cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: OAuth client and server demos
Date Fri, 13 Aug 2010 09:32:36 GMT
Hi Łukasz

I can see the merges flowing :-), I'll be reviewing your work tonight;

to the list : we've exchanged few private emails to do with build issues I
was encountering and Łukasz
 addressed them fast; we also agreed that for the initial phase making a
demo easy to understand and build upon was the main goal...

cheers, Sergey

2010/8/5 Sergey Beryozkin <sberyozkin@gmail.com>

> Hi Łukasz
>
> can you please fix checkstyle errors in the demo...
> Re the callback uri : I think one of the providers on the server is
> configured with the callback URI
>
> thanks, Sergey
>
>
> 2010/8/2 Łukasz Moreń <lukasz.moren@gmail.com>
>
> >
>> > Please update the demo so that the consume
>>
>> registers itself, plus supplies a callback itself with a request token
>> >  request
>>
>>
>> callback url is passed in this request, however this request is done in
>> backend through URLConnection so it's not visible at UI.
>>
>> Cheers, Lukasz
>>
>> W dniu 2 sierpnia 2010 13:36 użytkownik Łukasz Moreń <
>> lukasz.moren@gmail.com
>> > napisał:
>>
>> > Hi,
>> > I've committed changes I've made:
>> > - added possibility to register new OAuth client applications at OAuth
>> > server
>> > - OAuth demos moved to distribution\src\main\samples\
>> > - added README to OAuth demos
>> > - fixes in pom.xml files
>> >
>> >  - fix the checkstyle errors and move the demo to the
>> >
>> > ""distribution/src/main/release/samples/"" area and also add Readme;
>> after
>> >
>> > building the distribution (mvn install in trunk/distribution) you can
>> >> easily
>> >
>> > verify the demo can be run by locating in the target.
>> >
>> >
>> > fixed that, and added readme
>> >
>> >
>> >> - add the oauth dependency in the parent pom so that the rs/oauth
>> module
>> >> can
>> >
>> > depend on it without specifying a version and have the demo client
>> module
>> >
>> > depending on rt/rs/oauth module instead (similarly to the server one)
>> >
>> >
>> > done, hovewer demo client don't need to depend on rt/rs/oauth as it
>> doesn't
>> > use cxf functionality, just on oauth libraries
>> >
>> >
>> >> - during the main build please use the Spring version CXF depends upon
>> and
>> >
>> > use its -Pspring3 profile to build for the deployment into GAE
>> >
>> >
>> > changed, both client and server demos needs to be build with -Pspring3
>> for
>> > local jetty run and GAE as well.
>> > Otherwise I would need use different spring config files for spring 2.5
>> and
>> > 3.0.x
>> >
>> > Cheers, Lukasz
>> >
>> > W dniu 29 lipca 2010 21:15 użytkownik Sergey Beryozkin <
>> > sberyozkin@gmail.com> napisał:
>> >
>> > Hi
>> >>
>> >> 2010/7/29 Łukasz Moreń <lukasz.moren@gmail.com>
>> >>
>> >> > Hi,
>> >> >
>> >> > I'm still working on refactoring and changes in demo you suggested.
>> >> > I will likely update it tomorrow.
>> >> >
>> >> > I'll likely ask for some modifications but perhaps if you could start
>> >> with
>> >> > > updating the demo
>> >> >
>> >> > such that a consumer initiates its own registration with the OAuth
>> >> server.
>> >> >
>> >> >
>> >> > I'm going to put high effort on my GSoC project next weeks. I would
>> >> really
>> >> > appreciate,
>> >> > if you would have some more modifications requests/directions which
>> >> project
>> >> > should go, as you have limited time next week
>> >> > and current changes will not take long.
>> >> >
>> >> > From what I'm seeing, I need to cover spec with code, simplify
>> >> > configuration
>> >> > and do more testing.
>> >> >
>> >> >
>> >> I have to sign off now...Please update the demo so that the consumer
>> >> registers itself, plus supplies a callback itself with a request token
>> >> request, add README and it would let users start experimenting. IMHO
>> the
>> >> initial phase can be considered complete once there's a demo there
>> which
>> >> can
>> >> show users what they need to do.
>> >>
>> >> We can then discuss things further
>> >>
>> >> cheers, Sergey
>> >>
>> >>
>> >>
>> >> > Cheers,
>> >> > Lukasz
>> >> >
>> >> > 2010/7/29 Daniel Kulp <dkulp@apache.org>
>> >> >
>> >> > >
>> >> > > You probably just need to change your deps to:
>> >> > >
>> >> > > geronimo-servlet_3.0_spec
>> >> > >
>> >> > >
>> >> > > Dan
>> >> > >
>> >> > >
>> >> > > On Thursday 29 July 2010 3:35:57 pm Sergey Beryozkin wrote:
>> >> > > > Hi Lucasz
>> >> > > >
>> >> > > > I can't build the oauth sandbox project, seeing
>> >> > > > [ERROR] FATAL ERROR
>> >> > > > [INFO]
>> >> > > >
>> >> >
>> ------------------------------------------------------------------------
>> >> > > > [INFO] Error building POM (may not be this project's POM).
>> >> > > >
>> >> > > >
>> >> > > > Project ID: org.apache.cxf:cxf-rt-rs-oauth
>> >> > > > POM Location:
>> >> > > > /home/sberyozkin/work/cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml
>> >> > > > Validation Messages:
>> >> > > >
>> >> > > >     [0]  'dependencies.dependency.version' is missing for
>> >> > > > org.apache.geronimo.specs:geronimo-servlet_2.5_spec:jar
>> >> > > >
>> >> > > >
>> >> > > > Reason: Failed to validate POM for project
>> >> > org.apache.cxf:cxf-rt-rs-oauth
>> >> > > > at
>> /home/sberyozkin/work/cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml
>> >> > > >
>> >> > > > so I can not review the latest merge, sorry. I could've tried
to
>> fix
>> >> > this
>> >> > > > issue but I'm not sure if you're finished with the refactoring
>> just
>> >> > yet.
>> >> > > > I'll be travelling tomorrow and I'll have some very limited
time
>> >> during
>> >> > > the
>> >> > > > evenings next week but I'll try to provide some feedback
at least
>> >> > > >
>> >> > > > cheers, Sergey
>> >> > > >
>> >> > > >
>> >> > > > 2010/7/26 Sergey Beryozkin <sberyozkin@gmail.com>
>> >> > > >
>> >> > > > > Hi Łukasz
>> >> > > > >
>> >> > > > > 2010/7/26 Łukasz Moreń <lukasz.moren@gmail.com>
>> >> > > > >
>> >> > > > > Hi Sergey,
>> >> > > > >
>> >> > > > >> I'm really sorry for such commit, I know it shouldn't
happen.
>> I
>> >> > turned
>> >> > > > >> off checkstyle as i couldn't configure it properly
on intellij
>> >> and
>> >> > it
>> >> > > > >> was annoying during development.
>> >> > > > >> I will apply proper changes ASAP.
>> >> > > > >>
>> >> > > > >> no worries at all, I've broken the real builds with
checkstyle
>> >> > errors
>> >> > > so
>> >> > > > >
>> >> > > > > many times and it is the CXF sandbox after :-)
>> >> > > > >
>> >> > > > >> According to the demo, I built it as usual web-app,
if it
>> worked,
>> >> > use
>> >> > > > >> this same sources to deploy on GAE.
>> >> > > > >> However because of GAE restrictions it always needs
minor
>> changes
>> >> > > > >> before deploy, i.e. GAE can't read configuration
files such
>> as:
>> >> > > > >> cxf-extension-http.xml
>> >> > > > >> from jars, so I copied it to WEB-INF folder.
>> >> > > > >> Commited to svn version does not depend on GAE SDK
and can be
>> run
>> >> > > > >> locally with jetty:run.
>> >> > > > >>
>> >> > > > >> Yes, I warned about server configuration part:).
I will take
>> care
>> >> to
>> >> > > > >> make it simpler.
>> >> > > > >
>> >> > > > > I do not think it is too complicated - the simplification
can
>> be
>> >> done
>> >> > > > > once the whole flow is sound...
>> >> > > > >
>> >> > > > >> So far, oauth consumer properties are hardcoded
and injected
>> into
>> >> > > > >> oauth provider, as I think it is not oauth library
>> responsibility
>> >> to
>> >> > > > >> deal with consumer registration.
>> >> > > > >> Hovewer for demo it would be good to have something
like that.
>> I
>> >> > would
>> >> > > > >> do registration form at the server as it is done
by current
>> big
>> >> > oauth
>> >> > > > >> implementations.
>> >> > > > >
>> >> > > > > I agree that conceptually the registration of consumers
is a
>> >> separate
>> >> > > > > issue. But it is part of the solution that users will
be
>> >> eventually
>> >> > > > > offering so just showing them that the consumers have
to go and
>> >> > > register
>> >> > > > > themselves with help people with coming up with some
custom
>> >> > > registration
>> >> > > > > forms, etc. The registration does not have to be done
at the
>> >> server
>> >> > > > > hosting the resource, it is just important for the OAuth
>> provider
>> >> be
>> >> > > > > able to get to the consumer details. I'm fine with assuming
at
>> the
>> >> > > > > moment that the registration handler is collocated with
the
>> >> > > > > endpoints/providers enforcing OAuth flow.
>> >> > > > >
>> >> > > > > But the callback uri which is being injected at the
moment
>> should
>> >> go
>> >> > > > > anyway given that it is part of the actual flow, specifically,
>> the
>> >> > > > > consumer provides it during the request token request
>> >> > > > >
>> >> > > > >> Recently I've noticed that Camel have done oauth
client as
>> >> well:):
>> >> > > > >> http://camel.apache.org/tutorial-oauth.html
>> >> > > > >>
>> >> > > > >> Thanks much for review, and hints.
>> >> > > > >
>> >> > > > > thanks for your effort :-)
>> >> > > > >
>> >> > > > > Sergey
>> >> > > > >
>> >> > > > >> Cheers,
>> >> > > > >> Lukasz
>> >> > > > >>
>> >> > > > >> 2010/7/24 Sergey Beryozkin <sberyozkin@gmail.com>:
>> >> > > > >> > Hi Łukasz
>> >> > > > >> >
>> >> > > > >> > Sorry for a delay,  I should've come back earlier
to you.
>> >> > > > >> >
>> >> > > > >> > I've run the demo hosted at the app engine
and I think from
>> the
>> >> > > > >>
>> >> > > > >> education
>> >> > > > >>
>> >> > > > >> > point of view it is a good demo and it is handy
one does not
>> >> even
>> >> > > has
>> >> > > > >> > to build anything in order to try it.
>> >> > > > >> >
>> >> > > > >> > I've had a problem building the rt/rs/oauth
tests - there's
>> a
>> >> > bunch
>> >> > > of
>> >> > > > >> > CheckStyle errors. Can you please build sandbox/oauth_1.0a
>> from
>> >> > the
>> >> > > > >>
>> >> > > > >> trunk,
>> >> > > > >>
>> >> > > > >> > just do 'mvn install -Pfastinstall' and then
do 'mvn
>> install'
>> >> from
>> >> > > > >>
>> >> > > > >> rt/rs/ ?
>> >> > > > >>
>> >> > > > >> > One other thing, please move the demo to
>> >> > > > >> > "distribution/src/main/release/samples/" as
well add Readme
>> to
>> >> it.
>> >> > > > >> >
>> >> > > > >> > Also I can not build the demo too, the client
build fails
>> with
>> >> the
>> >> > > > >>
>> >> > > > >> following
>> >> > > > >>
>> >> > > > >> > dependency missing
>> >> > > > >> > 1) net.oauth.core:oauth-consumer:jar:20100527
>> >> > > > >> >
>> >> > > > >> > But I'm seeing an oauth repo in the rt/rs/oauth
pom, have
>> you
>> >> > built
>> >> > > it
>> >> > > > >>
>> >> > > > >> in
>> >> > > > >>
>> >> > > > >> > the GAE dev environment ?
>> >> > > > >> >
>> >> > > > >> > Can you please spend a bit of time on cleaning
the build a
>> bit
>> >> :
>> >> > > > >> > - fix the checkstyle errors and move the demo
to the
>> >> > > > >> > ""distribution/src/main/release/samples/""
area and also add
>> >> > Readme;
>> >> > > > >>
>> >> > > > >> after
>> >> > > > >>
>> >> > > > >> > building the distribution (mvn install in
>> trunk/distribution)
>> >> you
>> >> > > can
>> >> > > > >>
>> >> > > > >> easily
>> >> > > > >>
>> >> > > > >> > verify the demo can be run by locating in the
target.
>> >> > > > >> > - add the oauth dependency in the parent pom
so that the
>> >> rs/oauth
>> >> > > > >> > module
>> >> > > > >>
>> >> > > > >> can
>> >> > > > >>
>> >> > > > >> > depend on it without specifying a version and
have the demo
>> >> client
>> >> > > > >>
>> >> > > > >> module
>> >> > > > >>
>> >> > > > >> > depending on rt/rs/oauth module instead (similarly
to the
>> >> server
>> >> > > one)
>> >> > > > >> > - during the main build please use the Spring
version CXF
>> >> depends
>> >> > > upon
>> >> > > > >>
>> >> > > > >> and
>> >> > > > >>
>> >> > > > >> > use its -Pspring3 profile to build for the
deployment into
>> GAE
>> >> > > > >> >
>> >> > > > >> > As far as the demo is concerned. I looked at
the server part
>> >> and
>> >> > it
>> >> > > > >>
>> >> > > > >> looks
>> >> > > > >>
>> >> > > > >> > complicated enough :-) but I think it makes
sense to me.
>> I'll
>> >> > likely
>> >> > > > >> > ask
>> >> > > > >>
>> >> > > > >> for
>> >> > > > >>
>> >> > > > >> > some modifications but perhaps if you could
start with
>> updating
>> >> > the
>> >> > > > >> > demo such that a consumer initiates its own
registration
>> with
>> >> the
>> >> > > > >> > OAuth
>> >> > > > >>
>> >> > > > >> server :
>> >> > > > >> > I can see at the moment an oauth provider is
injected with
>> some
>> >> > > sample
>> >> > > > >> > consumer properties. I'm not sure what is the
best way to do
>> it
>> >> :
>> >> > > may
>> >> > > > >> > be
>> >> > > > >>
>> >> > > > >> the
>> >> > > > >>
>> >> > > > >> > server can return a registration form or the
client can just
>> >> push
>> >> > > the
>> >> > > > >> > registration info itself.
>> >> > > > >> >
>> >> > > > >> > Overall I think it is a good progress indeed
especially
>> given
>> >> the
>> >> > > > >>
>> >> > > > >> complexity
>> >> > > > >>
>> >> > > > >> > of the whole effort.
>> >> > > > >> >
>> >> > > > >> >
>> >> > > > >> >
>> >> > > > >> > thanks, Sergey
>> >> > > > >> >
>> >> > > > >> > On Wed, Jul 14, 2010 at 10:14 PM, Łukasz Moreń
<
>> >> > > lukasz.moren@gmail.com
>> >> > > > >> >
>> >> > > > >> >wrote:
>> >> > > > >> >> Hi all,
>> >> > > > >> >>
>> >> > > > >> >> I have managed to create two sample OAuth
aplications:
>> >> > > > >> >> ordinary OAuth 1.0a client:
>> >> http://www.oauthclient.appspot.com
>> >> > > > >> >> and authorization server that uses CXF
OAuth module:
>> >> > > > >> >> http://www.cxfoauthserver.appspot.com
>> >> > > > >> >>
>> >> > > > >> >> Both sample applications and changes in
oauth library are
>> >> > commited
>> >> > > in
>> >> > > > >> >> sandbox.
>> >> > > > >> >>
>> >> > > > >> >> OAuth configuration in sample authorization
server app
>> looks a
>> >> > bit
>> >> > > > >> >> awfully but I think most of that can be
hidden and done out
>> of
>> >> > > band.
>> >> > > > >> >> There is still some areas in specification
not covered by
>> >> > > > >> >> implementation, so I would like to take
care of that in
>> next
>> >> > steps.
>> >> > > > >> >>
>> >> > > > >> >> Thanks in advance for some feedback.
>> >> > > > >> >>
>> >> > > > >> >> Cheers,
>> >> > > > >> >> Lukasz
>> >> > >
>> >> > > --
>> >> > > Daniel Kulp
>> >> > > dkulp@apache.org
>> >> > > http://dankulp.com/blog
>> >> > >
>> >> >
>> >>
>> >
>> >
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message