Progmatically configuring Spring Security OAUTH - spring

Prefer to progmatically configure spring security oauth for sake of consistency. The documentation covers xml but doesn't seem to mention progmatic configuration.
Whats the Java equivalent of the xml (extract from the sample project) configuration?
<oauth:consumer resource-details-service-ref="resourceDetails" oauth-failure-page="/oauth_error.jsp">
<oauth:url pattern="/google/**" resources="google"/>
<oauth:url pattern="/login/**" resources="none"/>
</oauth:consumer>
<oauth:resource-details-service id="resourceDetails">
<oauth:resource id="google" key="anonymous" secret="anonymous"
request-token-url="https://www.google.com/accounts/OAuthGetRequestToken"
user-authorization-url="https://www.google.com/accounts/OAuthAuthorizeToken"
access-token-url="https://www.google.com/accounts/OAuthGetAccessToken"
request-token-method="GET"
access-token-method="GET">
<oauth:addtionalParameter name="scope" value="https://picasaweb.google.com/data/"/>
<oauth:addtionalParameter name="xoauth_displayname" value="Tonr Example Application"/>
</oauth:resource>
</oauth:resource-details-service>

There is no Java DSL for configuring OAuth1.0a. You can create bean definitions manually, or use the XML. Note that for Google APIs you can use OAuth2 (which does have a Java DSL). If anyone is interested in contributing a Java DSL there is already a pull request with a big refactoring of the OAuth1.0a pieces, so it might be good to start from there.

Related

Create beans with property names as element names?

I am new to spring and happy to see that following works as expected:
<bean id="..." class="server.Shell">
<property name="usableCommands" value="cat"/>
</bean>
The above is in the client code, where I have provided the server.Shell. Now I would like for the clients to be able to use the following:
<shell id="...">
<usableCommands value="cat"/>
</shell>
Is there anything in springframework that I can use to map say an xsd to bean classes? Any other suggestion for easily creating a simple xml based domain language?
You can register a custom XML Namespace in Spring that would allow you to customize your configuration XML. If you're looking to create a sort of DSL in your Spring configuration XML, that might be a good place to start.
UPDATE:
Check out this link for a general example of how custom namespaces in Spring work. This pattern should hold in OSGi as well -- check out Section 6.4 of the Spring OSGi docs for an explanation. If you're new to OSGi, it can be daunting in general. SpringDM can help. Try here for some background and here for an example. Hope that helps.

Get config setting in custom taglib using Spring "context-property-placeholder"

I'm creating a custom taglib, and would like to use some config options that are loaded via the underlying Spring framework using:
<context:property-placeholder location="classpath:config.properties" />
How would I get access to these variables in my taglib?
Thanks,
James.
The JSP taglibs have nothing in common with the Spring context's lifecycle, they're managed by the servlet container. This can complicate things a bit, for example: inject-dependency-into-a-taglib-class, how-to-write-tag-in-my-spring-project.
Since you're only mentioning the need for contents of the properties file, you could use plain old java.util.ResourceBundle (or, if you need more flexibility, Apache Commons' org.apache.commons.configuration.PropertiesConfiguration).
(One could also argue that requiring access to configuration in your tags indicates a design problem...)

NamespaceHandler in spring

What is a NamespaceHandler? What is the need to write our custom NamespaceHandler?
Please explain me the significance of NamespaceHandler. Provide me Any links on internet.
It handles specific XML tags found inside a file, such as <log:return />, which is the return tag inside the log namespace.
The best reference is often the Javadoc.
It is useful if you want to use your custom XML tags in an XML configuration:
http://www.theserverside.com/news/1364131/Authoring-Custom-Namespaces-in-Spring-20
If you have a framework and want to add Spring integration to your framework, it could be useful. In that case it would be more important to define the equivalent annotations.

Spring Design By Contract: where to start?

I am trying to put a "Contract" on a method call. My web application is in Spring 3.
Is writing customs Annotations the right way to go. If so, any pointers( I didn't find anything in spring reference docs).
Should I use tools like "Modern Jass", JML ...? Again any pointers will be useful.
Thanks
Using Spring EL and Spring security could get you most of the way. Spring security defines the #PreAuthorize annotation which is fired before method invocation and allows you to use Spring 3's new expression engine, such as:
#PreAuthorize("#customerId > 0")
public Customer getCustomer(int customerId) { .. }
or far more advanced rules like the following which ensures that the passed user does not have role ADMIN.
#PreAuthorize("#user.role != T(com.company.Role).ADMIN)")
public void saveUser(User user) { .. }
You can also provide default values for your contract with the #Value annotation
public Customer getCustomer(#Value("#{434}") int customerId) { .. }
You can even reference system properties in your value expressions.
Setting up Spring security for this purpose is not to hard as you can just create a UserDetailsService that grants some default role to all users. Alternatively you could make you own custom Spring aspect and then let this use the SpelExpressionParser to check method values.
if you don't mind writing some parts of your Java web application in Groovy (which is possible with Spring) I would suggest using GContracts.
GContracts is a Design by Contract (tm) library entirely written in Java - without any dependencies to other libraries - and has full support for class invariants, pre- and postconditions and inheritance of those assertions.
Contracts for Java which is based on Modern Jass is one way to write contracts.
http://code.google.com/p/cofoja/
As per the writing of this reply, this is pretty basic. Hopefully this will improve as we go on.
I didn't find an ideal solution to this, interestingly it is a planned feature for the Spring framework (2.0 implemented patch):
http://jira.springframework.org/browse/SPR-2698
The best thing I suggest to use JSR 303 which is for bean validation. AFAIK there are two implementations for this:
Agimatec Validations
Hibernate Validator
There's a guide here for integrating it into Spring, I haven't followed it through but it looks ok:
http://blog.jteam.nl/2009/08/04/bean-validation-integrating-jsr-303-with-spring/
I personally recommend C4J for 2 reasons:
It has Eclipse plugin so you don't need to manually configure it.
The documentation is written in a clear, structured format so you can easily use it.
Her's the link to C4J

why is jax-ws spring service reference prefixed with #, as in ws:service bean="#myService"

I've developed a web service with jax-ws and Spring using the tutorials at the jax-ws commons website. It shows you how to define and reference your service from your spring applicationContext file (https://jax-ws-commons.dev.java.net/spring/).
What is the reason for the "#" when referencing the web service? I would expect to see something more like
<ws:service name="myEventWS" ref="eventWebService"/>
but following example at the above link I created the following which works.
<bean id="eventWebService" class="com.myws.EventWS">
<property name="model" ref="EventModel"/>
</bean>
<wss:binding url="/EventWS">
<wss:service>
<ws:service bean="#eventWebService"/>
</wss:service>
</wss:binding>
<ws:service> is using a custom configuration namespace, which is a feature of Spring which allow you to express complex bean graphs using simpler namespace. The meaning and interpretation of these custom namespaces is down to the implementation in question, in this case the JAX-WS-Commons project. It seems the authors of that decided that bean=#eventWebService means what you refer to as ref="eventWebService".
I don't know whay they did it that way, maybe they thought it was more readable... maybe they thought that bean=eventWebService (without the hash) means a name, rather than a reference... I don't know. The documentation isn't very clear either.
Either way, I'm pretty sure sure it's not a core Spring syntax, nor a convention that I've seen before.
the "#" tells the bean that it's not a class, but rather a ref.
HTH
#eventWebService refers to the bean of type EventWebService (according to the default Spring naming convention when bean is is not specified).

Resources