THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Widget services (categories)
Whitelist and Access Policies
When a Widget tries to access a third-party website or service, this is usually prevented by the browser's same-origin policy. This is to prevent cross-site scripting hacks and unauthorized sharing of personal data. However, there are many instances where a Widget may legitimately want to make a call to a third party service or site using AJAX, and to support this Wookie provides a server-side proxy that the Widget can use to tunnel requests through Wookie. To use the proxy, the widget author simply needs to call "widget.proxify(myurl)" to change their service URL to one that makes use of the proxy. However, Wookie will not make the HTTP request to take place unless the requested URL is permitted using either the global whitelist or by an enabled Widget Access Request Policy.
Global Whitelist
The global whitelist is accessed from the White list section of the Administrator Menu page. From here you can view the white list, and add and remove entries. Each whitelist entry allows ANY widget to invoke the URL you've added.
Widget Access Request Policies
Widget Access Request Policies (also known as W3C WARP; see http://www.w3.org/TR/widgets-access/) is a W3C specification that allows Widgets to specify origins they wish to access in the Widget's config.xml file.
When you add a Widget to Wookie, any <access> elements are turned into access policies that can be viewed in the Admininstrator interface.
To manage WARPs, go to the White list section of the Administrator Menu page, and select Manage widget access request policies. From this page you can view a table of policies that have been created; the format of the table is (from left to right): the name of the widget the policy applies to, the origin to allow, and whether the policy is granted or not granted. Finally, there is a button to toggle the state of the policy.
By default, Wookie automatically grants WARPs when installing a new Widget, and notifies the Administrator with a message in the Admin interface and in the Wookie log file.
Server configuration
User management
...
Login configuration settings can be found in the web.xml file located in wookie/WEB-INF.
Integration with Shindig
See Integrating Wookie With Shindig
Proxy configuration
In order for widgets running in Wookie to communicate with external web services using Ajax, requests must be redirected through a server-side proxy. The proxy configuration is located in WEB-INF/classes/widgetserver.properties.
...