cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Łukasz Moreń <lukasz.mo...@gmail.com>
Subject Re: OAuth client and server demos
Date Mon, 02 Aug 2010 13:18:01 GMT
>
> Please update the demo so that the consume

registers itself, plus supplies a callback itself with a request token
>  request


callback url is passed in this request, however this request is done in
backend through URLConnection so it's not visible at UI.

Cheers, Lukasz

W dniu 2 sierpnia 2010 13:36 użytkownik Łukasz Moreń <lukasz.moren@gmail.com
> napisał:

> Hi,
> I've committed changes I've made:
> - added possibility to register new OAuth client applications at OAuth
> server
> - OAuth demos moved to distribution\src\main\samples\
> - added README to OAuth demos
> - fixes in pom.xml files
>
>  - fix the checkstyle errors and move the demo to the
>
> ""distribution/src/main/release/samples/"" area and also add Readme; after
>
> building the distribution (mvn install in trunk/distribution) you can
>> easily
>
> verify the demo can be run by locating in the target.
>
>
> fixed that, and added readme
>
>
>> - add the oauth dependency in the parent pom so that the rs/oauth module
>> can
>
> depend on it without specifying a version and have the demo client module
>
> depending on rt/rs/oauth module instead (similarly to the server one)
>
>
> done, hovewer demo client don't need to depend on rt/rs/oauth as it doesn't
> use cxf functionality, just on oauth libraries
>
>
>> - during the main build please use the Spring version CXF depends upon and
>
> use its -Pspring3 profile to build for the deployment into GAE
>
>
> changed, both client and server demos needs to be build with -Pspring3 for
> local jetty run and GAE as well.
> Otherwise I would need use different spring config files for spring 2.5 and
> 3.0.x
>
> Cheers, Lukasz
>
> W dniu 29 lipca 2010 21:15 użytkownik Sergey Beryozkin <
> sberyozkin@gmail.com> napisał:
>
> Hi
>>
>> 2010/7/29 Łukasz Moreń <lukasz.moren@gmail.com>
>>
>> > Hi,
>> >
>> > I'm still working on refactoring and changes in demo you suggested.
>> > I will likely update it tomorrow.
>> >
>> > I'll likely ask for some modifications but perhaps if you could start
>> with
>> > > updating the demo
>> >
>> > such that a consumer initiates its own registration with the OAuth
>> server.
>> >
>> >
>> > I'm going to put high effort on my GSoC project next weeks. I would
>> really
>> > appreciate,
>> > if you would have some more modifications requests/directions which
>> project
>> > should go, as you have limited time next week
>> > and current changes will not take long.
>> >
>> > From what I'm seeing, I need to cover spec with code, simplify
>> > configuration
>> > and do more testing.
>> >
>> >
>> I have to sign off now...Please update the demo so that the consumer
>> registers itself, plus supplies a callback itself with a request token
>> request, add README and it would let users start experimenting. IMHO the
>> initial phase can be considered complete once there's a demo there which
>> can
>> show users what they need to do.
>>
>> We can then discuss things further
>>
>> cheers, Sergey
>>
>>
>>
>> > Cheers,
>> > Lukasz
>> >
>> > 2010/7/29 Daniel Kulp <dkulp@apache.org>
>> >
>> > >
>> > > You probably just need to change your deps to:
>> > >
>> > > geronimo-servlet_3.0_spec
>> > >
>> > >
>> > > Dan
>> > >
>> > >
>> > > On Thursday 29 July 2010 3:35:57 pm Sergey Beryozkin wrote:
>> > > > Hi Lucasz
>> > > >
>> > > > I can't build the oauth sandbox project, seeing
>> > > > [ERROR] FATAL ERROR
>> > > > [INFO]
>> > > >
>> > ------------------------------------------------------------------------
>> > > > [INFO] Error building POM (may not be this project's POM).
>> > > >
>> > > >
>> > > > Project ID: org.apache.cxf:cxf-rt-rs-oauth
>> > > > POM Location:
>> > > > /home/sberyozkin/work/cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml
>> > > > Validation Messages:
>> > > >
>> > > >     [0]  'dependencies.dependency.version' is missing for
>> > > > org.apache.geronimo.specs:geronimo-servlet_2.5_spec:jar
>> > > >
>> > > >
>> > > > Reason: Failed to validate POM for project
>> > org.apache.cxf:cxf-rt-rs-oauth
>> > > > at /home/sberyozkin/work/cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml
>> > > >
>> > > > so I can not review the latest merge, sorry. I could've tried to fix
>> > this
>> > > > issue but I'm not sure if you're finished with the refactoring just
>> > yet.
>> > > > I'll be travelling tomorrow and I'll have some very limited time
>> during
>> > > the
>> > > > evenings next week but I'll try to provide some feedback at least
>> > > >
>> > > > cheers, Sergey
>> > > >
>> > > >
>> > > > 2010/7/26 Sergey Beryozkin <sberyozkin@gmail.com>
>> > > >
>> > > > > Hi Łukasz
>> > > > >
>> > > > > 2010/7/26 Łukasz Moreń <lukasz.moren@gmail.com>
>> > > > >
>> > > > > Hi Sergey,
>> > > > >
>> > > > >> I'm really sorry for such commit, I know it shouldn't happen.
I
>> > turned
>> > > > >> off checkstyle as i couldn't configure it properly on intellij
>> and
>> > it
>> > > > >> was annoying during development.
>> > > > >> I will apply proper changes ASAP.
>> > > > >>
>> > > > >> no worries at all, I've broken the real builds with checkstyle
>> > errors
>> > > so
>> > > > >
>> > > > > many times and it is the CXF sandbox after :-)
>> > > > >
>> > > > >> According to the demo, I built it as usual web-app, if it
worked,
>> > use
>> > > > >> this same sources to deploy on GAE.
>> > > > >> However because of GAE restrictions it always needs minor
changes
>> > > > >> before deploy, i.e. GAE can't read configuration files such
as:
>> > > > >> cxf-extension-http.xml
>> > > > >> from jars, so I copied it to WEB-INF folder.
>> > > > >> Commited to svn version does not depend on GAE SDK and can
be run
>> > > > >> locally with jetty:run.
>> > > > >>
>> > > > >> Yes, I warned about server configuration part:). I will take
care
>> to
>> > > > >> make it simpler.
>> > > > >
>> > > > > I do not think it is too complicated - the simplification can
be
>> done
>> > > > > once the whole flow is sound...
>> > > > >
>> > > > >> So far, oauth consumer properties are hardcoded and injected
into
>> > > > >> oauth provider, as I think it is not oauth library responsibility
>> to
>> > > > >> deal with consumer registration.
>> > > > >> Hovewer for demo it would be good to have something like
that. I
>> > would
>> > > > >> do registration form at the server as it is done by current
big
>> > oauth
>> > > > >> implementations.
>> > > > >
>> > > > > I agree that conceptually the registration of consumers is a
>> separate
>> > > > > issue. But it is part of the solution that users will be
>> eventually
>> > > > > offering so just showing them that the consumers have to go and
>> > > register
>> > > > > themselves with help people with coming up with some custom
>> > > registration
>> > > > > forms, etc. The registration does not have to be done at the
>> server
>> > > > > hosting the resource, it is just important for the OAuth provider
>> be
>> > > > > able to get to the consumer details. I'm fine with assuming at
the
>> > > > > moment that the registration handler is collocated with the
>> > > > > endpoints/providers enforcing OAuth flow.
>> > > > >
>> > > > > But the callback uri which is being injected at the moment should
>> go
>> > > > > anyway given that it is part of the actual flow, specifically,
the
>> > > > > consumer provides it during the request token request
>> > > > >
>> > > > >> Recently I've noticed that Camel have done oauth client as
>> well:):
>> > > > >> http://camel.apache.org/tutorial-oauth.html
>> > > > >>
>> > > > >> Thanks much for review, and hints.
>> > > > >
>> > > > > thanks for your effort :-)
>> > > > >
>> > > > > Sergey
>> > > > >
>> > > > >> Cheers,
>> > > > >> Lukasz
>> > > > >>
>> > > > >> 2010/7/24 Sergey Beryozkin <sberyozkin@gmail.com>:
>> > > > >> > Hi Łukasz
>> > > > >> >
>> > > > >> > Sorry for a delay,  I should've come back earlier to
you.
>> > > > >> >
>> > > > >> > I've run the demo hosted at the app engine and I think
from the
>> > > > >>
>> > > > >> education
>> > > > >>
>> > > > >> > point of view it is a good demo and it is handy one
does not
>> even
>> > > has
>> > > > >> > to build anything in order to try it.
>> > > > >> >
>> > > > >> > I've had a problem building the rt/rs/oauth tests -
there's a
>> > bunch
>> > > of
>> > > > >> > CheckStyle errors. Can you please build sandbox/oauth_1.0a
from
>> > the
>> > > > >>
>> > > > >> trunk,
>> > > > >>
>> > > > >> > just do 'mvn install -Pfastinstall' and then do 'mvn
install'
>> from
>> > > > >>
>> > > > >> rt/rs/ ?
>> > > > >>
>> > > > >> > One other thing, please move the demo to
>> > > > >> > "distribution/src/main/release/samples/" as well add
Readme to
>> it.
>> > > > >> >
>> > > > >> > Also I can not build the demo too, the client build
fails with
>> the
>> > > > >>
>> > > > >> following
>> > > > >>
>> > > > >> > dependency missing
>> > > > >> > 1) net.oauth.core:oauth-consumer:jar:20100527
>> > > > >> >
>> > > > >> > But I'm seeing an oauth repo in the rt/rs/oauth pom,
have you
>> > built
>> > > it
>> > > > >>
>> > > > >> in
>> > > > >>
>> > > > >> > the GAE dev environment ?
>> > > > >> >
>> > > > >> > Can you please spend a bit of time on cleaning the build
a bit
>> :
>> > > > >> > - fix the checkstyle errors and move the demo to the
>> > > > >> > ""distribution/src/main/release/samples/"" area and
also add
>> > Readme;
>> > > > >>
>> > > > >> after
>> > > > >>
>> > > > >> > building the distribution (mvn install in trunk/distribution)
>> you
>> > > can
>> > > > >>
>> > > > >> easily
>> > > > >>
>> > > > >> > verify the demo can be run by locating in the target.
>> > > > >> > - add the oauth dependency in the parent pom so that
the
>> rs/oauth
>> > > > >> > module
>> > > > >>
>> > > > >> can
>> > > > >>
>> > > > >> > depend on it without specifying a version and have the
demo
>> client
>> > > > >>
>> > > > >> module
>> > > > >>
>> > > > >> > depending on rt/rs/oauth module instead (similarly to
the
>> server
>> > > one)
>> > > > >> > - during the main build please use the Spring version
CXF
>> depends
>> > > upon
>> > > > >>
>> > > > >> and
>> > > > >>
>> > > > >> > use its -Pspring3 profile to build for the deployment
into GAE
>> > > > >> >
>> > > > >> > As far as the demo is concerned. I looked at the server
part
>> and
>> > it
>> > > > >>
>> > > > >> looks
>> > > > >>
>> > > > >> > complicated enough :-) but I think it makes sense to
me. I'll
>> > likely
>> > > > >> > ask
>> > > > >>
>> > > > >> for
>> > > > >>
>> > > > >> > some modifications but perhaps if you could start with
updating
>> > the
>> > > > >> > demo such that a consumer initiates its own registration
with
>> the
>> > > > >> > OAuth
>> > > > >>
>> > > > >> server :
>> > > > >> > I can see at the moment an oauth provider is injected
with some
>> > > sample
>> > > > >> > consumer properties. I'm not sure what is the best way
to do it
>> :
>> > > may
>> > > > >> > be
>> > > > >>
>> > > > >> the
>> > > > >>
>> > > > >> > server can return a registration form or the client
can just
>> push
>> > > the
>> > > > >> > registration info itself.
>> > > > >> >
>> > > > >> > Overall I think it is a good progress indeed especially
given
>> the
>> > > > >>
>> > > > >> complexity
>> > > > >>
>> > > > >> > of the whole effort.
>> > > > >> >
>> > > > >> >
>> > > > >> >
>> > > > >> > thanks, Sergey
>> > > > >> >
>> > > > >> > On Wed, Jul 14, 2010 at 10:14 PM, Łukasz Moreń <
>> > > lukasz.moren@gmail.com
>> > > > >> >
>> > > > >> >wrote:
>> > > > >> >> Hi all,
>> > > > >> >>
>> > > > >> >> I have managed to create two sample OAuth aplications:
>> > > > >> >> ordinary OAuth 1.0a client:
>> http://www.oauthclient.appspot.com
>> > > > >> >> and authorization server that uses CXF OAuth module:
>> > > > >> >> http://www.cxfoauthserver.appspot.com
>> > > > >> >>
>> > > > >> >> Both sample applications and changes in oauth library
are
>> > commited
>> > > in
>> > > > >> >> sandbox.
>> > > > >> >>
>> > > > >> >> OAuth configuration in sample authorization server
app looks a
>> > bit
>> > > > >> >> awfully but I think most of that can be hidden and
done out of
>> > > band.
>> > > > >> >> There is still some areas in specification not covered
by
>> > > > >> >> implementation, so I would like to take care of
that in next
>> > steps.
>> > > > >> >>
>> > > > >> >> Thanks in advance for some feedback.
>> > > > >> >>
>> > > > >> >> Cheers,
>> > > > >> >> Lukasz
>> > >
>> > > --
>> > > Daniel Kulp
>> > > dkulp@apache.org
>> > > http://dankulp.com/blog
>> > >
>> >
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message