Upload
spring-by-pivotal
View
1.109
Download
0
Embed Size (px)
Citation preview
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
SPRINGONE2GXWASHINGTON, DC
Spring Developer’s Guide to Social Integration
By Craig Walls @habuma / @SpringSocial
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Safe Harbor Statement
The following is intended to outline the general direction of Pivotal's offerings. It is intended for information purposes only and may not be incorporated into any contract. Any information regarding pre-release of Pivotal offerings, future updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. This information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal's offerings. These purchasing decisions should only be based on features currently available. The development, release, and timing of any features or functionality described for Pivotal's offerings in this presentation remain at the sole discretion of Pivotal. Pivotal has no obligation to update forward looking information in this presentation.
2
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
John Lennon Statement
Life is what happens while you are busy making other plans.
3
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
What’s in a tweet?
4
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Be a part of the session demo!
Tweet about this session!
Use #SpringSocial and/or #s2gx and/or mention @springone2gx
5
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Reaching out
• Microservices are typically inside some defined application boundary
• But there are hundreds (thousands?) of APIs chock full of data outside of your application.
• Most are secured with OAuth
6
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
OAuth in 1 slide
• Authorization protocol
• Your app needs to access a user’s data on some other API
• Your app must get permission to access that data
• Many ways to obtain an access token
• OAuth 1.0(a)
• OAuth 2 authorization code grant
• OAuth 2 implicit grant
• OAuth 2 resource owner credentials (aka, “password”) grant
• OAuth 2 client credentials grant
• Challenge: Where do you keep the authorization/token?
7
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Spring Social
8
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Intro to Spring Social
• Handles the OAuth dance
• Securely stores authorization details (e.g., the token)
• Provides API bindings for several APIs, including
• Facebook, Twitter, LinkedIn, TripIt, GitHub
• plus lots of community projects
• NOT JUST SOCIAL!!!
• Ecobee - Control and access thermostats
• Wunderlist - Integrate with your users’ TODO lists, reminders, and errands
• GitHub and BitBucket - Integrate with source code control
9
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Spring Social Project Family
10
Spring Social
Core Security Web Config
Provider Bindings
Facebook Twitter
LinkedIn GitHub
TripIt (?)
Community-Led Projects
500px
BitBucket
DropBox
Foursquare
last.fm
Mixcloud
SoundCloud
Vkontakte
Yammer
Alfresco
Daum
Flattr
Geeklist
Intuit/QBO
Win. Live
Nk
Tumblr
App.net
Digg
Flickr
Khan Acad.
Miso
Salesforce Viadeo XingWunderlist Alfresco
Ecobee Strava Slideshare
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
The moving parts
11
creates
11
Performs OAuth “dance”.
Handles requests for
“/connect/{providerId}
Redirects the browser to the API’s authorization page. Exchanges the authorization code for an access token.
Looks up a ConnectionFactory for a given API provider and uses it to create a Connection. Stores the Connection in the database via a ConnectionRepository.
Looks up a ConnectionFactory by the API provider ID.
Creates Connections.
Also knows specifics regarding an API provider’s OAuth implementation.
Stores Connections in a database for future use.
Makes requests to an API on behalf of the application, ensuring that the Authorization header is on each request.
Connect Controller
Connection Factory Locator
Connection Repository
Connection Factory Connection
API Binding
stored
via
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
ConnectController’s connection flow
12
GET /connect
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
ConnectController’s connection flow
13
GET /connect/twitterPOST /connect/twitter
redirectredirect
GET /connect/twitter?oauth_token={t}&verifier={v}GET /connect/twitter
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Sign-in-with…
• ProviderSignInController
• Spring MVC controller
• Security framework agnostic
• Best suited for apps not using Spring Security
• SocialAuthenticationFilter
• Implementation of Spring Security’s AuthenticationFilter
• Plugs into Spring Security’s filter chain
• Best suited for apps secured with Spring Security
14
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Miscellaneous
• ReconnectFilter
• Detects stale/revoked connections, redirects to ConnectController to establish a new connection
• DisconnectController (Facebook only)
• Handles disconnect callbacks from Facebook, removes connection
• RealTimeUpdateController (Facebook only)
• Handles real-time update callbacks from Facebook
• GenericOAuth1ConnectionFactory and GenericOAuth2ConnectionFactory
• Enables connectivity for otherwise unsupported APIs
15
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
You might also want to know about…
• OAuth1Template / OAuth2Template
• Lower level component for working with OAuth
• Used by higher-level Spring Social components
• Best used for client tokens and password grant
16
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Demos
17
Spring Social Showcase & The simplest Spring Social app ever!
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Integrating Social
18
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Spring Integration and Twitter
19
@Beanpublic MessageSource<Tweet> twitterSource(Twitter twitter) { SearchReceivingMessageSource messageSource =
new SearchReceivingMessageSource(twitter, "twsearch"); messageSource.setQuery("@springone2gx OR #s2gx"); return messageSource;}
@Beanpublic IntegrationFlow myFlow(MessageSource<Tweet> tweetSource, TweetAnalyzer tweetAnalyzer) { return IntegrationFlows.from(tweetSource, e-> e.poller(Pollers.fixedDelay(10000) .maxMessagesPerPoll(10)))
.transform("payload") .transform(tweetAnalyzer) .handle(handler) .get();
}
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Demo
20
Creating a tweet pipeline with Spring Integration
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Spring Social.NEXT
21
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Spring Social is a social project
22
From comment on reddit by “BadMoonRosin”
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Be a part of the Spring Social community
Report issues / suggest improvements http://jira.spring.io/browse/SOCIAL
(append “FB”, “TW”, “LI”, “GH” for provider projects)
23
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Be a part of the Spring Social community
Ask questions / Answer questions http://stackoverflow.com/questions/tagged/spring-social (append “-facebook”, “-twitter”, “-linkedin”, “-github” for provider projects)
24
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Be a part of the Spring Social community
Fix issues / submit improvements Fork http://github.com/spring-projects/spring-social
(append “-facebook”, “-twitter”, “-linkedin”, “-github” for provider projects)
Make changes (and write tests!)
Submit Individual Contributor Agreement (https://support.springsource.com/spring_committer_signup)
Submit pull request / Test someone else’s pull request
25
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Expand the Spring Social Project Family
26
Spring Social
Core Security Web Config
Provider Bindings
Facebook Twitter
LinkedIn GitHub
TripIt (?)
Community-Led Projects
500px
BitBucket
DropBox
Foursquare
last.fm
Mixcloud
SoundCloud
Vkontakte
Yammer
Alfresco
Daum
Flattr
Geeklist
Intuit/QBO
Win. Live
Nk
Tumblr
App.net
Digg
Flickr
Khan Acad.
Miso
Salesforce Viadeo XingWunderlist Alfresco
Ecobee Strava Slideshare
Your Spring Social
Extension Here!
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Step 1: Create a service provider
27
public class MyPeepsServiceProvider extends AbstractOAuth2ServiceProvider<MyPeeps> {
public MyPeepsServiceProvider(String clientId, String clientSecret) { super(getOAuth2Template(clientId, clientSecret)); }
private static OAuth2Template getOAuth2Template(String clientId, String clientSecret) { OAuth2Template oAuth2Template = new OAuth2Template(clientId, clientSecret, “https://www.mypeeps.com/oauth2/authorization”, “https://www.mypeeps.com/oauth2/accessToken”); oAuth2Template.setUseParametersForClientAuthentication(true); return oAuth2Template; }
public MyPeeps getApi(String accessToken) { return new MyPeepsTemplate(accessToken); }
}
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Step 2: Create a connection factory
28
public class MyPeepsConnectionFactory extends OAuth2ConnectionFactory<MyPeeps>{
public MyPeepsConnectionFactory(String consumerKey, String consumerSecret) { super("mypeeps", new MyPeepsServiceProvider(consumerKey, consumerSecret), new MyPeepsAdapter()); }
}
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Step 3: Create an API binding
• Will vary from API to API
• Binding template
• Accepts access token as constructor parameter
• Offers methods for consuming API
• Domain types
• Java types mapped to API request forms and responses
29
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Step 4: Create an API adapter
30
public class LinkedInAdapter implements ApiAdapter<MyPeeps> { public boolean test(MyPeeps myPeeps) { try { myPeeps.profileOperations().getUserProfile(); return true; } catch (HttpClientErrorException e) { return false; } }
public void setConnectionValues(MyPeeps myPeeps, ConnectionValues values) { MyPeepsProfile profile = myPeeps.profileOperations().getUserProfile(); values.setProviderUserId(profile.getId()); … }
public UserProfile fetchUserProfile(MyPeeps myPeeps) { MyPeepsProfile profile = myPeeps.profileOperations().getUserProfile(); return new UserProfileBuilder().setName(profile.getFirstName() + " " + profile.getLastName()) .setEmail(profile.getEmailAddress()).build(); }
public void updateStatus(MyPeeps myPeeps, String message) { myPeeps.statusOperations().updateStatus(message); }
}
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Hold on…
Why so much boilerplate?
31
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
A simpler extension model
32
spring: social: providers: mypeeps: authorization-url: https://mypeeps.com/oauth/auth token-url: https://mypeeps.com/oauth/token api-binding-class: com.mypeeps.api.MyPeepsTemplate
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/
Current work in progress/research…*
• A simpler extension model (specifically SocialAuthenticationFilter support)
• More complete Spring Boot support
• Tighter alignment with Spring Security OAuth
• OpenID Connect support
• Stateless connections / JWT support
33
* See “Safe Harbor Statement” at beginning of session
Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/ 34
http://projects.spring.io/spring-social/
Spring Integration Java DSL - Artem Bilan Applied Spring Integration, Spring AMQP and RabbitMQ in Spring XD - Gary Russell
Learn More. Stay Connected.
@springcentral Spring.io/video