ shindig.gadget-rewrite.default-forced-li
 
 #
 # Allow supported JavaScript features required by a gadget to be externalized on demand
-shindig.gadget-rewrite.externalize-feature-libs=false
+shindig.gadget-rewrite.externalize-feature-libs=true
 
 # Configuration for image rewriter
 shindig.image-rewrite.max-inmem-bytes = 1048576
@@ -207,3 +217,15 @@ org.apache.shindig.gadgets.uri.urlMaxLen
 
 # Default cachettl value for versioned url in seconds. Here default value is 1 year.
 org.apache.shindig.gadgets.servlet.longLivedRefreshSec=31536000
+
+# Closure compiler optimization level.  One of advanced|simple|whitespace_only|none.
+# Defaults to simple.
+shindig.closure.compile.level=simple
+
+# OAuth 2.0 authorization code, access token, and refresh token expiration times.
+# 5 * 60 * 1000 = 300000 = 5 minutes
+# 5 * 60 * 60 * 1000 = 18000000 = 5 hours
+# 5 * 60 * 60 * 1000 * 24 = 432000000 = 5 days
+shindig.oauth2.authCodeExpiration=300000
+shindig.oauth2.accessTokenExpiration=18000000
+shindig.oauth2.refreshTokenExpiration=432000000
\ No newline at end of file

Modified: incubator/rave/trunk/rave-shindig/src/test/resources/rave.shindig.properties
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-shindig/src/test/resources/rave.shindig.properties?rev=1221866&r1=1221865&r2=1221866&view=diff
==============================================================================
--- incubator/rave/trunk/rave-shindig/src/test/resources/rave.shindig.properties (original)
+++ incubator/rave/trunk/rave-shindig/src/test/resources/rave.shindig.properties Wed Dec 21 20:22:35 2011
@@ -55,12 +55,9 @@ shindig.features.default=res://features/
 # Location of container configurations (comma separated)
 shindig.containers.default=res://containers/default/container.js
 
-# A file containing blacklisted gadgets.
-shindig.blacklist.file=
-
 ### Inbound OAuth support
 # The URL base to use for full OAuth support (three-legged)
-shindig.oauth.base-url=/oauth/
+shindig.oauth.base-url=/oauth
 shindig.oauth.authorize-action=/WEB-INF/authorize.jsp
 # The range to the past and future of timestamp for OAuth token validation. Default to 5 minutes
 shindig.oauth.validator-max-timestamp-age-ms=300000
@@ -69,9 +66,24 @@ shindig.oauth.validator-max-timestamp-ag
 shindig.signing.state-key=
 shindig.signing.key-name=
 shindig.signing.key-file=
-shindig.signing.global-callback-url=http://localhost:8080%contextRoot%/gadgets/oauthcallback
+shindig.signing.global-callback-url=http://%authority%%contextRoot%/gadgets/oauthcallback
 shindig.signing.enable-signed-callbacks=true
 
+### If a OAuth2Client does not specify a redirect uri it will default here
+shindig.oauth2.global-redirect-uri=http://%authority%%contextRoot%/gadgets/oauth2callback
+### Setting to true will cause the registered OAuth2Persistence plugin to load it's values
+### with what's in config/oauth2.json, no meaning without a second persistence implementation.
+shindig.oauth2.import=false
+### Determines if the import will start by removing everything currently in persistence.
+shindig.oauth2.import.clean=false
+# Set to true if you want to allow the use of 3-party (authorization_code) OAuth 2.0 flow when viewer != owner.
+# This setting is not recommeneded for pages that allow user-controlled javascript, since
+# that javascript could be used to make unauthorized requests on behalf of the viewer of the page
+shindig.oauth2.viewer-access-tokens-enabled=true
+# Set to true to send extended trace messages to the client.  Probably want this to be false for
+# production systems and true for test/development.
+shindig.oauth2.send-trace-to-client=true
+
 # Set to true if you want to allow the use of 3-legged OAuth tokens when viewer != owner.
 # This setting is not recommeneded for pages that allow user-controlled javascript, since
 # that javascript could be used to make unauthorized requests on behalf of the viewer of the page
@@ -80,14 +92,12 @@ shindig.signing.viewer-access-tokens-ena
 # If enabled here, configuration values can be found in container configuration files.
 shindig.locked-domain.enabled=false
 
-# TODO (Shindig): This needs to be moved to container configuration.
+# TODO: This needs to be moved to container configuration.
 shindig.content-rewrite.only-allow-excludes=false
 shindig.content-rewrite.include-urls=.*
 shindig.content-rewrite.exclude-urls=
 shindig.content-rewrite.include-tags=body,embed,img,input,link,script,style
 shindig.content-rewrite.expires=86400
-shindig.content-rewrite.proxy-url=%contextRoot%/gadgets/proxy?container=default&url=
-shindig.content-rewrite.concat-url=%contextRoot%/gadgets/concat?container=default&
 shindig.content-rewrite.enable-split-js-concat=true
 shindig.content-rewrite.enable-single-resource-concat=false
 
@@ -100,7 +110,7 @@ shindig.gadget-rewrite.default-forced-li
 
 #
 # Allow supported JavaScript features required by a gadget to be externalized on demand
-shindig.gadget-rewrite.externalize-feature-libs=false
+shindig.gadget-rewrite.externalize-feature-libs=true
 
 # Configuration for image rewriter
 shindig.image-rewrite.max-inmem-bytes = 1048576
@@ -208,3 +218,15 @@ org.apache.shindig.gadgets.uri.urlMaxLen
 
 # Default cachettl value for versioned url in seconds. Here default value is 1 year.
 org.apache.shindig.gadgets.servlet.longLivedRefreshSec=31536000
+
+# Closure compiler optimization level.  One of advanced|simple|whitespace_only|none.
+# Defaults to simple.
+shindig.closure.compile.level=simple
+
+# OAuth 2.0 authorization code, access token, and refresh token expiration times.
+# 5 * 60 * 1000 = 300000 = 5 minutes
+# 5 * 60 * 60 * 1000 = 18000000 = 5 hours
+# 5 * 60 * 60 * 1000 * 24 = 432000000 = 5 days
+shindig.oauth2.authCodeExpiration=300000
+shindig.oauth2.accessTokenExpiration=18000000
+shindig.oauth2.refreshTokenExpiration=432000000
\ No newline at end of file



Mime
View raw message