Devoxx 2012 Java Social JSR it' alive university

Transcript

1. Java Social JSR, It’s Alive Antoine Sabot-Durand Java EE Expert,

   Architect Ippon Technologies @antoine_sd Werner Keil Build Manager, DevOps Expert, Agile Coach Maersk Line @wernerkeil mardi 13 novembre 12

2. Antoine Sabot-Durand • Java EE expert at Ippon Technologies •

   Architect and Tech consultant • 16 years in IT • Java & OSS : • Agorava technical leader • Apache Deltaspike Commiter • Member of l’EG CDI 1.1(JSR 346) • @antoine_sd 2 mardi 13 novembre 12

3. • Consultant – Coach • Creative Cosmopolitan • Open Source

   Evangelist • Software Architect • Java Godfather • JCP Executive Committee Member • Eclipse UOMo Project Lead • DevOps Guy Werner Keil - Bio 3 mardi 13 novembre 12

4. Agenda • Episode I : History – JSR 357 Rise

   and Fall • The precursors • From Seam Social to JSR 357 • What went Wrong? • Episode II : Standards in Social Media • The standards part • The non standard part • So what would be a Java Standard for Social Media ? 4 mardi 13 novembre 12

5. Agenda (2) • Espisode III : The Agorava Project •

   Agorava Demo • From JSR 357 to Agorava • Agorava architecture • Extending Agorava • Related JSR : Security & identity • Differences from other APIs and Frameworks • Episode IV: Agorava, the technical parts • Jackson Mapping Mixin • CDI in Agorava 0.5 • JsonSchema2Pojo • JAX-RS 2.0 client Framework in Agorava 1.0 • Episode V : Demo and Q&A 5 mardi 13 novembre 12

6. Episode I JSR 357 Rise and Fall mardi 13 novembre

   12

7. Before JSR 357 (Java Social) 7 mardi 13 novembre 12

8. Twitter4j 8 • Twitter4J is an unofficial Java library for

   the Twitter API. With Twitter4J, you can easily integrate your Java application with Twitter. • Its author, Yusuke Yamamoto used to work at Twitter. While he did, he was briefly meant to represent Twitter in the Social JSR EG. • It’s light and based on Java 1.4 to be integrated in mobile app for instance mardi 13 novembre 12

9. Scribe Java • Scribe is java framework that provides basic

   OAuth function • It also contains configuration for a lot of Social Media • Only one dependency on Apache Common Codec • At the heart of Agorava 0.5 9 mardi 13 novembre 12

10. DaliCore – CMS • More than a CMS → DaliCore

    • Adds functionality common to users, content and permissions on top of Java EE 6. • Focus on Users and Permissions. • In about every project that uses DaliCore, users should be able to login with existing credentials (Facebook, Twitter, Google Connect,...) • Dali modules extend DaliCore 10 mardi 13 novembre 12

11. Spring Social • Spring social that inspired Seam Social and

    Agorava and is more mature • Spring Social module were used to create first agorava modules (thanks to OSS and ASL2) • But it’s Spring only module.... 11 mardi 13 novembre 12

12. And then the JSR 357 was proposed • In march

    2012 on Werner Keil initiative, Java Social was submitted to the JCP to become a JSR • It proposed to standardized access to Social Media in Java • It was voted down by 8 votes against 5 12 mardi 13 novembre 12

13. What went Wrong? (Feedback from vote) 13 mardi 13 novembre

    12

14. Too Broad ? 14 Maybe... mardi 13 novembre 12

15. Too Soon? 15 Lack of real POC... mardi 13 novembre

    12

16. It can’t be standardized? 16 FALSE mardi 13 novembre 12

17. Episode II Standards in Social Media mardi 13 novembre 12

18. Standard part in social media 18 • All social medias

    use REST as transmission protocol • Most of them transmit data in JSON format and some in XML • Identification & Authentication are almost always based on OAuth protocol mardi 13 novembre 12

19. REST • REpresentational State Transfer : Requests about resource representation

    (customer, book, order) • REST is based on low level HTTP concepts • Each resource has a unique identifier (an URI). 4 HTTP verbs can be applied to a uri : GET, POST, PUT, DELETE • Java has a standard to deal with REST: JAX-RS. Version 1.0 doesn’t provide client API yet. JAX-RS 2.0 will provide one 19 mardi 13 novembre 12

20. 1: { 2: "firstName": "John", 3: "lastName" : "Smith", 4:

    "age" : 25, 5: "address" : 6: { 7: "streetAddress": "21 2nd Street", 8: "city" : "New York", 9: "state" : "NY", 10: "postalCode" : "10021" 11: }, 12: "phoneNumber": 13: [ 14: { 15: "type" : "home", 16: "number": "212 555-1234" 17: }, 18: { 19: "type" : "fax", 20: "number": "646 555-4567" 21: } 22: ] 23: } JSON Javascript Object Notation : This data format comes from Javascript. It became a standard for online services including Social Media. 20 mardi 13 novembre 12

21. OAuth • OAuth is a protocol to delegate rights for

    an application to act on the behalf of an user who granted its rights without giving awayher login / password • Developped by Twitter, Magnolia and Google, it was made standard by IETF in april 2010 under RFC 5849 • Version 2.0, simpler to use but often citicised by its too many implementation s was standardized in October 2012 under RFC 6749 and 6750. It’s already used by many actors (Facebook, Google, Microsoft) • All social Media are based on OAuth 1.0a or 2.0. • To use OAuth, one has to create an application on the targeted service to have an entry point for consumer 21 mardi 13 novembre 12

22. OAuth has 3 step 22 • Creating an application in

    the OAuth Social Media service • Initialization : the right granting phase also called the OAuth Dance. At the end of the dance we obtain an access token (formed by a public and secret part) use in next step • Signature : each request is signed with access token and token identifying the OAuth application that was granted the rights mardi 13 novembre 12

23. OAuth Step 1 : Create an application 23 mardi 13

    novembre 12

24. OAuth : application settings 24 mardi 13 novembre 12

25. The OAuth 1.0a «Dance» 25 Consuming service server Social Media

    Service (where OAuth application is declared) user mardi 13 novembre 12

26. The OAuth 1.0a «Dance» 25 1 client asks for a

    resource on the consuming service Consuming service server Social Media Service (where OAuth application is declared) user mardi 13 novembre 12

27. The OAuth 1.0a «Dance» 25 1 2 client asks for

    a resource on the consuming service Consuming service server Social Media Service (where OAuth application is declared) Consuming service ask a request token tot he Social Media (using OAuth application keys). It also send a callback url user mardi 13 novembre 12

28. The OAuth 1.0a «Dance» 25 1 2 3 client asks

    for a resource on the consuming service Consuming service server Social Media Service (where OAuth application is declared) token is returned by SM Consuming service ask a request token tot he Social Media (using OAuth application keys). It also send a callback url user mardi 13 novembre 12

29. The OAuth 1.0a «Dance» 25 1 2 3 client asks

    for a resource on the consuming service Consuming service server Social Media Service (where OAuth application is declared) Consuming service redirect user on the social media login page token is returned by SM 4 Consuming service ask a request token tot he Social Media (using OAuth application keys). It also send a callback url user mardi 13 novembre 12

30. The OAuth 1.0a «Dance» 25 1 2 3 client asks

    for a resource on the consuming service Consuming service server Social Media Service (where OAuth application is declared) Consuming service redirect user on the social media login page token is returned by SM 4 5 Consuming service ask a request token tot he Social Media (using OAuth application keys). It also send a callback url Once authenticated, social media redirects user on call back url with a verification code user mardi 13 novembre 12

31. The OAuth 1.0a «Dance» 25 1 2 3 client asks

    for a resource on the consuming service Consuming service server Social Media Service (where OAuth application is declared) Consuming service redirect user on the social media login page token is returned by SM 4 5 Consuming service ask a request token tot he Social Media (using OAuth application keys). It also send a callback url Once authenticated, social media redirects user on call back url with a verification code 6 with the code and request token consuming service request an access token user mardi 13 novembre 12

32. The OAuth 1.0a «Dance» 25 1 2 3 client asks

    for a resource on the consuming service Consuming service server Social Media Service (where OAuth application is declared) Consuming service redirect user on the social media login page token is returned by SM 4 5 Consuming service ask a request token tot he Social Media (using OAuth application keys). It also send a callback url Once authenticated, social media redirects user on call back url with a verification code 6 with the code and request token consuming service request an access token 7 Social media returns Access token user mardi 13 novembre 12

33. The OAuth 2.0 «Dance» now in SSL 26 Consuming service

    server Social Media Service (where OAuth application is declared) user mardi 13 novembre 12

34. The OAuth 2.0 «Dance» now in SSL 26 1 client

    asks for a resource on the consuming service SSL is mandatory Consuming service server Social Media Service (where OAuth application is declared) user mardi 13 novembre 12

35. The OAuth 2.0 «Dance» now in SSL 26 1 client

    asks for a resource on the consuming service SSL is mandatory Consuming service server Social Media Service (where OAuth application is declared) Consuming service redirect user on the social media login page user 2 mardi 13 novembre 12

36. The OAuth 2.0 «Dance» now in SSL 26 1 client

    asks for a resource on the consuming service SSL is mandatory Consuming service server Social Media Service (where OAuth application is declared) Consuming service redirect user on the social media login page Once authenticated, social media redirects user on call back url with a verification code user 2 3 mardi 13 novembre 12

37. The OAuth 2.0 «Dance» now in SSL 26 1 client

    asks for a resource on the consuming service SSL is mandatory Consuming service server Social Media Service (where OAuth application is declared) Consuming service redirect user on the social media login page Once authenticated, social media redirects user on call back url with a verification code with the code and request token consuming service request an access token user 2 3 4 mardi 13 novembre 12

38. The OAuth 2.0 «Dance» now in SSL 26 1 client

    asks for a resource on the consuming service SSL is mandatory Consuming service server Social Media Service (where OAuth application is declared) Consuming service redirect user on the social media login page Once authenticated, social media redirects user on call back url with a verification code with the code and request token consuming service request an access token Social media returns Access token user 2 3 4 5 mardi 13 novembre 12

39. OAuth Signature : original request 27 mardi 13 novembre 12

40. OAuth Signature : original request 27 POST /1/statuses/update.json?include_entities=true HTTP/1.1 Accept:

    */* Connection: close User-Agent: OAuth gem v0.4.4 Content-Type: application/x-www-form-urlencoded Content-Length: 76 Host: api.twitter.com status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth %20request%21 mardi 13 novembre 12

41. OAuth Signature : request & OAuth params 28 mardi 13

    novembre 12

42. OAuth Signature : request & OAuth params 28 status Hello

    Ladies + Gentlemen, a signed OAuth request! include_entities true oauth_consumer_key xvz1evFS4wEEPTGEFPHBog oauth_nonce kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg oauth_signature_method HMAC-SHA1 oauth_timestamp 1318622958 oauth_token 370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb oauth_version 1.0 mardi 13 novembre 12

43. OAuth Signature : parameter string 29 mardi 13 novembre 12

44. OAuth Signature : parameter string 29 include_entities=true&oauth_consumer_key=xvz1evFS4wEEPTGEFP HBog&oauth_nonce=kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg &oauth_signature_method=HMAC- SHA1&oauth_timestamp=1318622958&oauth_token=370773112-

    GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb&oauth_version=1.0& status=Hello%20Ladies%20%2B%20Gentlemen%2C%20a%20signed %20OAuth%20request%21 mardi 13 novembre 12

45. OAuth Signature : Base String 30 mardi 13 novembre 12

46. OAuth Signature : Base String 30 POST&https%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.json&include_entities%3Dtrue%26oauth_consumer_key %3Dxvz1evFS4wEEPTGEFPHBog%26oauth_nonce %3DkYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg

    %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1318622958%26oauth_token%3D370773112- GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb%26oauth_version %3D1.0%26status%3DHello%2520Ladies%2520%252B%2520Gentlemen %252C%2520a%2520signed%2520OAuth%2520request%2521 mardi 13 novembre 12

47. OAuth Signing key 31 mardi 13 novembre 12

48. OAuth Signing key 31 VQ5CZHG4qUoAkUUmckPn4iN4yyjBKcORTW0wnok4r1k& LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE Application consumer key secret

    part Access Token secret part mardi 13 novembre 12

49. OAuth Signature : Signed request 32 mardi 13 novembre 12

50. OAuth Signature : Signed request 32 POST /1/statuses/update.json?include_entities=true HTTP/1.1 Accept:

    */* Connection: close User-Agent: OAuth gem v0.4.4 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog", oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1318622958", oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb", oauth_version="1.0" Content-Length: 76 Host: api.twitter.com status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21 mardi 13 novembre 12

51. The non Standard parts 33 • Non standard identity management

    or any other API across Social Media • More than that. There is no Social Media that Guarantee : • Its API won’t change for a given period • backward compatibility when its API change mardi 13 novembre 12

52. • A basic heart providing basic services : • OAuth

    and Rest request • Multi Social Media connexions • Polymorphic services to enforce standard on social Media • Connector definition for Social module • So this standard would be a kind Java Social Connector definition standard So what would be a standard for Social ? 34 mardi 13 novembre 12

53. Socializer Demo mardi 13 novembre 12

54. Episode III Agorava Project mardi 13 novembre 12

55. From JSR 357 to Agorava 37 • Before Agorava there

    was Seam Social part of Seam 3 JBoss project • In begining of 2012, Seam was stopped to be merged in Apache DeltaSpike • Agorava was born mainly from Seam Social after JSR 357 attempt • One of it’s goals is to be the missing POC for a new Java Social JSR mardi 13 novembre 12

56. Linked concept Security and Identity • Identity, Privacy and Trust

    • Identity attributes are properties of a digital subject • A digital subject is a digital representation of an entity that is an actor or target of a digital operation. • Privacy is the degree to which the availability of an entity’s identity attributes can be controlled • Trust is an evaluation of the reliability of a representation of a digital subject • An identity is a set of identity attributes that distinguish an entity 38 mardi 13 novembre 12

57. Identity for Social Media • Java Identity API (JSR 351)

    goals for Social Media • Attribute Service composed of attribute providers • specification will define contracts to facilitate repository integrations by third parties. • Reference Implementation will provide some specific integrations including those provided by contributors to Open Source project; Facebook, Twitter, and LinkedIn will be among the identity repositories considered for integration within the reference integration, as will their associated programming interfaces and protocols, including Facebook Connect, Google-ID and OAuth 2.0. 39 mardi 13 novembre 12

58. Facebook JSR 351 Example – Agent 56 @Named("Facebook") public class

    FacebookRepositoryAgent implements RepositoryAgent { public AttributeRepository getAttributeRepository(String repositoryName) { TableIdentifier tID = null; AttributeRepository rvalue = null; try { tID = FacebookTableID.valueOf(repositoryName); rvalue = repositoryTable.get(tID); } catch (IllegalArgumentException iae) { } if (rvalue == null) { rvalue = new FacebookAttributeRepository(new RepositoryDescriptor(FacebookRepositoryAgent.class,tID.name())); repositoryTable.put(tID,rvalue); } return rvalue; } mardi 13 novembre 12

59. Facebook JSR 351 Example – Repository 57 public class FacebookAttributeRepository

    implements AttributeRepository { private RepositoryDescriptor _repositoryDescriptor; private ProviderLookupContext _context; FacebookLookupService _lookupService; public FacebookAttributeRepository(RepositoryDescriptor descriptor) { _repositoryDescriptor = descriptor; _context = new ProviderLookupContext(descriptor); _lookupService = new FacebookLookupService(this); } public RepositoryDescriptor getRepositoryDescriptor() { return _repositoryDescriptor; } […] public IDPredicate and(IDPredicate ... predicates) { return new FacebookPredicate(_context, IDBooleanOperator.and, predicates); } mardi 13 novembre 12

60. Facebook JSR 351 Example – Connect 58 JSONObject graphValues =

    getResponseValues(graphResponse); user = (String) graphValues.get(userPropertyName); Iterator<String> it = graphValues.keys(); while (it.hasNext()) { String key = it.next(); final URI id = new URI(userInfoEndpoint + "/" + key); final Collection<String> names = new ArrayList<String>(); final Object value = graphValues.get(key); final IDAttributeValue attributeValue = new IDAttributeValue() { public Serializable getValue() { return (Serializable) value; } public Collection getValues() { return Collections.EMPTY_LIST; } }; } mardi 13 novembre 12

61. Agorava Goals 43 • Provides generics services across different Social

    Media (identification, Post, etc...) • Dynamic discovery of Social Media modules (core detect what modules are available at startup) • Managing multiple Social Media connection at the same time • Provides high level services (and binding) to interact with Social Media mardi 13 novembre 12

62. Agorava 0.5 Macro architecture • Agorava core is the «smart

    part» of the framework • Modules are mainly REST API and JSON mapping • Today Agorava has a CDI implementation only • On the roadmap we plan to provide : • full Java SE support • JSR 330 (Guice and/or Spring) support 44 Agorava Core API Java SE Impl CDI impl @Inject impl Guice impl Spring impl Twitter Module LinkedIn Module Facebook Module Social Media X module mardi 13 novembre 12

63. Agorava core API architecture 45 +getMyProfile() +resetConnection() +isConnected() +getVerifierParamName() +getSocialMediaName()

    «interface» api. SocialMediaApiHub +getToken() +getSecret() «interface» api.oauth. OAuthToken +getApiKey() +getApiSecret() +getCallback() +getScope() +getSocialMediaName() «interface» api.oauth. OAuthAppSettings +getRequestToken() +getAccessToken(OAuthToken, String) +signRequest(OAuthToken, OAuthRequest) +getVersion() +getAuthorizationUrl(OAuthToken) +requestFactory(RestVerb, String) +tokenFactory(String, String) «interface» api.oauth. OAuthProvider +getFullName() +getProfileImageUrl() +equals(Object) api. UserProfile +isConnected() +getType() +get(String, Class) +get(String, Class, Object[n]) +post(String, Map, Class) +post(String, Object, Object[n]) +put(String, Object, Object[n]) +delete(String) +setRequestHeader(Map) «interface» api.rest. RestService +getRequestToken() +setRequestToken(OAuthToken) +getAccessToken() +setAccessToken(OAuthToken) +getVerifier() +setVerifier(String) +setUserProfile(UserProfile) +getUserProfile() +getServiceQualifier() +isConnected() +getName() «interface» api.oauth. OAuthSession +getService() +getSession() «interface» api.oauth. OAuthServiceAware +send() +addHeader(String, String) +addBodyParameter(String, String) +addBodyParameters(Map) +addQuerystringParameter(String, String) +addPayload(String) +getQueryStringParams() +getBodyParams() +getUrl() +getSanitizedUrl() +getBodyContents() +getVerb() +getHeaders() +setConnectTimeout(int, TimeUnit) +setReadTimeout(int, TimeUnit) +getCompleteUrl() +addPayload(byte[n]) +getCharset() +setCharset(String) +setConnectionKeepAlive(boolean) «interface» api.rest. RestRequest +addOAuthParameter(String, String) +getOauthParameters() «interface» api.oauth. OAuthRequest +buildUri(String, String, String) +buildUri(String, Map) +buildUri(String) +buildUri(String, Object) cdi. AbstractSocialMediaApi +getAccessToken() +getAuthorizationUrl() +getVerifier() +initAccessToken() +sendSignedRequest(RestVerb, String) +sendSignedRequest(RestVerb, String, Map) +sendSignedRequest(RestVerb, String, String, Object) +setVerifier(String) +setAccessToken(String, String) +setAccessToken(OAuthToken) +sendSignedXmlRequest(RestVerb, String, String) +getSession() +sendSignedRequest(OAuthRequest) +get(String, Class, boolean) «interface» api.oauth. OAuthService mardi 13 novembre 12

64. Main classes 46 +getMyProfile() +resetConnection() +isConnected() +getVerifierParamName() +getSocialMediaName() «interface» api.

    SocialMediaApiHub +getApiKey() +getApiSecret() +getCallback() +getScope() +getSocialMediaName() «interface» api.oauth. OAuthAppSettings +getRequestToken() +getAccessToken(OAuthToken, String) +signRequest(OAuthToken, OAuthRequest) +getVersion() +getAuthorizationUrl(OAuthToken) +requestFactory(RestVerb, String) +tokenFactory(String, String) «interface» api.oauth. OAuthProvider +getRequestToken() +setRequestToken(OAuthToken) +getAccessToken() +setAccessToken(OAuthToken) +getVerifier() +setVerifier(String) +setUserProfile(UserProfile) +getUserProfile() +getServiceQualifier() +isConnected() +getName() «interface» api.oauth. OAuthSession +buildUri(String, String, String) +buildUri(String, Map) +buildUri(String) +buildUri(String, Object) cdi. AbstractSocialMediaApi +getAccessToken() +getAuthorizationUrl() +getVerifier() +initAccessToken() +sendSignedRequest(RestVerb, String) +sendSignedRequest(RestVerb, String, Map) +sendSignedRequest(RestVerb, String, String, Object) +setVerifier(String) +setAccessToken(String, String) +setAccessToken(OAuthToken) +sendSignedXmlRequest(RestVerb, String, String) +getSession() +sendSignedRequest(OAuthRequest) +get(String, Class, boolean) «interface» api.oauth. OAuthService mardi 13 novembre 12

65. OAuth configuration 47 • OAuthAppSettings contains needed infos to start

    the OAuth Dance : • Public and private keys of OAuth application • Callback URL • OAuth 2.0 scope • Name of the Social Media to which these settings are related public interface OAuthAppSettings { public String getApiKey(); public String getApiSecret(); public String getCallback(); public String getScope(); public String getSocialMediaName(); } mardi 13 novembre 12

66. OAuth support 48 • OAuthProvider provides OAuth support. Its implementation

    uses OAuthAppSettings to get initatilized • There one can : • Create a RequestToken • Get the URL to start connexion • Get the Acces Token • Create OAuth signature public interface OAuthProvider { public OAuthToken getRequestToken(); public OAuthToken getAccessToken(OAuthToken tok, String ver); public void signRequest(OAuthToken tok, OAuthRequest req); public String getVersion(); public String getAuthorizationUrl(OAuthToken requestToken); public OAuthRequest requestFactory(RestVerb v, String uri); public OAuthToken tokenFactory(String token, String secret); } mardi 13 novembre 12

67. Rest calls with OAuthService 49 • OAuthService uses OAuthProvider to

    create and sign requests. It provides higher level services : • Integration of user OAuth session • Management of OAuth life cycle • Sending simple Rest Request • Sending signed Rest Request public interface OAuthService extends RestService { public OAuthToken getAccessToken(); public String getAuthorizationUrl(); public String getVerifier(); public void initAccessToken(); public RestResponse sendSignedRequest(RestVerb verb, String uri); public RestResponse sendSignedRequest(RestVerb verb, String uri, Map<String, ?> params); public RestResponse sendSignedRequest(RestVerb verb, String uri, String key, Object value); public void setVerifier(String verifierStr); public void setAccessToken(String token, String secret); public void setAccessToken(OAuthToken token); public RestResponse sendSignedXmlRequest(RestVerb verb, String uri, String payload); public OAuthSession getSession(); public RestResponse sendSignedRequest(OAuthRequest request); <T> T get(String uri, Class<T> clazz, boolean signed); } mardi 13 novembre 12

68. High level API root : AbstractSocialMediaApi 50 • AbstractSocialMediaApi is

    the root for each family of API in a given social media module • Some services provides more than ten API families (for instance Twitter) • So we need a concept to gather these families mardi 13 novembre 12

69. API families Hubs with SocialMediaApiHub 51 • Hubs are here

    to : • Provide a gathering class for all API families of a given service • Be the entry point of generic functionalities across different Social Media • They also are the entry point of Social Media configuration public interface SocialMediaApiHub extends OAuthServiceAware, Serializable { public UserProfile getMyProfile(); public void resetConnection(); public boolean isConnected(); public String getVerifierParamName(); public String getSocialMediaName(); } mardi 13 novembre 12

70. OAuthSession contains user specific infos • OAuthSession contains data to

    handle the user part of an OAuth connexion : • RequestToken • Verifier • And last but not least AccessToken • OAuthSession keeps alos track of connected user identity 52 public interface OAuthSession extends Serializable { public OAuthToken getRequestToken(); public void setRequestToken(OAuthToken requestToken); public OAuthToken getAccessToken(); public void setAccessToken(OAuthToken accessToken); public String getVerifier(); public void setVerifier(String verifier); public void setUserProfile(UserProfile userProfile); public UserProfile getUserProfile(); public Annotation getServiceQualifier(); public boolean isConnected(); } mardi 13 novembre 12

71. Bootstraping Twitter in CDI Impl 53 Thanks to Generic Beans

    extension this producer create 4 beans with different scopes. By default OAuth app settings are read in agorava.properties file +getAccessToken() +getAuthorizationUrl() +getVerifier() +initAccessToken() +sendSignedRequest(RestVerb, String) +sendSignedRequest(RestVerb, String, Map) +sendSignedRequest(RestVerb, String, String, Object) +setVerifier(String) +setAccessToken(String, String) +setAccessToken(OAuthToken) +sendSignedXmlRequest(RestVerb, String, String) +getSession() +sendSignedRequest(OAuthRequest) +get(String, Class, boolean) «interface» api.oauth. OAuthService +getRequestToken() +setRequestToken(OAuthToken) +getAccessToken() +setAccessToken(OAuthToken) +getVerifier() +setVerifier(String) +setUserProfile(UserProfile) +getUserProfile() +getServiceQualifier() +isConnected() +getName() «interface» api.oauth. OAuthSession +getRequestToken() +getAccessToken(OAuthToken, String) +signRequest(OAuthToken, OAuthRequest) +getVersion() +getAuthorizationUrl(OAuthToken) +requestFactory(RestVerb, String) +tokenFactory(String, String) «interface» api.oauth. OAuthProvider @Twitter @ApplicationScoped @OAuthApplication @Produces public SocialMediaApiHub OAuthSettinsProducer(TwitterServicesHub service) { return service; } +getMyProfile() +resetConnection() +isConnected() +getVerifierParamName() +getSocialMediaName() «interface» api. SocialMediaApiHub @Twitter @ApplicationScoped @Twitter @ApplicationScoped @Twitter @SessionScoped @Twitter @ApplicationScoped mardi 13 novembre 12

72. Create a new Agorava module 54 • To create a

    new module for Agorava 0.5, you have to : • Create a Qualifier (annotation) tagued with @ServiceRelated meta annotation • Create a low level API class containing basic endpoints to the new Social service. The class should use the same name as qualifier • Extend AbstractSocialMediaApi to create the root class for all API families of the new Social Media • Extend AbstractSocialMediaApiHub to gather Api families and implements generic services • At minima create Service class to deal with user profile in the new service mardi 13 novembre 12

73. Episode IV Technologies in Agorava mardi 13 novembre 12

74. Jackson mardi 13 novembre 12

75. Jackson • JSON to Pojo binding • A JAX-B like

    solution for JSON • Works with JAX-B anotations • Provides also Json parsing tools • Provides an elegant solution : the Mixin to configure mapping outside of the pojo 57 mardi 13 novembre 12

76. Mixin Example 58 public class Trend { private final String

    name; private final String query; public Trend(String name, String query) { this.name = name; this.query = query; } public String getName() { return name; } public String getQuery() { return query; } } @JsonIgnoreProperties(ignoreUnknown = true) abstract class TrendMixin { @JsonCreator TrendMixin(@JsonProperty("name") String name, @JsonProperty("query") String query) { } } mardi 13 novembre 12

77. Module configuration is needed to use mixin 59 class TwitterModule

    extends SimpleModule { public TwitterModule() { super("TwitterModule", new Version(1, 0, 0, null)); } @Override public void setupModule(SetupContext context) { context.setMixInAnnotations(TwitterProfile.class, TwitterProfileMixin.class); context.setMixInAnnotations(SavedSearch.class, SavedSearchMixin.class); context.setMixInAnnotations(Trend.class, TrendMixin.class); } } ObjectMapper objectMapper = new ObjectMapper(); objectMapper.registerModule(new TwitterModule); mardi 13 novembre 12

78. CDI mardi 13 novembre 12

79. Simple dependency injection 61 @ApplicationScoped public class JsonMapperJackson implements JsonMapper

    { ... } public class OAuthServiceImpl implements OAuthService { ... @Inject protected JsonMapper jsonService; ... } mardi 13 novembre 12

80. Qualified Injection 62 @Qualifier @ServiceRelated @Target({TYPE, METHOD, PARAMETER, FIELD}) @Retention(RUNTIME)

    @Documented public @interface Twitter { } public abstract class TwitterBaseService extends AbstractSocialMediaApi { ... @Inject @Twitter private OAuthService service; ... } mardi 13 novembre 12

81. Producer 63 @ApplicationScoped public class JsonMapperJackson implements JsonMapper { @Produces

    private final ObjectMapper objectMapper = new ObjectMapper(); ... } public class GraphApiImpl extends FacebookBaseService implements GraphApi { @Inject private ObjectMapper objectMapper; ... } mardi 13 novembre 12

82. Programatic injection 64 public class OAuthServiceImpl implements OAuthService { @Inject

    @Any private Instance<OAuthProvider> providers; ... protected Annotation qualifier; ... private OAuthProvider getProvider() { return providers.select(getQualifier()).get(); } ... } mardi 13 novembre 12

83. Programmatic injection for Mixin 65 @Inject @Any protected Instance<Module> moduleInstances;

    ... @PostConstruct protected void init() { for (Module module : moduleInstances) { registerModule(module); } } @Twitter class TwitterModule extends SimpleModule { ... } @Facebook class FacebookModule extends SimpleModule { ... } @ServiceX class ServiceXModule extends SimpleModule { ... } mardi 13 novembre 12

84. Context & context Mixup 66 @SessionScoped public class MultiSessionManagerImpl implements

    MultiSessionManager, Serializable { @Produces @Named @Current private OAuthSession currentSession; public String initNewSession(String servType) { Annotation qualifier = getServicesToQualifier().get(servType); setCurrentSession(new OAuthSessionImpl(qualifier)); return getCurrentService().getAuthorizationUrl(); } } @ApplicationScoped public class OAuthServiceImpl implements OAuthService { @Inject @Any protected Instance<OAuthSession> sessionInstances; ... } mardi 13 novembre 12

85. Decorator 67 @Decorator public abstract class TwitterTLServiceDecorator implements TwitterTimelineService {

    @Inject @Delegate @Any private TwitterTimelineService delegate; @Override public Tweet updateStatus(String status) { System.out.println("*** In Decorator ***"); delegate.updateStatus(status + "decorated" ); } } mardi 13 novembre 12

86. Events 68 public class OAuthServiceImpl implements OAuthService { ... @Inject

    @Any private Event<OAuthComplete> completeEventProducer; ... public synchronized void initAccessToken() { session.setAccessToken(getProvider().getAccessToken(getRequestToken(), session.getVerifier())); Event<OAuthComplete> event = completeEventProducer.select(getQualifier()); event.fire(new OAuthComplete(SocialEvent.Status.SUCCESS, "", session)); } } public class FacebookServicesHub extends AbstractSocialMediaApiHub { ... @Inject Instance<FacebookBaseService> services; ... public void initMyProfile(@Observes @Facebook OAuthComplete oauthComplete) { if (oauthComplete.getStatus() == Status.SUCCESS) oauthComplete.getEventData().setUserProfile(services.select(UserServiceImpl.class).get().getUserProfile()); } ... } mardi 13 novembre 12

87. CDI extensions mardi 13 novembre 12

88. CDI Extensions why ? • An extension allows to •

    Create beans or injection points • modify beans or injection points • Cancel beans creation • More generally to analyse all beans and change them before the application is launch 70 mardi 13 novembre 12

89. Understanding extensions 71 • Once the application is running, bean

    manager is immutable (no dynamic bean in CDI) • Extensions will be launch when the application is launch • Extensions are also Beans mardi 13 novembre 12

90. CDI Lifecycle 72 Deploy Application Before Bean Discovery Process Producers

    Process Anotated Types Scan Archive Application Running After Deployment Validation Before Shutdown Undeploy Application Process Beans After Bean Discovery Process Injection Taget Process Observer Methods mardi 13 novembre 12

91. To create an extension 73 • Create a class which

    implements Extension • Add one or more method that Observes CDI lifecycle steps to modify Bean Manager content • Add this file in classpath META-INF/services/javax.enterprise.inject.spi.Extension in which you add qualified name of the extension class mardi 13 novembre 12

92. Simple Example : @Veto 74 <X> void processAnnotatedType(@Observes final ProcessAnnotatedType<X>

    pat, BeanManager beanManager) { final AnnotatedType<X> annotatedType = pat.getAnnotatedType(); final Class<X> javaClass = annotatedType.getJavaClass(); final Package pkg = javaClass.getPackage(); // Support for @Veto if (annotatedType.isAnnotationPresent(Veto.class) || (pkg != null && pkg.isAnnotationPresent(Veto.class))) { pat.veto(); log.info("Preventing " + javaClass + " from being installed as bean due to @Veto annotation"); return; } } mardi 13 novembre 12

93. New technologies in version 1.0 • JAX-RS 2.0 client framework

    • Development has just started • It will deprecated Java Scribe in Agorava • OAuth filters has to be written for this client • Json 2 pojo schema • An easy way to generate pojo from Json • Demo 75 mardi 13 novembre 12

94. Major API Evolution in version 1.0 76 public interface HasUpdate

    { public boolean sendUpdate(String message); } public interface HasTimeline { public List<String> getTimeLine(); public List<String> getTimeLine(Date from, Date to); public List<String> getTimeLine(String fromId); } public class FacebookServicesHub extends AbstractSocialMediaApiHub implements HasUpdate, HasTimeline @Inject @Any Instance<HasUpdate> updatables; ... for (HasUpdate updatable : updatables) { updatable.sendUpdate(msg); } mardi 13 novembre 12

95. Q&A mardi 13 novembre 12

96. • Agorava Project: http://agorava.org • Follow us http://twitter.com/agoravaproj • Fork

    Agorava http://github.com/agorava Links mardi 13 novembre 12

97. • DaliCore: http://java.net/projects/dalicore/ • Oracle SocialLink: http://java.net/projects/sociallink • JSR 351

    Identity API: http://java.net/projects/identity-api-spec • Nobis JSR 351 RI: http://java.net/projects/nobis/ Links mardi 13 novembre 12