Comments for Bogdan Mocanu

Comment on Access Spring context from static methods by Liviu Tudor

Liviu Tudor — Thu, 03 May 2012 15:22:46 +0000

Thanks for the code and spring configs – just what I needed!
Keep up the good work!

Comment on Combining JUnit Theories/Parameterized tests with Spring by Henrik Kaipe

Henrik Kaipe — Wed, 15 Feb 2012 23:00:17 +0000

If you use CallbackParams (instead of Parameterized) you can use the annotation …

@WrappedRunner(SpringJUnit4ClassRunner.class)

… and you will have a parameterized Spring-test with transaction support.

An example test-class can be found here:
http://callbackparams.svn.sourceforge.net/viewvc/callbackparams/trunk/junit4-tests/src/test/java/org/callbackparams/junit4/integration/TestSpringTransaction.java?revision=88&view=markup

Comment on Combining JUnit Theories/Parameterized tests with Spring by Jan Goyvaerts

Jan Goyvaerts — Thu, 05 Jan 2012 09:08:51 +0000

Many thanks for sharing this !

Unfortunately it doesn’t work when transactions are involved. Found this (http://www.javathinking.com/2011/09/junit-parameterized-test-with-spring-autowiring-and-transactions/) however which does work for transactions too.

Comment on OAuth 2-legged model with Spring Security by Thusitha

Thusitha — Sun, 01 Jan 2012 21:42:49 +0000

Thanks for your implementation of two legged approach.
ConsumerBasedAuthenticationHandler class was the most important bit to me..Thanks for that.I think Oauth2.0 will be released soon.I think it will offload some complexity with Oauth 1.0..
Thanks very much

Comment on Client for OAuth with Spring Security by Bogdan

Bogdan — Sun, 04 Dec 2011 18:53:30 +0000

Well, there is not much of a project to share other than what I copy pasted in the article. I used the Sparklr application as the OAuth enabled server. The client is composed of just one java class (the client) and the POM xml file (since it is a maven project). These 2 files are already in the article.

Comment on Client for OAuth with Spring Security by tatoo

tatoo — Fri, 02 Dec 2011 10:30:36 +0000

Could you share the entirely code project?

Comment on OAuth 2-legged model with Spring Security by Bogdan

Bogdan — Sun, 20 Nov 2011 13:12:54 +0000

Thank you all for the comments on this article. Because this article contains an incorrect explanation of the OAuth 2Legged mode, I wrote a newer and (I hope) better article on this subject, available here: http://bmocanu.ro/coding/409/client-for-oauth-with-spring-security/.

Comment on Client for OAuth with Spring Security by OAuth 2-legged model with Spring Security « Bogdan Mocanu | Coding

OAuth 2-legged model with Spring Security « Bogdan Mocanu | Coding — Sun, 20 Nov 2011 13:10:32 +0000

[...] mode of the OAuth protocol. Thanks to all the people that commented on this article, I wrote a new article, where the 2Legged mode is (I hope) better explained and where a better client for OAuth is implemented. This article is left here for historical [...]

Comment on OAuth 2-legged model with Spring Security by Client for OAuth with Spring Security « Bogdan Mocanu | Coding

Client for OAuth with Spring Security « Bogdan Mocanu | Coding — Sun, 20 Nov 2011 12:53:15 +0000

[...] one year ago I wrote an article in which I described how can one implement a client and a server that uses the OAuth security [...]

Comment on OAuth 2-legged model with Spring Security by Muhammad Yousaf

Muhammad Yousaf — Mon, 14 Nov 2011 20:01:46 +0000

Following are the changes I have made to make it OAuth 2 legged implementation

package com.sequent.resources;

import java.util.HashMap;
import java.util.Map;

import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.oauth.common.OAuthException;
import org.springframework.security.oauth.common.signature.SharedConsumerSecret;
import org.springframework.security.oauth.provider.BaseConsumerDetails;
import org.springframework.security.oauth.provider.ConsumerDetails;
import org.springframework.security.oauth.provider.ConsumerDetailsService;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;

public class ConsumerDetailsServiceImpl implements ConsumerDetailsService, UserDetailsService {

private Map consumers;

public ConsumerDetailsServiceImpl() {
consumers = new HashMap();
consumers.put( “consumer-k1″, createConsumerDetails( “consumer-k1″, “consumer-n1″, “consumer-secret1″ ) );
consumers.put( “consumer-k2″, createConsumerDetails( “consumer-k2″, “consumer-n2″, “consumer-secret2″ ) );
}

private ConsumerDetails createConsumerDetails( String consumerKey, String consumerName, String consumerSecret ) {
SharedConsumerSecret secret = new SharedConsumerSecret( consumerSecret );

BaseConsumerDetails bcd = new BaseConsumerDetails();
bcd.setConsumerKey( consumerKey );
bcd.setConsumerName( consumerName );
bcd.setSignatureSecret( secret );
bcd.setAuthorities( new GrantedAuthority[] { new GrantedAuthorityImpl( “ROLE_OAUTH_USER” ) } );

// set this to false to enable the 2legged OAuth model
// see http://spring-security-oauth.codehaus.org/twolegged.html
bcd.setRequiredToObtainAuthenticatedToken( false );

return bcd;
}

@Override
public ConsumerDetails loadConsumerByConsumerKey( String key ) throws OAuthException {
System.out.println( “Request received to find consumer for consumerKey=[" + key + "]” );
ConsumerDetails consumer = consumers.get( key );
if ( consumer == null ) {
System.out.println( “Result: No consumer found for [" + key + "]” );
throw new OAuthException( “No consumer found for key ” + key );
}

System.out.println( “Result: Found consumer [" + consumer.getConsumerName() + "]” );
return consumer;
}

@Override
public UserDetails loadUserByUsername( String username ) throws UsernameNotFoundException, DataAccessException {
throw new UnsupportedOperationException();
}

}

————————————————————————
web.xml
———————————————————————–

springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy

springSecurityFilterChain
/*

org.springframework.web.context.ContextLoaderListener

—————————————————————————
applicationContext.xml
—————————————————————————

————————————————————————-
Client Test
————————————————————————–
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.Arrays;

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.io.IOUtils;
import org.springframework.security.oauth.common.signature.SharedConsumerSecret;
import org.springframework.security.oauth.common.signature.SignatureSecret;
import org.springframework.security.oauth.consumer.BaseProtectedResourceDetails;
import org.springframework.security.oauth.consumer.CoreOAuthConsumerSupport;
import org.springframework.security.oauth.consumer.OAuthConsumerSupport;
import org.springframework.security.oauth.consumer.OAuthRequestFailedException;
import org.springframework.security.oauth.consumer.ProtectedResourceDetails;
import org.springframework.security.oauth.consumer.ProtectedResourceDetailsService;
import org.springframework.security.oauth.consumer.net.DefaultOAuthURLStreamHandlerFactory;
import org.springframework.security.oauth.consumer.token.OAuthConsumerToken;

public class ApiConsumer {

private static final String SERVER_URL = “http://localhost:8080/sequent-api-public”;

private static final String SERVER_URL_RESOURCE = SERVER_URL + “/sqms/v1/walletmetadata/getTermsOfUse”;

private static final String CONSUMER_KEY = “consumer-k1″;
private static final String CONSUMER_SECRET = “consumer-secret1″;
private static final String SIGNATURE_METHOD = “HMAC-SHA1″;

private static final String RESOURCE_ID = “PublicApi”;
private static OAuthConsumerSupport consumerSupport;

public static void main( String[] args ) throws HttpException, IOException {
CoreOAuthConsumerSupport localConsumerSupport = new CoreOAuthConsumerSupport();
localConsumerSupport.setStreamHandlerFactory( new DefaultOAuthURLStreamHandlerFactory() );
localConsumerSupport.setProtectedResourceDetailsService( new ProtectedResourceDetailsService() {

@Override
public ProtectedResourceDetails loadProtectedResourceDetailsById( String id ) throws IllegalArgumentException {
SignatureSecret secret = new SharedConsumerSecret( CONSUMER_SECRET );

BaseProtectedResourceDetails result = new BaseProtectedResourceDetails();
result.setConsumerKey( CONSUMER_KEY );
result.setSharedSecret( secret );
result.setSignatureMethod( SIGNATURE_METHOD );
result.setUse10a( false );
return result;
}
} );

consumerSupport = localConsumerSupport;

getProtectedResource();
}

public static void getProtectedResource() throws OAuthRequestFailedException, IOException {
System.out.println( “OAUTH: Getting protected resource” );

OAuthConsumerToken accessToken = new OAuthConsumerToken();
accessToken.setResourceId(RESOURCE_ID);
InputStream is = consumerSupport.readProtectedResource( new URL( SERVER_URL_RESOURCE ), accessToken, “GET” );
ByteArrayOutputStream baos = new ByteArrayOutputStream();
IOUtils.copy( is, baos );
is.close();
baos.close();

System.out.println( “OAUTH: Resource : ” + new String( Arrays.copyOf( baos.toByteArray(), 30 ) ) );
}

}