Hi Sergey, I've added some improvements to demo and protocol implementation. I hope this time build will be fine.
Cheers, Lukasz 2010/8/13 Sergey Beryozkin <[email protected]> > Hi Łukasz > > I can see the merges flowing :-), I'll be reviewing your work tonight; > > to the list : we've exchanged few private emails to do with build issues I > was encountering and Łukasz > addressed them fast; we also agreed that for the initial phase making a > demo easy to understand and build upon was the main goal... > > cheers, Sergey > > 2010/8/5 Sergey Beryozkin <[email protected]> > > > Hi Łukasz > > > > can you please fix checkstyle errors in the demo... > > Re the callback uri : I think one of the providers on the server is > > configured with the callback URI > > > > thanks, Sergey > > > > > > 2010/8/2 Łukasz Moreń <[email protected]> > > > > > > >> > Please update the demo so that the consume > >> > >> registers itself, plus supplies a callback itself with a request token > >> > request > >> > >> > >> callback url is passed in this request, however this request is done in > >> backend through URLConnection so it's not visible at UI. > >> > >> Cheers, Lukasz > >> > >> W dniu 2 sierpnia 2010 13:36 użytkownik Łukasz Moreń < > >> [email protected] > >> > napisał: > >> > >> > Hi, > >> > I've committed changes I've made: > >> > - added possibility to register new OAuth client applications at OAuth > >> > server > >> > - OAuth demos moved to distribution\src\main\samples\ > >> > - added README to OAuth demos > >> > - fixes in pom.xml files > >> > > >> > - fix the checkstyle errors and move the demo to the > >> > > >> > ""distribution/src/main/release/samples/"" area and also add Readme; > >> after > >> > > >> > building the distribution (mvn install in trunk/distribution) you can > >> >> easily > >> > > >> > verify the demo can be run by locating in the target. > >> > > >> > > >> > fixed that, and added readme > >> > > >> > > >> >> - add the oauth dependency in the parent pom so that the rs/oauth > >> module > >> >> can > >> > > >> > depend on it without specifying a version and have the demo client > >> module > >> > > >> > depending on rt/rs/oauth module instead (similarly to the server one) > >> > > >> > > >> > done, hovewer demo client don't need to depend on rt/rs/oauth as it > >> doesn't > >> > use cxf functionality, just on oauth libraries > >> > > >> > > >> >> - during the main build please use the Spring version CXF depends > upon > >> and > >> > > >> > use its -Pspring3 profile to build for the deployment into GAE > >> > > >> > > >> > changed, both client and server demos needs to be build with -Pspring3 > >> for > >> > local jetty run and GAE as well. > >> > Otherwise I would need use different spring config files for spring > 2.5 > >> and > >> > 3.0.x > >> > > >> > Cheers, Lukasz > >> > > >> > W dniu 29 lipca 2010 21:15 użytkownik Sergey Beryozkin < > >> > [email protected]> napisał: > >> > > >> > Hi > >> >> > >> >> 2010/7/29 Łukasz Moreń <[email protected]> > >> >> > >> >> > Hi, > >> >> > > >> >> > I'm still working on refactoring and changes in demo you suggested. > >> >> > I will likely update it tomorrow. > >> >> > > >> >> > I'll likely ask for some modifications but perhaps if you could > start > >> >> with > >> >> > > updating the demo > >> >> > > >> >> > such that a consumer initiates its own registration with the OAuth > >> >> server. > >> >> > > >> >> > > >> >> > I'm going to put high effort on my GSoC project next weeks. I would > >> >> really > >> >> > appreciate, > >> >> > if you would have some more modifications requests/directions which > >> >> project > >> >> > should go, as you have limited time next week > >> >> > and current changes will not take long. > >> >> > > >> >> > From what I'm seeing, I need to cover spec with code, simplify > >> >> > configuration > >> >> > and do more testing. > >> >> > > >> >> > > >> >> I have to sign off now...Please update the demo so that the consumer > >> >> registers itself, plus supplies a callback itself with a request > token > >> >> request, add README and it would let users start experimenting. IMHO > >> the > >> >> initial phase can be considered complete once there's a demo there > >> which > >> >> can > >> >> show users what they need to do. > >> >> > >> >> We can then discuss things further > >> >> > >> >> cheers, Sergey > >> >> > >> >> > >> >> > >> >> > Cheers, > >> >> > Lukasz > >> >> > > >> >> > 2010/7/29 Daniel Kulp <[email protected]> > >> >> > > >> >> > > > >> >> > > You probably just need to change your deps to: > >> >> > > > >> >> > > geronimo-servlet_3.0_spec > >> >> > > > >> >> > > > >> >> > > Dan > >> >> > > > >> >> > > > >> >> > > On Thursday 29 July 2010 3:35:57 pm Sergey Beryozkin wrote: > >> >> > > > Hi Lucasz > >> >> > > > > >> >> > > > I can't build the oauth sandbox project, seeing > >> >> > > > [ERROR] FATAL ERROR > >> >> > > > [INFO] > >> >> > > > > >> >> > > >> ------------------------------------------------------------------------ > >> >> > > > [INFO] Error building POM (may not be this project's POM). > >> >> > > > > >> >> > > > > >> >> > > > Project ID: org.apache.cxf:cxf-rt-rs-oauth > >> >> > > > POM Location: > >> >> > > > > /home/sberyozkin/work/cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml > >> >> > > > Validation Messages: > >> >> > > > > >> >> > > > [0] 'dependencies.dependency.version' is missing for > >> >> > > > org.apache.geronimo.specs:geronimo-servlet_2.5_spec:jar > >> >> > > > > >> >> > > > > >> >> > > > Reason: Failed to validate POM for project > >> >> > org.apache.cxf:cxf-rt-rs-oauth > >> >> > > > at > >> /home/sberyozkin/work/cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml > >> >> > > > > >> >> > > > so I can not review the latest merge, sorry. I could've tried > to > >> fix > >> >> > this > >> >> > > > issue but I'm not sure if you're finished with the refactoring > >> just > >> >> > yet. > >> >> > > > I'll be travelling tomorrow and I'll have some very limited > time > >> >> during > >> >> > > the > >> >> > > > evenings next week but I'll try to provide some feedback at > least > >> >> > > > > >> >> > > > cheers, Sergey > >> >> > > > > >> >> > > > > >> >> > > > 2010/7/26 Sergey Beryozkin <[email protected]> > >> >> > > > > >> >> > > > > Hi Łukasz > >> >> > > > > > >> >> > > > > 2010/7/26 Łukasz Moreń <[email protected]> > >> >> > > > > > >> >> > > > > Hi Sergey, > >> >> > > > > > >> >> > > > >> I'm really sorry for such commit, I know it shouldn't > happen. > >> I > >> >> > turned > >> >> > > > >> off checkstyle as i couldn't configure it properly on > intellij > >> >> and > >> >> > it > >> >> > > > >> was annoying during development. > >> >> > > > >> I will apply proper changes ASAP. > >> >> > > > >> > >> >> > > > >> no worries at all, I've broken the real builds with > checkstyle > >> >> > errors > >> >> > > so > >> >> > > > > > >> >> > > > > many times and it is the CXF sandbox after :-) > >> >> > > > > > >> >> > > > >> According to the demo, I built it as usual web-app, if it > >> worked, > >> >> > use > >> >> > > > >> this same sources to deploy on GAE. > >> >> > > > >> However because of GAE restrictions it always needs minor > >> changes > >> >> > > > >> before deploy, i.e. GAE can't read configuration files such > >> as: > >> >> > > > >> cxf-extension-http.xml > >> >> > > > >> from jars, so I copied it to WEB-INF folder. > >> >> > > > >> Commited to svn version does not depend on GAE SDK and can > be > >> run > >> >> > > > >> locally with jetty:run. > >> >> > > > >> > >> >> > > > >> Yes, I warned about server configuration part:). I will take > >> care > >> >> to > >> >> > > > >> make it simpler. > >> >> > > > > > >> >> > > > > I do not think it is too complicated - the simplification can > >> be > >> >> done > >> >> > > > > once the whole flow is sound... > >> >> > > > > > >> >> > > > >> So far, oauth consumer properties are hardcoded and injected > >> into > >> >> > > > >> oauth provider, as I think it is not oauth library > >> responsibility > >> >> to > >> >> > > > >> deal with consumer registration. > >> >> > > > >> Hovewer for demo it would be good to have something like > that. > >> I > >> >> > would > >> >> > > > >> do registration form at the server as it is done by current > >> big > >> >> > oauth > >> >> > > > >> implementations. > >> >> > > > > > >> >> > > > > I agree that conceptually the registration of consumers is a > >> >> separate > >> >> > > > > issue. But it is part of the solution that users will be > >> >> eventually > >> >> > > > > offering so just showing them that the consumers have to go > and > >> >> > > register > >> >> > > > > themselves with help people with coming up with some custom > >> >> > > registration > >> >> > > > > forms, etc. The registration does not have to be done at the > >> >> server > >> >> > > > > hosting the resource, it is just important for the OAuth > >> provider > >> >> be > >> >> > > > > able to get to the consumer details. I'm fine with assuming > at > >> the > >> >> > > > > moment that the registration handler is collocated with the > >> >> > > > > endpoints/providers enforcing OAuth flow. > >> >> > > > > > >> >> > > > > But the callback uri which is being injected at the moment > >> should > >> >> go > >> >> > > > > anyway given that it is part of the actual flow, > specifically, > >> the > >> >> > > > > consumer provides it during the request token request > >> >> > > > > > >> >> > > > >> Recently I've noticed that Camel have done oauth client as > >> >> well:): > >> >> > > > >> http://camel.apache.org/tutorial-oauth.html > >> >> > > > >> > >> >> > > > >> Thanks much for review, and hints. > >> >> > > > > > >> >> > > > > thanks for your effort :-) > >> >> > > > > > >> >> > > > > Sergey > >> >> > > > > > >> >> > > > >> Cheers, > >> >> > > > >> Lukasz > >> >> > > > >> > >> >> > > > >> 2010/7/24 Sergey Beryozkin <[email protected]>: > >> >> > > > >> > Hi Łukasz > >> >> > > > >> > > >> >> > > > >> > Sorry for a delay, I should've come back earlier to you. > >> >> > > > >> > > >> >> > > > >> > I've run the demo hosted at the app engine and I think > from > >> the > >> >> > > > >> > >> >> > > > >> education > >> >> > > > >> > >> >> > > > >> > point of view it is a good demo and it is handy one does > not > >> >> even > >> >> > > has > >> >> > > > >> > to build anything in order to try it. > >> >> > > > >> > > >> >> > > > >> > I've had a problem building the rt/rs/oauth tests - > there's > >> a > >> >> > bunch > >> >> > > of > >> >> > > > >> > CheckStyle errors. Can you please build sandbox/oauth_1.0a > >> from > >> >> > the > >> >> > > > >> > >> >> > > > >> trunk, > >> >> > > > >> > >> >> > > > >> > just do 'mvn install -Pfastinstall' and then do 'mvn > >> install' > >> >> from > >> >> > > > >> > >> >> > > > >> rt/rs/ ? > >> >> > > > >> > >> >> > > > >> > One other thing, please move the demo to > >> >> > > > >> > "distribution/src/main/release/samples/" as well add > Readme > >> to > >> >> it. > >> >> > > > >> > > >> >> > > > >> > Also I can not build the demo too, the client build fails > >> with > >> >> the > >> >> > > > >> > >> >> > > > >> following > >> >> > > > >> > >> >> > > > >> > dependency missing > >> >> > > > >> > 1) net.oauth.core:oauth-consumer:jar:20100527 > >> >> > > > >> > > >> >> > > > >> > But I'm seeing an oauth repo in the rt/rs/oauth pom, have > >> you > >> >> > built > >> >> > > it > >> >> > > > >> > >> >> > > > >> in > >> >> > > > >> > >> >> > > > >> > the GAE dev environment ? > >> >> > > > >> > > >> >> > > > >> > Can you please spend a bit of time on cleaning the build a > >> bit > >> >> : > >> >> > > > >> > - fix the checkstyle errors and move the demo to the > >> >> > > > >> > ""distribution/src/main/release/samples/"" area and also > add > >> >> > Readme; > >> >> > > > >> > >> >> > > > >> after > >> >> > > > >> > >> >> > > > >> > building the distribution (mvn install in > >> trunk/distribution) > >> >> you > >> >> > > can > >> >> > > > >> > >> >> > > > >> easily > >> >> > > > >> > >> >> > > > >> > verify the demo can be run by locating in the target. > >> >> > > > >> > - add the oauth dependency in the parent pom so that the > >> >> rs/oauth > >> >> > > > >> > module > >> >> > > > >> > >> >> > > > >> can > >> >> > > > >> > >> >> > > > >> > depend on it without specifying a version and have the > demo > >> >> client > >> >> > > > >> > >> >> > > > >> module > >> >> > > > >> > >> >> > > > >> > depending on rt/rs/oauth module instead (similarly to the > >> >> server > >> >> > > one) > >> >> > > > >> > - during the main build please use the Spring version CXF > >> >> depends > >> >> > > upon > >> >> > > > >> > >> >> > > > >> and > >> >> > > > >> > >> >> > > > >> > use its -Pspring3 profile to build for the deployment into > >> GAE > >> >> > > > >> > > >> >> > > > >> > As far as the demo is concerned. I looked at the server > part > >> >> and > >> >> > it > >> >> > > > >> > >> >> > > > >> looks > >> >> > > > >> > >> >> > > > >> > complicated enough :-) but I think it makes sense to me. > >> I'll > >> >> > likely > >> >> > > > >> > ask > >> >> > > > >> > >> >> > > > >> for > >> >> > > > >> > >> >> > > > >> > some modifications but perhaps if you could start with > >> updating > >> >> > the > >> >> > > > >> > demo such that a consumer initiates its own registration > >> with > >> >> the > >> >> > > > >> > OAuth > >> >> > > > >> > >> >> > > > >> server : > >> >> > > > >> > I can see at the moment an oauth provider is injected with > >> some > >> >> > > sample > >> >> > > > >> > consumer properties. I'm not sure what is the best way to > do > >> it > >> >> : > >> >> > > may > >> >> > > > >> > be > >> >> > > > >> > >> >> > > > >> the > >> >> > > > >> > >> >> > > > >> > server can return a registration form or the client can > just > >> >> push > >> >> > > the > >> >> > > > >> > registration info itself. > >> >> > > > >> > > >> >> > > > >> > Overall I think it is a good progress indeed especially > >> given > >> >> the > >> >> > > > >> > >> >> > > > >> complexity > >> >> > > > >> > >> >> > > > >> > of the whole effort. > >> >> > > > >> > > >> >> > > > >> > > >> >> > > > >> > > >> >> > > > >> > thanks, Sergey > >> >> > > > >> > > >> >> > > > >> > On Wed, Jul 14, 2010 at 10:14 PM, Łukasz Moreń < > >> >> > > [email protected] > >> >> > > > >> > > >> >> > > > >> >wrote: > >> >> > > > >> >> Hi all, > >> >> > > > >> >> > >> >> > > > >> >> I have managed to create two sample OAuth aplications: > >> >> > > > >> >> ordinary OAuth 1.0a client: > >> >> http://www.oauthclient.appspot.com > >> >> > > > >> >> and authorization server that uses CXF OAuth module: > >> >> > > > >> >> http://www.cxfoauthserver.appspot.com > >> >> > > > >> >> > >> >> > > > >> >> Both sample applications and changes in oauth library are > >> >> > commited > >> >> > > in > >> >> > > > >> >> sandbox. > >> >> > > > >> >> > >> >> > > > >> >> OAuth configuration in sample authorization server app > >> looks a > >> >> > bit > >> >> > > > >> >> awfully but I think most of that can be hidden and done > out > >> of > >> >> > > band. > >> >> > > > >> >> There is still some areas in specification not covered by > >> >> > > > >> >> implementation, so I would like to take care of that in > >> next > >> >> > steps. > >> >> > > > >> >> > >> >> > > > >> >> Thanks in advance for some feedback. > >> >> > > > >> >> > >> >> > > > >> >> Cheers, > >> >> > > > >> >> Lukasz > >> >> > > > >> >> > > -- > >> >> > > Daniel Kulp > >> >> > > [email protected] > >> >> > > http://dankulp.com/blog > >> >> > > > >> >> > > >> >> > >> > > >> > > >> > > > > >
