Spring Developers Guide to Social Integration

Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/

SPRINGONE2GXWASHINGTON, DC

Spring Developer’s Guide to Social Integration

By Craig Walls @habuma / @SpringSocial


Safe Harbor Statement

The following is intended to outline the general direction of Pivotal's offerings. It is intended for information purposes only and may not be incorporated into any contract. Any information regarding pre-release of Pivotal offerings, future updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. This information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal's offerings. These purchasing decisions should only be based on features currently available. The development, release, and timing of any features or functionality described for Pivotal's offerings in this presentation remain at the sole discretion of Pivotal. Pivotal has no obligation to update forward looking information in this presentation.

2


John Lennon Statement

Life is what happens while you are busy making other plans.

3


What’s in a tweet?

4


Be a part of the session demo!

Tweet about this session!

Use #SpringSocial and/or #s2gx and/or mention @springone2gx

5


Reaching out

• Microservices are typically inside some defined application boundary

• But there are hundreds (thousands?) of APIs chock full of data outside of your application.

• Most are secured with OAuth

6


OAuth in 1 slide

• Authorization protocol

• Your app needs to access a user’s data on some other API

• Your app must get permission to access that data

• Many ways to obtain an access token

• OAuth 1.0(a)

• OAuth 2 authorization code grant

• OAuth 2 implicit grant

• OAuth 2 resource owner credentials (aka, “password”) grant

• OAuth 2 client credentials grant

• Challenge: Where do you keep the authorization/token?

7


Spring Social

8


Intro to Spring Social

• Handles the OAuth dance

• Securely stores authorization details (e.g., the token)

• Provides API bindings for several APIs, including

• Facebook, Twitter, LinkedIn, TripIt, GitHub

• plus lots of community projects

• NOT JUST SOCIAL!!!

• Ecobee - Control and access thermostats

• Wunderlist - Integrate with your users’ TODO lists, reminders, and errands

• GitHub and BitBucket - Integrate with source code control

9


Spring Social Project Family

10

Spring Social

Core Security Web Config

Provider Bindings

Facebook Twitter

LinkedIn GitHub

TripIt (?)

Community-Led Projects

500px

BitBucket

DropBox

Foursquare

Instagram

last.fm

Mixcloud

SoundCloud

Vkontakte

Yammer

Alfresco

Daum

Flattr

Geeklist

Intuit/QBO

Win. Live

Nk

Tumblr

Weibo

App.net

Digg

Flickr

Google

Khan Acad.

Miso

Salesforce Viadeo XingWunderlist Alfresco

Ecobee Strava Slideshare


The moving parts

11

creates

11

Performs OAuth “dance”.

Handles requests for

“/connect/{providerId}

Redirects the browser to the API’s authorization page. Exchanges the authorization code for an access token.

Looks up a ConnectionFactory for a given API provider and uses it to create a Connection. Stores the Connection in the database via a ConnectionRepository.

Looks up a ConnectionFactory by the API provider ID.

Creates Connections.

Also knows specifics regarding an API provider’s OAuth implementation.

Stores Connections in a database for future use.

Makes requests to an API on behalf of the application, ensuring that the Authorization header is on each request.

Connect Controller

Connection Factory Locator

Connection Repository

Connection Factory Connection

API Binding

stored

via


ConnectController’s connection flow

12

GET /connect


ConnectController’s connection flow

13

GET /connect/twitterPOST /connect/twitter

redirectredirect

GET /connect/twitter?oauth_token={t}&verifier={v}GET /connect/twitter


Sign-in-with…

• ProviderSignInController

• Spring MVC controller

• Security framework agnostic

• Best suited for apps not using Spring Security

• SocialAuthenticationFilter

• Implementation of Spring Security’s AuthenticationFilter

• Plugs into Spring Security’s filter chain

• Best suited for apps secured with Spring Security

14


Miscellaneous

• ReconnectFilter

• Detects stale/revoked connections, redirects to ConnectController to establish a new connection

• DisconnectController (Facebook only)

• Handles disconnect callbacks from Facebook, removes connection

• RealTimeUpdateController (Facebook only)

• Handles real-time update callbacks from Facebook

• GenericOAuth1ConnectionFactory and GenericOAuth2ConnectionFactory

• Enables connectivity for otherwise unsupported APIs

15


You might also want to know about…

• OAuth1Template / OAuth2Template

• Lower level component for working with OAuth

• Used by higher-level Spring Social components

• Best used for client tokens and password grant

16


Demos

17

Spring Social Showcase & The simplest Spring Social app ever!


Integrating Social

18


Spring Integration and Twitter

19

@Beanpublic MessageSource<Tweet> twitterSource(Twitter twitter) { SearchReceivingMessageSource messageSource =

new SearchReceivingMessageSource(twitter, "twsearch"); messageSource.setQuery("@springone2gx OR #s2gx"); return messageSource;}

@Beanpublic IntegrationFlow myFlow(MessageSource<Tweet> tweetSource, TweetAnalyzer tweetAnalyzer) { return IntegrationFlows.from(tweetSource, e-> e.poller(Pollers.fixedDelay(10000) .maxMessagesPerPoll(10)))

.transform("payload") .transform(tweetAnalyzer) .handle(handler) .get();

}


Demo

20

Creating a tweet pipeline with Spring Integration


Spring Social.NEXT

21


Spring Social is a social project

22

From comment on reddit by “BadMoonRosin”


Be a part of the Spring Social community

Report issues / suggest improvements http://jira.spring.io/browse/SOCIAL

(append “FB”, “TW”, “LI”, “GH” for provider projects)

23

http://jira.spring.io/browse/SOCIAL



Ask questions / Answer questions http://stackoverflow.com/questions/tagged/spring-social (append “-facebook”, “-twitter”, “-linkedin”, “-github” for provider projects)

24

http://stackoverflow.com/questions/tagged/spring-social



Fix issues / submit improvements Fork http://github.com/spring-projects/spring-social

(append “-facebook”, “-twitter”, “-linkedin”, “-github” for provider projects)

Make changes (and write tests!)

Submit Individual Contributor Agreement (https://support.springsource.com/spring_committer_signup)

Submit pull request / Test someone else’s pull request

25

http://github.com/spring-projects/spring-social

https://support.springsource.com/spring_committer_signup


Expand the Spring Social Project Family

26

Spring Social

Core Security Web Config

Provider Bindings

Facebook Twitter

LinkedIn GitHub

TripIt (?)

Community-Led Projects

500px

BitBucket

DropBox

Foursquare

Instagram

last.fm

Mixcloud

SoundCloud

Vkontakte

Yammer

Alfresco

Daum

Flattr

Geeklist

Intuit/QBO

Win. Live

Nk

Tumblr

Weibo

App.net

Digg

Flickr

Google

Khan Acad.

Miso

Salesforce Viadeo XingWunderlist Alfresco

Ecobee Strava Slideshare

Your Spring Social

Extension Here!


Step 1: Create a service provider

27

public class MyPeepsServiceProvider extends AbstractOAuth2ServiceProvider<MyPeeps> {

public MyPeepsServiceProvider(String clientId, String clientSecret) { super(getOAuth2Template(clientId, clientSecret)); }

private static OAuth2Template getOAuth2Template(String clientId, String clientSecret) { OAuth2Template oAuth2Template = new OAuth2Template(clientId, clientSecret, “https://www.mypeeps.com/oauth2/authorization”, “https://www.mypeeps.com/oauth2/accessToken”); oAuth2Template.setUseParametersForClientAuthentication(true); return oAuth2Template; }

public MyPeeps getApi(String accessToken) { return new MyPeepsTemplate(accessToken); }

}


Step 2: Create a connection factory

28

public class MyPeepsConnectionFactory extends OAuth2ConnectionFactory<MyPeeps>{

public MyPeepsConnectionFactory(String consumerKey, String consumerSecret) { super("mypeeps", new MyPeepsServiceProvider(consumerKey, consumerSecret), new MyPeepsAdapter()); }

}


Step 3: Create an API binding

• Will vary from API to API

• Binding template

• Accepts access token as constructor parameter

• Offers methods for consuming API

• Domain types

• Java types mapped to API request forms and responses

29


Step 4: Create an API adapter

30

public class LinkedInAdapter implements ApiAdapter<MyPeeps> { public boolean test(MyPeeps myPeeps) { try { myPeeps.profileOperations().getUserProfile(); return true; } catch (HttpClientErrorException e) { return false; } }

public void setConnectionValues(MyPeeps myPeeps, ConnectionValues values) { MyPeepsProfile profile = myPeeps.profileOperations().getUserProfile(); values.setProviderUserId(profile.getId()); … }

public UserProfile fetchUserProfile(MyPeeps myPeeps) { MyPeepsProfile profile = myPeeps.profileOperations().getUserProfile(); return new UserProfileBuilder().setName(profile.getFirstName() + " " + profile.getLastName()) .setEmail(profile.getEmailAddress()).build(); }

public void updateStatus(MyPeeps myPeeps, String message) { myPeeps.statusOperations().updateStatus(message); }

}


Hold on…

Why so much boilerplate?

31


A simpler extension model

32

spring: social: providers: mypeeps: authorization-url: https://mypeeps.com/oauth/auth token-url: https://mypeeps.com/oauth/token api-binding-class: com.mypeeps.api.MyPeepsTemplate


Current work in progress/research…*

• A simpler extension model (specifically SocialAuthenticationFilter support)

• More complete Spring Boot support

• Tighter alignment with Spring Security OAuth

• OpenID Connect support

• Stateless connections / JWT support

33

* See “Safe Harbor Statement” at beginning of session

Unless otherwise indicated, these s l ides are © 2013-2015 Pivotal Software, Inc. and l icensed under a Creat ive Commons Attr ibut ion-NonCommercial l icense: ht tp: / /creat ivecommons.org/ l icenses/by-nc/3.0/ 34

http://projects.spring.io/spring-social/

Spring Integration Java DSL - Artem Bilan Applied Spring Integration, Spring AMQP and RabbitMQ in Spring XD - Gary Russell

Learn More. Stay Connected.

@springcentral Spring.io/video

http://projects.spring.io/spring-social/

Technology

Spring Developers Guide to Social Integration