Home Coding Wiki
RSS
 

Archive for the ‘Spring’ Category

Client for OAuth with Spring Security

20 Nov

About one year ago I wrote an article in which I described how can one implement a client and a server that uses the OAuth security protocol. The implementation was using Spring Security and a plugin for OAuth. The article was intended to focus on the 2Legged flavor of the OAuth 1.0 protocol. However, because of a misunderstanding from my part, that article is just a normal OAuth 1.0 implementation of Client and Server, with a small hack for the second step. Thanks to all the people that commented on that article, I was able to understand how the 2Legged mode should work.

Therefore, this article presents a small client application that uses both the normal OAuth 1.0 mode and the 2Legged mode (also know as “signed fetch”) for accessing a protected resource. Read the rest of this entry »

 
3 Comments

Posted in Spring, Technology

 

Unit testing with Spring – a bad mix

20 Mar

There has been a discussion recently, on the JUnit group, about doing unit testing with Spring. The arguments provided in the answers to that question reminded me of a problem that we faced in the project that I am currently working on: the usage of Spring for unit tests was a bad idea. Let me tell you how we started, and why we got to realise that it is not good to mix the well-known framework in the unit tests. Read the rest of this entry »

 
4 Comments

Posted in Spring, Unit testing

 

Ehcache event listeners as Spring beans

02 Feb

When working with Ehcache and Spring, one might get to the point where he/she needs to implement cache event listeners: objects that are observing the cache and want to be notified by the cache when an element is put, removed or expires in/from the cache. However, Ehcache has a requirement that for each such listener you need to write 2 classes: a cache listener factory and the actual cache listener. Moreover, Ehcache takes care by itself of the instantiations of the factory and the listeners, so if one wants to have the listeners as Spring beans and have some other beans autowired in one’s listeners, then there is certainly a problem. Here is a solution to this problem. Read the rest of this entry »

 
No Comments

Posted in Spring

 

Access Spring context from static methods

22 Jan

In this post I will present a very simple example that attempts to access an existing Spring application context from a class that has nothing to do with the Spring context. For example from a static method of a class. This is, of course, quite trivial, but I might make use of this little technique in some next posts about Spring, so I think it is due to first start with this small example.

Therefore, what I want to do is to have an up-and-running application context, and access the beans in that context from a static method. The best approach is to never have to do this. In an ideal case, all your classes are Spring beans, and therefore subjects to autowiring and dependency injection. However, from time to time you need to write a completely independent class, that needs to access some Spring beans. Read the rest of this entry »

 
2 Comments

Posted in Spring

 

Combining JUnit Theories/Parameterized tests with Spring

07 Jul

In almost any project that is using Spring, you get to the point where the Spring’s dependency injection mechanism is required also for unit tests. Combining this with JUnit leads one to the usage of the SpringJUnit4Runner to enable the initialization of the Spring context, as well as the autowiring of various beans in the test object that is just being executed.

However, for more specialized unit testing purposes, such as implementing parameterized tests or theories, one must use a specialized runner (Parameterized and Theories, respectively). This, of course, gets in conflict with Spring, which needs to use it’s own runner. JUnit does not support multiple runners for the same unit test (and except for the Spring runner, all the other runners are pretty excluding one another so it kind of makes sense to allow only one runner at a time). Read the rest of this entry »

 
8 Comments

Posted in Spring

 

OAuth 2-legged model with Spring Security

14 May

This article contains incorrect information about the 2Legged mode of the OAuth protocol. Thanks to all the people that commented on this article, I wrote a new article, where the 2Legged mode is (I hope) better explained and where a better client for OAuth is implemented. This article is left here for historical references and in order to keep the valuable comments that were added to it.

The OAuth protocol has two models that can be implemented. First, the 3legged model involves all the steps described by the RFC and it is generally used when the authentication of the user is involved in the process (this case is the most common). A very good example of implementing this form of the protocol is composed of the two applications (Sparklr and Tonr) that are delivered with the OAuth plugin for Spring Security source.

The second model is the 2legged model, where the second step of the process (the one where the user is presented with a login page from the server, and he/she needs to log in and then authorize the access to the protected resource) is skipped, on the reason that the client has an additional level of trust, and therefore it is sufficient the exchange and authorization of tokens (this is clearly incorrect; the 2Legged mode means that instead of having 3 parties involved, one has only 2: the provider and the consumer; read this for a better explanation), without the need for the user to authenticate itself.

In this article I will present how one can implement the server and the client for leveraging this flavor of the OAuth protocol. Read the rest of this entry »

 
19 Comments

Posted in Spring