Spring Social - Messaging Friends & Influencing People
Download as PPTX, PDF2 likes6,826 views
The document outlines the features and functionalities of Spring Social, including its integration with various social media platforms like Twitter, Facebook, and LinkedIn, and emphasizes the importance of OAuth for secure API authorization. It details Spring's RESTful approach and how it supports mobile applications through Spring Mobile and Spring Android. Additionally, it covers the configuration of controllers and services for managing connections to social providers, enhancing app collaboration with social media sites.
Spring Social - Messaging Friends & Influencing People
- 1. Spring Social Messaging Friends & Influencing People ETE 2011 Apr 27-28, 2011
- 2. Who Am I? • Instructor/Mentor • Active Tweeter for Open Source Tech Topics twitter.com/gdickens • Certified Instructor for • DZone Most Valuable Blogger dzone.com/page/mvbs – dzone.com/user/284679 Technophile Blog - technophile.gordondickens.com 2
- 3. Agenda • Spring & REST • Spring Social • Security with OAuth • Spring Mobile • Spring Android • Spring iPhone • Spring Greenhouse 3
- 4. Social & Mobile Projects • Spring Social • Spring Mobile • Spring Android • Spring Greenhouse 4
- 5. What is Spring Social? • Allow ourapps to interact with 5
- 6. Simple Twitter TwitterTemplatetwitterTemplate = new TwitterTemplate(); List<String> friends = twitterTemplate.getFriends("chariotsolution"); for (String friend : friends) { logger.debug("Friend: {}”, friend); } 6
- 7. What is TwitterTemplate? • One of the Provider Specific Templates • A convenience class • Implements TwitterApi • Wraps RESTful calls to Twitter –Using Spring 3 RestTemplate • OAuth support – provider specific 7
- 8. Twitter API 8
- 9. REST& Social Media • Search Twitter with RestTemplate RestTemplaterestTemplate= new RestTemplate(); String search= "#phillyete"; String results = restTemplate.getForObject( "http://search.twitter.com/search.json?q={sea rch}",String.class, search); Note: All the cool kids are using REST 9
- 10. Who is using REST? 10
- 11. Spring REST • Added in Spring 3.0 • RestTemplate – Client side • Spring MVC – Server side – <mvc:annotation-driven/> – Annotations – Content Negotiation – Web page support for PUT & DELETE • HiddenHttpMethodFilter 11
- 12. <mvc:annotation-driven/> • Validation – JSR-303 • Formatting – Annotated Field Formatters • Conversion – JSON – XML – ATOM/RSS – JodaTime – Custom Conversion (MyBean1 to/from MyBean2) 12
- 13. Spring REST Annotations • @RequestMapping • @RequestHeader – Method for URL Path – Value in Req Header • @PathVariable • @ResponseStatus – Var in URL path “/{myVar}” – Http Codes on success • @RequestParam • @ExceptionHandler – Parameter – Methods by exception “/myurl/?myVar=abc” • @ModelAttribute • @RequestBody – Returning result into model – Unmarshal into bean • @ResponseBody – Marshal into bean 13
- 14. Spring REST Annotations @Controller public class TwitterTimelineController { ... @RequestMapping(value="/twitter/timeline/{timelineType}", method=RequestMethod.GET) public String showTimeline(@PathVariable("timelineType") String timelineType, Model model) { TwitterApi twitterApi = getTwitterApi(); if (timelineType.equals("Home")) { model.addAttribute("timeline", twitterApi.timelineOperations().getHomeTimeline()); } else if(timelineType.equals("Public")) { model.addAttribute("timeline", twitterApi.timelineOperations().getPublicTimeline()); ... } model.addAttribute("timelineName", timelineType); return "twitter/timeline"; } 14
- 15. Content Negotiating • ContentNegotiatingViewResolver –Client requests format of data –“Accept” header –“format” parameter –URL extension –Java Activation Framework 15
- 16. Templates to the Rescue • Template for each Social Media Provider – TwitterTemplate, LinkedInTemplate, etc. • Provider Specific – Authentication Support – API methods • For other providers: – Roll your own – RestTemplate is our friend 16
- 17. Template API Calls • Most calls require authentication –Some trivial calls do not need auth • Authentication –Provider side –Secured with OAuth 17
- 18. Authenticating “An open protocol to allow secure API authorization in a simple and standard method from desktop to web applications.” http://oauth.net code.google.com/p/oauth/ 18
- 19. OAuth Participants • Client Client – Our app – Wants to access serverto Access Wants • Server Server – With whom we want to connect – May not be the provider • Service Provider – Provides authentication S.P. I verify credentials 19
- 20. OAuth Flavors • 1.0a –More complex • 2.0 20
- 21. OAuth Safety Dance 1. App asks for a request token • OAuth 1.0a - w callback URL 2. Provider issues a request token 3. App redirects user to provider's auth page • passes request token • OAuth 1.0a – w callback URL 4. Provider prompts to authorize 5. Provider redirects user back to app • OAuth 1.0a – w verifier code 6. App exchanges request token for access to • OAuth 1.0a - also w verifier code 7. Provider issues access token 8. App uses the access token • App now obtains a ref to the Service API • interacts with provider on behalf of the user 21
- 22. Twitter Auth Steps 1. ApiKey- Redirect user to provider auth page 2. User authenticates themselves 3. User authorizes our app to act on their behalf 4. User redirected to our site w/RequestToken &VerificationCode 5. RequestToken &VerificationCode, get AccessToken 6. Interact w/ provider using ApiKey &AccessToken 22
- 23. Template & OAuth Summary • Provider specific template • OAuth support within template • How do we manage provider login and credential storage? We need CPR! 23
- 24. Spring CPR • Connect Controller TwitterController – Connection to Service Provider • Service Provider TwitterServiceProvider – Twitter, LinkedIn, etc. • Connection Repository ConnectionRepository – Storage for Connection Details 24
- 25. Twitter CPR Signin 25
- 26. Connection API 26
- 27. CPR - Controller <bean class=”o.sf.social.web.connect.ConnectController"> <constructor-arg value="${application.url}”/> </bean> • application.url – Base secure URL for this application – used to construct the callback URL – passed to the service providers 27
- 28. CPR - Provider <bean class=”o.sf.social.twitter.connect.TwitterServiceProvider"> <constructor-arg value="${twitter.appId}" /> <constructor-arg value="${twitter.appSecret}" /> <constructor-arg ref="connectionRepository" /> </bean> • twitter.appId – ApiKey assigned to app by provider • twitter.appSecret – VerifierCode returned by provider 28
- 29. CPR - Repository <bean id="connectionRepository" class=”o.sf.social.connect.jdbc.JdbcConnectionRepository"> <constructor-arg ref="dataSource" /> create table Connection ( <constructor-arg ref="textEncryptor" /> id identity, </bean> accountId varchar not null, providerId varchar not null, accessToken varchar not null, secret varchar, refreshToken varchar, • textEncryptor providerAccountId varchar, primary key (id)); – interface for symmetric encryption of text strings 29
- 30. Greenhouse: RI app suite • Spring Greenhouse (RI) • Web App – Group Event Management – Environment-specific Beans and Profiles – Password Encoding &Data Encryption • Social Media – Integration – Authentication • Mobile Apps – Android – iPhone 30
- 31. Greenhouse: Social & Mobile • Spring Social – App Framework – Service Provider Framework • Twitter, Facebook, LinkedIn & TripIt – Sign Up, Sign In & Password Reset – Member Invite – Badge System • Spring Mobile – iPhone Client – Android Client – Mobile web version for other smartphone platforms 31
- 32. Spring Mobile • Server Side • Spring MVC Extension • Key Facets: 1. Mobile Device Detection 2. Site Preference Management 3. Site Switching 32
- 33. Mobile Detection in MVC • DeviceResolver – Inspects inbound HttpRequest – “User-Agent” header – Default Analysis: ”Mobile device client?” • More sophisticated resolvers identify – screen size – manufacturer – model • DeviceResolverHandlerInterceptor – preferred markup – LiteDeviceResolver (default) • Based on Wordpress Lite Algorithm • Part of Wordpress Mobile Pack(wpmp) – Plug in another for specific features • WurflDeviceResolver (Java API) 33
- 34. MVC Configuration • Handler Interceptor <mvc:interceptors> <!– Resolve device on pre-handle --> <bean class=”o.sf.mobile.device.DeviceResolverHandlerInterceptor”/> </mvc:interceptors> • Enable Device for Controller Methods <mvc:annotation-driven> <mvc:argument-resolvers> <bean class=”o.sf.mobile.device.DeviceWebArgumentResolver”/> </mvc:argument-resolvers> </mvc:annotation-driven> • Inject Device @Controller public class MyController { … @RequestMapping("/”) public void sayHi(Device device) { if (device.isMobile()) logger.info("Hello mobile user!"); 34
- 35. Greenhouse CPR • AnnotatedControllerConfig – DeviceResolverHandlerInterceptor – DeviceHandlerMethodArgumentResolver – FacebookHandlerMethodArgumentResolver 35
- 36. DeviceResolver API 36
- 37. Preference Management • App supporting multiple sites –“mobile” –“normal” • Allow user to switch • SitePreferenceHandler interface • SitePreferenceWebArgumentResolver • CookieSitePreferenceRepository 37
- 38. MVC Pref Config • Enable SitePreference support <mvc:annotation-driven> <mvc:argument-resolvers> <bean class=”o.sf.mobile.device.DeviceWebArgumentResolver" /> <bean class=”o.sf.mobile.device.site.SitePreferenceWebArgumentResolver" /> </mvc:argument-resolvers> </mvc:annotation-driven> • Inject into Controller Methods @Controller public class MyController { @RequestMapping("/”) public String home(SitePreference sitePreference, Model model) { if (sitePreference == SitePreference.MOBILE) { … 38
- 39. Site Switching • Hosting mobile site different location • SiteSwitcherHandlerInterceptor • mDot m.${serverName} • dotMobi ${serverName}.mobi 39
- 40. Spring Android • Client tools • Http Components • RestTemplate • Object to JSON Marshaling • Object to XML Marshaling • RSS and Atom Support • Greenhouse app in Android market – https://market.android.com/details?id=com.springsource.greenho use 40
- 41. Spring iPhone • Greenhouse for iPhone client • Download & Install the iOS SDK • Project source code from the git – git clone git://git.springsource.org/greenhouse/iphone.git • Open the Greenhouse.xcodeproj in Xcode • Expects Greenhouse web app running locally • Greenhouse App in iTunes – http://itunes.apple.com/us/app/greenhouse/id395862873?mt=8 41
- 42. Spring Social Showcase • Twitter, Facebook, TripIt • MVC Application • CPR configuration 42
- 43. Summary • Spring Social • App collaboration with SM Sites • Security through OAuth • Spring REST • Significant for Social & Mobile • RestTemplate Rules! • Spring Mobile – MVC Support for Mobile Devices • Spring Android – Client Tools, based on RestTemplate 43
- 44. Q& F • Questions? • Followup – Learn REST… – Spring Social Showcase – Spring Greenhouse • Contact me – technophile.gordondickens.com – gordon@gordondickens.com 44
Editor's Notes
- #7: Demo Here – Simple JUnit Test
- #21: OAuth Core 1.0 Revision A was created to address a session fixation attack identified in the OAuth Core 1.0 specification as detailed in http://oauth.net/advisories/2009-1.
- #22: Request TokenVerifier Code - The OAuth Verifier is a verification code tied to the Request Token. The OAuth Verifier and Request Token both must be provided in exchange for an Access Token. They also both expire together.