Part 1/3 of our Devoxx University session. An introduction to some of the features of Java 7!
We're still working out where to host the torrent of our Virtual Box image with the coding exercises, we'll update the description when we sort it out.
Paperwork, Politics and Pain - Our year in the JCP (FOSDEM 2012)Martijn Verburg
In 2011 the London Java Community (LJC) stood for, and overwhelmingly won a seat in the open elections for a seat on the JCP Executive Committee (JCP EC), enough acronyms yet? We haven't even started! It's been a whirlwind trip so far with a great deal learned about politics, acronyms, the due diligence required on a JSR, flights to exotic places (Jersey City!?), wrangling over the wording of a sentence and of course launching some developer lead initiatives.
There have of course been some great successes in moving Free Java forward such as the JSR-348 which is the start of reforming the JCP and JSRs towards a truly open and transparent model. This talk covers the good works done so far, some anecdotes of what it's like to work as a developer amongst a mix of technologists and techies and what we think is left to be done.
Part 1/3 of our Devoxx University session. An introduction to some of the features of Java 7!
We're still working out where to host the torrent of our Virtual Box image with the coding exercises, we'll update the description when we sort it out.
Paperwork, Politics and Pain - Our year in the JCP (FOSDEM 2012)Martijn Verburg
In 2011 the London Java Community (LJC) stood for, and overwhelmingly won a seat in the open elections for a seat on the JCP Executive Committee (JCP EC), enough acronyms yet? We haven't even started! It's been a whirlwind trip so far with a great deal learned about politics, acronyms, the due diligence required on a JSR, flights to exotic places (Jersey City!?), wrangling over the wording of a sentence and of course launching some developer lead initiatives.
There have of course been some great successes in moving Free Java forward such as the JSR-348 which is the start of reforming the JCP and JSRs towards a truly open and transparent model. This talk covers the good works done so far, some anecdotes of what it's like to work as a developer amongst a mix of technologists and techies and what we think is left to be done.
Slides of Java One 2015 session "Advanced CDI in live coding"
In this session we explained how portable extensions work and shown third party framework integration with Metrics and Camel integration into CDI programming model
New features coming in CDI 2.0, talk given during Java One 2016
- Java SE support
- Async events
- Ordered events
- Meta data configurators
- Interceptors on producers
Slides of my tutorial I gave to Java One 2016 on advanced CDI 1.2 stuff.
Introducing CDI 1.2 SPI, Portable extension and then show how to develop fat JPA entities, asynchronous events and integration of a 3rd party framework (Dropwizard Metrics) with CDI 1.2 to enhance Java EE 7 platform.
Cette présentation est le support d'une Université faite à Devoxx par Mathieu Ancelin (Serli) et moi même. Elle propose une exploration pratique des fonctionnalités de CDI et de quelques extensions Seam 3 à travers le module Seam Social (solution d'interconnexion aux réseaux sociaux).
Les sujets suivants seront abordés :
Retour rapide sur la spécification CDI
Création et manipulation de Bean CDI
Création d'extension CDI
Utilisation d'événements CDI
Création de décorateurs et intercepteurs CDI
Extension de CDI pour une approche modulaire grace à Weld OSGI
Création d'une appli web cliente se connectant à plusieurs services (Twitter, Facebook LinkedIn)
Présentation sur Java EE / Wildfly faite au JUG SummerCamp 2015.
Venez revisiter les idées reçues sur Java EE. Cette présentation revisite les mythes autour de Java EE pour voir si ils sont toujours vrais ou faux.
1/3 : introduction to CDI - Antoine Sabot-DurandSOAT
Allez plus Loin avec CDI
En moins de 5 ans d’existence, Contexts and Dependency Injection (CDI) est devenue l’une des principale spécification de Java EE. Néanmoins, CDI est bien souvent perçu comme une simple solution d’injection de dépendance enrichie alors que cette spécification est bien plus riche que ça. Lors de cette présentation, après un rapide rappel des fonctionnalités de base de CDI, nous montrerons comment son utilisation avancée permet Java EE en intégrant des technologies legacy ou plus récent de manière naturelle. Nous finirons avec le travail en cours sur CDI 2.0 qui a commencé début septembre.
Slides of the Java One 2015 talk "Apache DeltaSpike - the CDI Toolbox". It contains presentation of Apache DeltaSpike, the framework that extends CDI in Java or Java EE
Slides of the talk gave to Devoxx with José Paumard about new features coming in CDI 2. Java SE support, asynchronous event, Interceptor on producers...
With less than five years and three releases under its belt, CDI has proven itself to be a great asset for Java. The many features it provides (dependency injection, contextual lifecycle, configuration, interception, event notification, and more) and the innovative way it provides them (through the use of meta-annotations) explain its rapid adoption. This session reviews the features introduced in CDI 1.1 and 1.2 and discusses improvements planned for CDI 2, such as standard support for Java SE and a light CDI version useful for embedded environments, showing how it will benefit Java.
This slides were used in a 2014 Devoxx university. They covers advanced CDI topics such as metadata injection manipulation and portable extension development. it shows advanced features in CDI on the theoretical and practical sides. They show how to integrate legacy code, how to extend CDI to integrate an existing framework and how to use CDI to create a new powerful framework.
CDI portable extensions are one of greatest features of Java EE allowing the platform to be extended in a clean and portable way. But allowing extension is just part of the story. CDI opens the door to a whole new eco-system for Java EE, but it’s not the role of the specification to create these extensions.
Apache DeltaSpike is the project that leads this brand new eco-system by providing useful extension modules for CDI applications as well as tools to ease the creation of new ones.
In this session, we’ll start by presenting the DeltaSpike toolbox and show how it helps you to develop for CDI. Then we’ll describe the major extensions included in DeltaSpike, including 'configuration', 'scheduling' and 'data'.
Slides of the university I gave at Devoxx Belgium with Antonio Goncalves on CDI, Java EE and JBoss Forge.
Abstract:
-------
During this 3 hours university, you will learn some CDI basis, and will quickly dive into more advance CDI features (such as extension). Using JBoss Forge we will quickly generate a Java EE 7 web application, and then, following business requirements, we will add CDI functionalities.
This university talk will be a mixture of code and slides, focusing on CDI and Java EE 7.
--------
Video of the university is available on YouTube: http://youtu.be/LYKMaj4XKvg
Code and Slides on GitHub: https://github.com/antoinesd/cdi-forge-uni/tree/DevoxxBe2015
Enterprise Social using Open Source FrameworksWerner Keil
A Social Media Week Hamburg 2013 workshop. Following the path of projects like Seam Social, a number of people started to work on Agorava, a “reference implementation” for Social Network integration in Java.
In this session, you will see examples from a number of frameworks that help developers to integrate their projects with existing Social Networks, both Public (Facebook, Twitter, Google+, LinkedIn, Xing, Yammer,…) and Corporate, e.g. within the Enterprise or Institution (University, Hospital, Library, Museum or individual Artists…) It also aims to assist Java Enterprise technologies and frameworks by adding social media features to web sites or services developed using Java or running on a JVM.
This session is a hands-on presentation, showing live code examples where possible and appropriate.
Enterprise Social using Open Source Frameworks (SMWCPH)Werner Keil
A Social Media Week Copenhagen 2013 session. Following the path of projects like Seam Social, a number of people started to work on Agorava, a “reference implementation” for Social Network integration in Java.
In this session, you will see examples from a number of frameworks that help developers to integrate their projects with existing Social Networks, both Public (Facebook, Twitter, Google+, LinkedIn, Xing, Yammer,…) and Corporate, e.g. within the Enterprise or Institution (University, Hospital, Library, Museum or individual Artists…) It also aims to assist Java Enterprise technologies and frameworks by adding social media features to web sites or services developed using Java or running on a JVM.
This session is a hands-on presentation, showing live code examples where possible and appropriate.
Slides of Java One 2015 session "Advanced CDI in live coding"
In this session we explained how portable extensions work and shown third party framework integration with Metrics and Camel integration into CDI programming model
New features coming in CDI 2.0, talk given during Java One 2016
- Java SE support
- Async events
- Ordered events
- Meta data configurators
- Interceptors on producers
Slides of my tutorial I gave to Java One 2016 on advanced CDI 1.2 stuff.
Introducing CDI 1.2 SPI, Portable extension and then show how to develop fat JPA entities, asynchronous events and integration of a 3rd party framework (Dropwizard Metrics) with CDI 1.2 to enhance Java EE 7 platform.
Cette présentation est le support d'une Université faite à Devoxx par Mathieu Ancelin (Serli) et moi même. Elle propose une exploration pratique des fonctionnalités de CDI et de quelques extensions Seam 3 à travers le module Seam Social (solution d'interconnexion aux réseaux sociaux).
Les sujets suivants seront abordés :
Retour rapide sur la spécification CDI
Création et manipulation de Bean CDI
Création d'extension CDI
Utilisation d'événements CDI
Création de décorateurs et intercepteurs CDI
Extension de CDI pour une approche modulaire grace à Weld OSGI
Création d'une appli web cliente se connectant à plusieurs services (Twitter, Facebook LinkedIn)
Présentation sur Java EE / Wildfly faite au JUG SummerCamp 2015.
Venez revisiter les idées reçues sur Java EE. Cette présentation revisite les mythes autour de Java EE pour voir si ils sont toujours vrais ou faux.
1/3 : introduction to CDI - Antoine Sabot-DurandSOAT
Allez plus Loin avec CDI
En moins de 5 ans d’existence, Contexts and Dependency Injection (CDI) est devenue l’une des principale spécification de Java EE. Néanmoins, CDI est bien souvent perçu comme une simple solution d’injection de dépendance enrichie alors que cette spécification est bien plus riche que ça. Lors de cette présentation, après un rapide rappel des fonctionnalités de base de CDI, nous montrerons comment son utilisation avancée permet Java EE en intégrant des technologies legacy ou plus récent de manière naturelle. Nous finirons avec le travail en cours sur CDI 2.0 qui a commencé début septembre.
Slides of the Java One 2015 talk "Apache DeltaSpike - the CDI Toolbox". It contains presentation of Apache DeltaSpike, the framework that extends CDI in Java or Java EE
Slides of the talk gave to Devoxx with José Paumard about new features coming in CDI 2. Java SE support, asynchronous event, Interceptor on producers...
With less than five years and three releases under its belt, CDI has proven itself to be a great asset for Java. The many features it provides (dependency injection, contextual lifecycle, configuration, interception, event notification, and more) and the innovative way it provides them (through the use of meta-annotations) explain its rapid adoption. This session reviews the features introduced in CDI 1.1 and 1.2 and discusses improvements planned for CDI 2, such as standard support for Java SE and a light CDI version useful for embedded environments, showing how it will benefit Java.
This slides were used in a 2014 Devoxx university. They covers advanced CDI topics such as metadata injection manipulation and portable extension development. it shows advanced features in CDI on the theoretical and practical sides. They show how to integrate legacy code, how to extend CDI to integrate an existing framework and how to use CDI to create a new powerful framework.
CDI portable extensions are one of greatest features of Java EE allowing the platform to be extended in a clean and portable way. But allowing extension is just part of the story. CDI opens the door to a whole new eco-system for Java EE, but it’s not the role of the specification to create these extensions.
Apache DeltaSpike is the project that leads this brand new eco-system by providing useful extension modules for CDI applications as well as tools to ease the creation of new ones.
In this session, we’ll start by presenting the DeltaSpike toolbox and show how it helps you to develop for CDI. Then we’ll describe the major extensions included in DeltaSpike, including 'configuration', 'scheduling' and 'data'.
Slides of the university I gave at Devoxx Belgium with Antonio Goncalves on CDI, Java EE and JBoss Forge.
Abstract:
-------
During this 3 hours university, you will learn some CDI basis, and will quickly dive into more advance CDI features (such as extension). Using JBoss Forge we will quickly generate a Java EE 7 web application, and then, following business requirements, we will add CDI functionalities.
This university talk will be a mixture of code and slides, focusing on CDI and Java EE 7.
--------
Video of the university is available on YouTube: http://youtu.be/LYKMaj4XKvg
Code and Slides on GitHub: https://github.com/antoinesd/cdi-forge-uni/tree/DevoxxBe2015
Enterprise Social using Open Source FrameworksWerner Keil
A Social Media Week Hamburg 2013 workshop. Following the path of projects like Seam Social, a number of people started to work on Agorava, a “reference implementation” for Social Network integration in Java.
In this session, you will see examples from a number of frameworks that help developers to integrate their projects with existing Social Networks, both Public (Facebook, Twitter, Google+, LinkedIn, Xing, Yammer,…) and Corporate, e.g. within the Enterprise or Institution (University, Hospital, Library, Museum or individual Artists…) It also aims to assist Java Enterprise technologies and frameworks by adding social media features to web sites or services developed using Java or running on a JVM.
This session is a hands-on presentation, showing live code examples where possible and appropriate.
Enterprise Social using Open Source Frameworks (SMWCPH)Werner Keil
A Social Media Week Copenhagen 2013 session. Following the path of projects like Seam Social, a number of people started to work on Agorava, a “reference implementation” for Social Network integration in Java.
In this session, you will see examples from a number of frameworks that help developers to integrate their projects with existing Social Networks, both Public (Facebook, Twitter, Google+, LinkedIn, Xing, Yammer,…) and Corporate, e.g. within the Enterprise or Institution (University, Hospital, Library, Museum or individual Artists…) It also aims to assist Java Enterprise technologies and frameworks by adding social media features to web sites or services developed using Java or running on a JVM.
This session is a hands-on presentation, showing live code examples where possible and appropriate.
Empowering the Social Web with Apache Shindigplindner
The social web is already reality! It makes applications available to more users, by providing common APIs that can be used in many different contexts. OpenSocial is an API that can be used by developers to create applications using standard JavaScript and HTML. These applications run on social websites that have implemented the OpenSocial APIs. Known as OpenSocial containers, these websites allow developers to access their social information. In return, they receive a large suite of applications for their users. Apache Shindig is a brand new incubator podling implementing the OpenSocial APIs. This talk describes Shindig in depth, and shows how it can be embedded into a larger web application to enable the web-app to host OpenSocial apps.
Enterprise 2.0 with Open Source Frameworks like AgoravaWerner Keil
After Seam stopped at version 3, affecting related modules like Seam Social, a number of people started to work on Agorava, a "reference implementation" for Social Network integration in Java.
In this session, you will see examples from a number of frameworks that help developers to integrate their projects with existing Social Networks, both Public (Facebook, Twitter, Google+, LinkedIn, Xing, Yammer,...) and Corporate, e.g. within the Enterprise or Institution (University, Hospital, Library, Museum or individual Artists...) It also aims to assist Java Enterprise technologies and frameworks by adding social media features to web sites or services developed using Java or running on a JVM. Agorava is intended to be part of JDF 2.next alongside full DeltaSpike support or PicketLink SSO and more, e.g. JSR 330, allowing Agorava to also run on Android or Java SE.
DevOps is much more than tooling and technical details, it’s first and foremost a cultural and operational shift. This deck was given at www.devopscon.com, and covers some of the principles and best practices preached for by devops thought leaders such as John Allspaw, Jesse Robbins, Adrian Cockroft, Jez Humble and others.
This presentation is for enterprises that are considering adopting Scala. The author is managing editor of http://scalacourses.com, which offers self-paced online courses that teach Introductory and Intermediate Scala and Play Framework.
Splunk for JMX App overview (configuration, deployment, tips and tricks). Developing JMX logic in your application. Splunking other JVM logs and profiling traces. The JVM application landscape and why it's such a rich source of Splunkable machine data. Developing new Splunkbase apps to leverage Splunk for JMX.
Steve Poole and I presented this talk at JavaOne 2013, discussing and promoting recent work done by the London Java Community (LJC) on the "Betterrev" application which seeks to improve the process of contributing to the Java OpenJDK
Intro to DefectDojo at OWASP SwitzerlandMatt Tesauro
You’re tasked with ‘doing AppSec’ for your company and you’ve got more apps and issues than you know how to deal with. How do you make sense of the different tools outputs for all your different apps? DefectDojo can be your one source of truth and become the heart of your AppSec automation program.
DefectDojo grew out of a Product Security program 8 years ago and was created by AppSec people for AppSec people. In this talk, you’ll learn about DefectDojo and how to make the most of the many features it offers including its REST-based API. DefectDojo can be your one source of truth for discovered security vulnerabilities, report generation, aggregation of over 80 different security tools, inventory of applications, tracking testing efforts and metrics on the AppSec program. DefectDojo was the heart of an AppSec automation effort that saw an increase in assessments from 44 to 414 in two years. Don't you want 9.4 times more output from your AppSec program? It's time to ditch spreadsheets and get DefectDojo.
Presentation by Ian de Villiers at ZaCon 2 about exploiting java.
This presentation is about instrumenting java applications. it begins with an explanation of what a jar file is. The difficulties in attacking java, such as signing and obfuscation are discussed. How to overcome these difficulties is also discussed. The presentation ends with a walkthrough example of how to instrument a java application.
Whitepages Practical Experience Converting from Ruby to Reactive
Devoxx Java Social and Agorava
1. Java Social JSR,
It’s Alive
Antoine Sabot-Durand
Java EE Expert, Architect
Ippon Technologies
@antoine_sd
Werner Keil
Build Manager, DevOps Expert,
Agile Coach
Maersk Line
@wernerkeil
mardi 13 novembre 12
2. Antoine Sabot-Durand
• Java EE expert at Ippon Technologies
• Architect and Tech consultant
• 16 years in IT
• Java & OSS :
• Agorava technical leader
• Apache Deltaspike Commiter
• Member of l’EG CDI 1.1(JSR 346)
• @antoine_sd
2
mardi 13 novembre 12
3. Werner Keil - Bio
• Consultant – Coach
• Creative Cosmopolitan
• Open Source Evangelist
• Software Architect
• Java Godfather
• JCP Executive Committee Member
• Eclipse UOMo Project Lead
• DevOps Guy
3
mardi 13 novembre 12
4. Agenda
• Episode I : History – JSR 357 Rise and Fall
• The precursors
• From Seam Social to JSR 357
• What went Wrong?
• Episode II : Standards in Social Media
• The standards part
• The non standard part
• So what would be a Java Standard for Social Media ?
4
mardi 13 novembre 12
5. Agenda (2)
• Espisode III : The Agorava Project
• Agorava Demo
• From JSR 357 to Agorava
• Agorava architecture
• Extending Agorava
• Related JSR : Security & identity
• Differences from other APIs and Frameworks
• Episode IV: Agorava, the technical parts
• Jackson Mapping Mixin
• CDI in Agorava 0.5
• JsonSchema2Pojo
• JAX-RS 2.0 client Framework in Agorava 1.0
• Episode V : Demo and Q&A 5
mardi 13 novembre 12
6. Episode I
JSR 357 Rise and Fall
mardi 13 novembre 12
8. Twitter4j
• Twitter4J is an unofficial Java library for the Twitter API.
With Twitter4J, you can easily integrate your Java application with Twitter.
• Its author, Yusuke Yamamoto used to work at Twitter.
While he did, he was briefly meant to represent Twitter in the Social JSR
EG.
• It’s light and based on Java 1.4 to be integrated in mobile app for instance
8
mardi 13 novembre 12
9. Scribe Java
• Scribe is java framework that provides basic OAuth function
• It also contains configuration for a lot of Social Media
• Only one dependency on Apache Common Codec
• At the heart of Agorava 0.5
9
mardi 13 novembre 12
10. DaliCore – CMS
• More than a CMS → DaliCore
• Adds functionality common to users, content and permissions on top of
Java EE 6.
• Focus on Users and Permissions.
• In about every project that uses DaliCore, users should be able to login
with existing credentials (Facebook, Twitter, Google Connect,...)
• Dali modules extend DaliCore
10
mardi 13 novembre 12
11. Spring Social
• Spring social that inspired Seam Social and Agorava and is more mature
• Spring Social module were used to create first agorava modules (thanks
to OSS and ASL2)
• But it’s Spring only module....
11
mardi 13 novembre 12
12. And then the JSR 357 was proposed
• In march 2012 on Werner Keil initiative, Java Social was submitted to the
JCP to become a JSR
• It proposed to standardized access to Social Media in Java
• It was voted down by 8 votes against 5
12
mardi 13 novembre 12
15. Too Soon?
Lack of real POC... 15
mardi 13 novembre 12
16. It can’t be standardized?
FALSE
16
mardi 13 novembre 12
17. Episode II
Standards in Social Media
mardi 13 novembre 12
18. Standard part in social media
• All social medias use REST as transmission protocol
• Most of them transmit data in JSON format and some in XML
• Identification & Authentication are almost always based on OAuth
protocol
18
mardi 13 novembre 12
19. REST
• REpresentational State Transfer : Requests about resource representation
(customer, book, order)
• REST is based on low level HTTP concepts
• Each resource has a unique identifier (an URI). 4 HTTP verbs can be
applied to a uri : GET, POST, PUT, DELETE
• Java has a standard to deal with REST: JAX-RS. Version 1.0 doesn’t
provide client API yet. JAX-RS 2.0 will provide one
19
mardi 13 novembre 12
20. JSON
Javascript Object Notation : This data
1: {
2: "firstName": "John", format comes from Javascript. It became a
3:
4:
"lastName" : "Smith",
"age" : 25, standard for online services including Social
5:
6:
"address" :
{ Media.
7: "streetAddress": "21 2nd Street",
8: "city" : "New York",
9: "state" : "NY",
10: "postalCode" : "10021"
11: },
12: "phoneNumber":
13: [
14: {
15: "type" : "home",
16: "number": "212 555-1234"
17: },
18: {
19: "type" : "fax",
20: "number": "646 555-4567"
21: }
22: ]
23: }
20
mardi 13 novembre 12
21. OAuth
• OAuth is a protocol to delegate rights for an application to act on the
behalf of an user who granted its rights without giving awayher login /
password
• Developped by Twitter, Magnolia and Google, it was made standard by
IETF in april 2010 under RFC 5849
• Version 2.0, simpler to use but often citicised by its too many
implementation s was standardized in October 2012 under RFC 6749
and 6750. It’s already used by many actors (Facebook, Google, Microsoft)
• All social Media are based on OAuth 1.0a or 2.0.
• To use OAuth, one has to create an application on the targeted service
to have an entry point for consumer 21
mardi 13 novembre 12
22. OAuth has 3 step
• Creating an application in the OAuth Social Media service
• Initialization : the right granting phase also called the OAuth Dance. At
the end of the dance we obtain an access token (formed by a public and
secret part) use in next step
• Signature : each request is signed with access token and token
identifying the OAuth application that was granted the rights
22
mardi 13 novembre 12
23. OAuth Step 1 : Create an application
23
mardi 13 novembre 12
25. The OAuth 1.0a «Dance»
Social Media Service
(where OAuth application is declared)
user
Consuming service server 25
mardi 13 novembre 12
26. The OAuth 1.0a «Dance»
Social Media Service
(where OAuth application is declared)
user
1
client asks for a
resource on the
consuming service
Consuming service server 25
mardi 13 novembre 12
27. The OAuth 1.0a «Dance»
Social Media Service
(where OAuth application is declared)
user
Consuming service ask a
1
request token tot he Social
2 Media (using OAuth
application keys). It also send
a callback url
client asks for a
resource on the
consuming service
Consuming service server 25
mardi 13 novembre 12
28. The OAuth 1.0a «Dance»
Social Media Service
(where OAuth application is declared)
token is returned by SM
user 3
Consuming service ask a
1
request token tot he Social
2 Media (using OAuth
application keys). It also send
a callback url
client asks for a
resource on the
consuming service
Consuming service server 25
mardi 13 novembre 12
29. The OAuth 1.0a «Dance»
Social Media Service
(where OAuth application is declared)
Consuming
service 4
redirect user
on the social
media login token is returned by SM
page user 3
Consuming service ask a
1
request token tot he Social
2 Media (using OAuth
application keys). It also send
a callback url
client asks for a
resource on the
consuming service
Consuming service server 25
mardi 13 novembre 12
30. The OAuth 1.0a «Dance»
Social Media Service
Once authenticated, social media (where OAuth application is declared)
redirects user on call back url with a
verification code
Consuming
service 4
redirect user 5
on the social
media login token is returned by SM
page user 3
Consuming service ask a
1
request token tot he Social
2 Media (using OAuth
application keys). It also send
a callback url
client asks for a
resource on the
consuming service
Consuming service server 25
mardi 13 novembre 12
31. The OAuth 1.0a «Dance»
Social Media Service
Once authenticated, social media (where OAuth application is declared)
redirects user on call back url with a
verification code
Consuming
service 4
redirect user 5
on the social
media login token is returned by SM
page user 3
Consuming service ask a
1
request token tot he Social
2 Media (using OAuth
6 application keys). It also send
a callback url
client asks for a
resource on the with the code and request token
consuming service consuming service request an access
token
Consuming service server 25
mardi 13 novembre 12
32. The OAuth 1.0a «Dance»
Social Media Service
Once authenticated, social media (where OAuth application is declared)
redirects user on call back url with a
verification code
Consuming Social media returns Access token
service 4
redirect user 5
on the social
7
media login token is returned by SM
page user 3
Consuming service ask a
1
request token tot he Social
2 Media (using OAuth
6 application keys). It also send
a callback url
client asks for a
resource on the with the code and request token
consuming service consuming service request an access
token
Consuming service server 25
mardi 13 novembre 12
33. The OAuth 2.0 «Dance» now in SSL
Social Media Service
(where OAuth application is declared)
user
Consuming service server 26
mardi 13 novembre 12
34. The OAuth 2.0 «Dance» now in SSL
Social Media Service
(where OAuth application is declared)
user
1
client asks for a
resource on the
consuming service
SSL is mandatory
Consuming service server 26
mardi 13 novembre 12
35. The OAuth 2.0 «Dance» now in SSL
Social Media Service
(where OAuth application is declared)
Consuming
service
redirect user 2
on the social
media login
page user
1
client asks for a
resource on the
consuming service
SSL is mandatory
Consuming service server 26
mardi 13 novembre 12
36. The OAuth 2.0 «Dance» now in SSL
Social Media Service
Once authenticated, social media (where OAuth application is declared)
redirects user on call back url with a
verification code
Consuming
service
redirect user 2 3
on the social
media login
page user
1
client asks for a
resource on the
consuming service
SSL is mandatory
Consuming service server 26
mardi 13 novembre 12
37. The OAuth 2.0 «Dance» now in SSL
Social Media Service
Once authenticated, social media (where OAuth application is declared)
redirects user on call back url with a
verification code
Consuming
service
redirect user 2 3
on the social
media login
page user
1
4
client asks for a with the code and request token
resource on the consuming service request an access
consuming service token
SSL is mandatory
Consuming service server 26
mardi 13 novembre 12
38. The OAuth 2.0 «Dance» now in SSL
Social Media Service
Once authenticated, social media (where OAuth application is declared)
redirects user on call back url with a
verification code
Consuming Social media returns Access token
service
redirect user 2 3
on the social
5
media login
page user
1
4
client asks for a with the code and request token
resource on the consuming service request an access
consuming service token
SSL is mandatory
Consuming service server 26
mardi 13 novembre 12
50. OAuth Signature : Signed request
POST /1/statuses/update.json?include_entities=true HTTP/1.1
Accept: */*
Connection: close
User-Agent: OAuth gem v0.4.4
Content-Type: application/x-www-form-urlencoded
Authorization:
OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",
oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg",
oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1318622958",
oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
oauth_version="1.0"
Content-Length: 76
Host: api.twitter.com
status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21
32
mardi 13 novembre 12
51. The non Standard parts
• Non standard identity management or any other API across Social Media
• More than that. There is no Social Media that Guarantee :
• Its API won’t change for a given period
• backward compatibility when its API change
33
mardi 13 novembre 12
52. So what would be a standard for Social ?
• A basic heart providing basic services :
• OAuth and Rest request
• Multi Social Media connexions
• Polymorphic services to enforce standard on social Media
• Connector definition for Social module
• So this standard would be a kind Java Social Connector definition
standard
34
mardi 13 novembre 12
54. Episode III
Agorava Project
mardi 13 novembre 12
55. From JSR 357 to Agorava
• Before Agorava there was Seam Social part of Seam 3 JBoss project
• In begining of 2012, Seam was stopped to be merged in Apache
DeltaSpike
• Agorava was born mainly from Seam Social after JSR 357 attempt
• One of it’s goals is to be the missing POC
for a new Java Social JSR
37
mardi 13 novembre 12
56. Linked concept Security and Identity
• Identity, Privacy and Trust
• Identity attributes are properties of a digital subject
• A digital subject is a digital representation of an entity that is an actor or
target of a digital operation.
• Privacy is the degree to which the availability of an entity’s identity
attributes can be controlled
• Trust is an evaluation of the reliability of a representation of a digital
subject
• An identity is a set of identity attributes that distinguish an entity
38
mardi 13 novembre 12
57. Identity for Social Media
• Java Identity API (JSR 351) goals for Social Media
• Attribute Service composed of attribute providers
• specification will define contracts to facilitate repository integrations
by third parties.
• Reference Implementation will provide some specific integrations
including those provided by contributors to Open Source project;
Facebook, Twitter, and LinkedIn will be among the identity repositories
considered for integration within the reference integration, as will their
associated programming interfaces and protocols, including Facebook
Connect, Google-ID and OAuth 2.0.
39
mardi 13 novembre 12
58. Facebook JSR 351 Example – Agent
@Named("Facebook")
public class FacebookRepositoryAgent implements RepositoryAgent {
public AttributeRepository getAttributeRepository(String repositoryName) {
TableIdentifier tID = null;
AttributeRepository rvalue = null;
try {
tID = FacebookTableID.valueOf(repositoryName);
rvalue = repositoryTable.get(tID);
} catch (IllegalArgumentException iae) {
}
if (rvalue == null) {
rvalue = new FacebookAttributeRepository(new
RepositoryDescriptor(FacebookRepositoryAgent.class,tID.name()));
repositoryTable.put(tID,rvalue);
}
return rvalue;
} 56
mardi 13 novembre 12
59. Facebook JSR 351 Example – Repository
public class FacebookAttributeRepository implements AttributeRepository {
private RepositoryDescriptor _repositoryDescriptor;
private ProviderLookupContext _context; FacebookLookupService _lookupService;
public FacebookAttributeRepository(RepositoryDescriptor descriptor) {
_repositoryDescriptor = descriptor;
_context = new ProviderLookupContext(descriptor);
_lookupService = new FacebookLookupService(this);
}
public RepositoryDescriptor getRepositoryDescriptor() {
return _repositoryDescriptor;
}
[…]
public IDPredicate and(IDPredicate ... predicates) {
return new FacebookPredicate(_context, IDBooleanOperator.and, predicates);
}
57
mardi 13 novembre 12
60. Facebook JSR 351 Example – Connect
JSONObject graphValues = getResponseValues(graphResponse);
user = (String) graphValues.get(userPropertyName);
Iterator<String> it = graphValues.keys();
while (it.hasNext()) {
String key = it.next();
final URI id = new URI(userInfoEndpoint + "/" + key);
final Collection<String> names = new ArrayList<String>();
final Object value = graphValues.get(key);
final IDAttributeValue attributeValue = new IDAttributeValue() {
public Serializable getValue() {
return (Serializable) value;
}
public Collection getValues() {
return Collections.EMPTY_LIST;
}
};
58
}
mardi 13 novembre 12
61. Agorava Goals
• Provides generics services
across different Social Media
(identification, Post, etc...)
• Dynamic discovery of Social
Media modules (core detect
what modules are available at
startup)
• Managing multiple Social Media
connection at the same time
• Provides high level services
(and binding) to interact with
Social Media 43
mardi 13 novembre 12
62. Agorava 0.5 Macro architecture
• Agorava core is the «smart
Twitter
Module
LinkedIn
Module
Facebook
Module
Social Media X
module
part» of the framework
• Modules are mainly REST
Agorava Core API and JSON mapping
CDI impl Guice impl Spring impl • Today Agorava has a CDI
implementation only
@Inject impl
• On the roadmap we plan to
Java SE Impl
provide :
• full Java SE support
API
• JSR 330 (Guice and/or
Spring) support 44
mardi 13 novembre 12
65. OAuth configuration
public interface OAuthAppSettings { • OAuthAppSettings contains
needed infos to start the OAuth
public String getApiKey();
Dance :
public String getApiSecret();
•Public and private keys of OAuth
public String getCallback();
application
public String getScope();
•Callback URL
•OAuth 2.0 scope
public String getSocialMediaName();
•Name of the Social Media to
} which these settings are related
47
mardi 13 novembre 12
66. OAuth support
public interface OAuthProvider { • OAuthProvider provides
public OAuthToken getRequestToken(); OAuth support. Its
public OAuthToken getAccessToken(OAuthToken tok, String ver); implementation uses
public void signRequest(OAuthToken tok, OAuthRequest req);
OAuthAppSettings to get
initatilized
•
public String getVersion();
There one can :
•
public String getAuthorizationUrl(OAuthToken requestToken);
Create a RequestToken
public OAuthRequest requestFactory(RestVerb v, String uri);
public OAuthToken tokenFactory(String token, String secret);
• Get the URL to start
connexion
•
}
Get the Acces Token
• Create OAuth signature 48
mardi 13 novembre 12
67. Rest calls with OAuthService
public interface OAuthService extends RestService {
• OAuthService uses
public OAuthToken getAccessToken();
OAuthProvider to create and
public String getAuthorizationUrl();
public String getVerifier();
sign requests. It provides
public void initAccessToken(); higher level services :
public RestResponse sendSignedRequest(RestVerb verb, String uri);
public RestResponse sendSignedRequest(RestVerb verb, String uri, Map<String, ?> params); • Integration of user OAuth
public RestResponse sendSignedRequest(RestVerb verb, String uri, String key, Object value); session
public void setVerifier(String verifierStr);
public void setAccessToken(String token, String secret); • Management of OAuth life
public void setAccessToken(OAuthToken token); cycle
public RestResponse sendSignedXmlRequest(RestVerb verb, String uri, String payload);
public OAuthSession getSession(); • Sending simple Rest Request
}
public RestResponse sendSignedRequest(OAuthRequest request);
<T> T get(String uri, Class<T> clazz, boolean signed);
• Sending signed Rest Request
49
mardi 13 novembre 12
68. High level API root : AbstractSocialMediaApi
• AbstractSocialMediaApi is
the root for each family of
API in a given social media
module
• Some services provides
more than ten API families
(for instance Twitter)
• So we need a concept to
gather these families 50
mardi 13 novembre 12
69. API families Hubs with SocialMediaApiHub
public interface SocialMediaApiHub extends
OAuthServiceAware, Serializable {
• Hubs are here to :
•Provide a gathering class
public UserProfile getMyProfile(); for all API families of a
public void resetConnection();
given service
public boolean isConnected();
•Be the entry point of
generic functionalities
public String getVerifierParamName(); across different Social
Media
public String getSocialMediaName();
• They also are the entry
} point of Social Media
configuration 51
mardi 13 novembre 12
70. OAuthSession contains user specific infos
•
public interface OAuthSession extends Serializable {
OAuthSession contains data
public OAuthToken getRequestToken();
to handle the user part of an
public void setRequestToken(OAuthToken requestToken);
OAuth connexion :
public OAuthToken getAccessToken();
• RequestToken
•
public void setAccessToken(OAuthToken accessToken);
Verifier
•
public String getVerifier();
And last but not least
public void setVerifier(String verifier);
AccessToken
public void setUserProfile(UserProfile userProfile);
• OAuthSession keeps alos
public UserProfile getUserProfile();
track of connected user
public Annotation getServiceQualifier(); identity
public boolean isConnected(); 52
}
mardi 13 novembre 12
72. Create a new Agorava module
• To create a new module for Agorava 0.5, you have to :
• Create a Qualifier (annotation) tagued with @ServiceRelated meta
annotation
• Create a low level API class containing basic endpoints to the new Social
service. The class should use the same name as qualifier
• Extend AbstractSocialMediaApi to create the root class for all API
families of the new Social Media
• Extend AbstractSocialMediaApiHub to gather Api families and
implements generic services
• At minima create Service class to deal with user profile in the new
service 54
mardi 13 novembre 12
73. Episode IV
Technologies in Agorava
mardi 13 novembre 12
75. Jackson
• JSON to Pojo binding
• A JAX-B like solution for JSON
• Works with JAX-B anotations
• Provides also Json parsing tools
• Provides an elegant solution : the Mixin to configure mapping outside of
the pojo 57
mardi 13 novembre 12
76. Mixin Example
public class Trend {
private final String name;
private final String query;
public Trend(String name, String query) { @JsonIgnoreProperties(ignoreUnknown = true)
this.name = name; abstract class TrendMixin {
this.query = query;
} @JsonCreator
TrendMixin(@JsonProperty("name") String name,
public String getName() { @JsonProperty("query") String query) {
return name; }
}
}
public String getQuery() {
return query;
}
}
58
mardi 13 novembre 12
77. Module configuration is needed to use mixin
class TwitterModule extends SimpleModule {
public TwitterModule() {
super("TwitterModule", new Version(1, 0, 0, null));
}
@Override
public void setupModule(SetupContext context) {
context.setMixInAnnotations(TwitterProfile.class, TwitterProfileMixin.class);
context.setMixInAnnotations(SavedSearch.class, SavedSearchMixin.class);
context.setMixInAnnotations(Trend.class, TrendMixin.class);
}
}
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.registerModule(new TwitterModule);
59
mardi 13 novembre 12
88. CDI Extensions why ?
• An extension allows to
• Create beans or injection
points
• modify beans or injection
points
• Cancel beans creation
• More generally to analyse all
beans and change them
before the application is
launch
70
mardi 13 novembre 12
89. Understanding extensions
• Once the application is
running, bean manager is
immutable (no dynamic bean
in CDI)
• Extensions will be launch
when the application is
launch
• Extensions are also Beans
71
mardi 13 novembre 12
90. CDI Lifecycle
Deploy Process Process Before Undeploy
Application Beans Producers Shutdown Application
Process
Before Bean Process Application
Observer
Discovery Injection Taget Running
Methods
After
Scan Process After Bean
Deployment
Archive Anotated Types Discovery
Validation
72
mardi 13 novembre 12
91. To create an extension
• Create a class which implements
Extension
• Add one or more method that Observes
CDI lifecycle steps to modify Bean
Manager content
• Add this file in classpath
META-INF/services/javax.enterprise.inject.spi.Extension
in which you add qualified name of the
extension class
73
mardi 13 novembre 12
92. Simple Example : @Veto
<X> void processAnnotatedType(@Observes final ProcessAnnotatedType<X> pat, BeanManager beanManager) {
final AnnotatedType<X> annotatedType = pat.getAnnotatedType();
final Class<X> javaClass = annotatedType.getJavaClass();
final Package pkg = javaClass.getPackage();
// Support for @Veto
if (annotatedType.isAnnotationPresent(Veto.class) ||
(pkg != null && pkg.isAnnotationPresent(Veto.class))) {
pat.veto();
log.info("Preventing " + javaClass + " from being installed as bean due to @Veto annotation");
return;
}
}
74
mardi 13 novembre 12
93. New technologies in version 1.0
• JAX-RS 2.0 client framework
• Development has just started
• It will deprecated Java Scribe in Agorava
• OAuth filters has to be written for this client
• Json 2 pojo schema
• An easy way to generate pojo from Json
• Demo
75
mardi 13 novembre 12
94. Major API Evolution in version 1.0
public interface HasTimeline {
public interface HasUpdate {
public List<String> getTimeLine();
public boolean sendUpdate(String message);
public List<String> getTimeLine(Date from, Date to);
}
public List<String> getTimeLine(String fromId);
}
public class FacebookServicesHub extends AbstractSocialMediaApiHub implements HasUpdate, HasTimeline
@Inject
@Any
Instance<HasUpdate> updatables;
...
for (HasUpdate updatable : updatables) {
updatable.sendUpdate(msg);
76
}
mardi 13 novembre 12