OAuth2 Server tapestry implementation

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

OAuth2 Server tapestry implementation

abangkis
Hi, is there a Tapestry module for OAuth2 Server available?

I'm currently looking at Apache Oltu to create a OAuth2 Server.

Regards.

--
http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
twitter : @mreunionlabs @abangkis
page : https://plus.google.com/104168782385184990771
Reply | Threaded
Open this post in threaded view
|

Re: OAuth2 Server tapestry implementation

duymap
On Tue, Mar 22, 2016 at 6:14 PM, abangkis <[hidden email]> wrote:

> Hi, is there a Tapestry module for OAuth2 Server available?
>
==> Hi, my understanding so far there is no tapestry library for oauth2.
You have to integrate spring-tapestry security from tynamo project and
integrate spring oauth2. But this is a little bit tricky to do. However, if
you understand principle of oauth2, I don't think it's too tough to
implement oauth2 mechanism yourself:

- define a page ( URL ) and receive a "redirect" param
- a page should have form to login require user input username and password
- since user input correct username and password, generate token and expire
date. Store token and expire date in database.
- you can use jwt ( json web token ) library to generate token based on
timestamp + username as seed.
- Then you redirect to URL that you received via "redirect" param plus with
token and expire date.

- You can use apache oltu and integrate it to tapestry, it will help you to
reduce effort to redirect, generating token, expire date....

Hope this help.


>
> I'm currently looking at Apache Oltu to create a OAuth2 Server.
>
> Regards.
>
> --
> http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
> twitter : @mreunionlabs @abangkis
> page : https://plus.google.com/104168782385184990771
>



--
Chung Khánh Duy
Project Support Manager
Formos
Reply | Threaded
Open this post in threaded view
|

Re: OAuth2 Server tapestry implementation

Thiago H de Paula Figueiredo
On Tue, 22 Mar 2016 10:38:15 -0300, Chung Khanh Duy  
<[hidden email]> wrote:

> On Tue, Mar 22, 2016 at 6:14 PM, abangkis <[hidden email]> wrote:
>
>> Hi, is there a Tapestry module for OAuth2 Server available?
>>
> ==> Hi, my understanding so far there is no tapestry library for oauth2.

I'm sorry, but I think you're wrong. Check  
http://www.tynamo.org/tynamo-federatedaccounts/.

--
Thiago H. de Paula Figueiredo
Tapestry, Java and Hibernate consultant and developer
http://machina.com.br

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: OAuth2 Server tapestry implementation

Thiago H de Paula Figueiredo
On Tue, 22 Mar 2016 12:14:56 -0300, Thiago H de Paula Figueiredo  
<[hidden email]> wrote:

> On Tue, 22 Mar 2016 10:38:15 -0300, Chung Khanh Duy  
> <[hidden email]> wrote:
>
>> On Tue, Mar 22, 2016 at 6:14 PM, abangkis <[hidden email]> wrote:
>>
>>> Hi, is there a Tapestry module for OAuth2 Server available?
>>>
>> ==> Hi, my understanding so far there is no tapestry library for oauth2.
>
> I'm sorry, but I think you're wrong. Check  
> http://www.tynamo.org/tynamo-federatedaccounts/.

I'm sorry, here's a better link with documentation and examples:  
http://www.tynamo.org/tynamo-federatedaccounts+guide/

--
Thiago H. de Paula Figueiredo
Tapestry, Java and Hibernate consultant and developer
http://machina.com.br

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: OAuth2 Server tapestry implementation

Prakash Manjeshwar
In reply to this post by Thiago H de Paula Figueiredo
I think, original question was about an OAuth *server implementation *as
there was reference to Apache Oltu.

Is Tynamo not a client only solution ?



---
Prakash


On 22 March 2016 at 20:44, Thiago H de Paula Figueiredo <[hidden email]>
wrote:

> On Tue, 22 Mar 2016 10:38:15 -0300, Chung Khanh Duy <
> [hidden email]> wrote:
>
> On Tue, Mar 22, 2016 at 6:14 PM, abangkis <[hidden email]> wrote:
>>
>> Hi, is there a Tapestry module for OAuth2 Server available?
>>>
>>> ==> Hi, my understanding so far there is no tapestry library for oauth2.
>>
>
> I'm sorry, but I think you're wrong. Check
> http://www.tynamo.org/tynamo-federatedaccounts/.
>
> --
> Thiago H. de Paula Figueiredo
> Tapestry, Java and Hibernate consultant and developer
> http://machina.com.br
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: OAuth2 Server tapestry implementation

Thiago H de Paula Figueiredo
On Tue, 22 Mar 2016 12:27:59 -0300, Prakash Manjeshwar  
<[hidden email]> wrote:

> I think, original question was about an OAuth *server implementation *as
> there was reference to Apache Oltu.

Oh, I'm sorry. I read the message too quickly and I didn't notice the  
"server" part. (facepalm).

Thanks for the shout out to Oltu. I didn't know about it and it seems  
pretty interesting. It shouldn't be hard to integrate it into a Tapestry  
application.

> Is Tynamo not a client only solution ?

Yes.

--
Thiago H. de Paula Figueiredo
Tapestry, Java and Hibernate consultant and developer
http://machina.com.br

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: OAuth2 Server tapestry implementation

Prakash Manjeshwar
My OAuth know-how is very limited. Nevertheless, following links might
help...



https://gist.github.com/sody/1324553/f4a12ce37f65b96b98c98921ab9caff7d6d5d037

http://docs.spring.io/spring-social/docs/1.0.x/reference/html/implementing.html

http://docs.spring.io/spring-social/docs/1.0.x/reference/html/overview.html#table-spring-social-modules



---
Regards,
Prakash


On 22 March 2016 at 21:06, Thiago H de Paula Figueiredo <[hidden email]>
wrote:

> On Tue, 22 Mar 2016 12:27:59 -0300, Prakash Manjeshwar <
> [hidden email]> wrote:
>
> I think, original question was about an OAuth *server implementation *as
>> there was reference to Apache Oltu.
>>
>
> Oh, I'm sorry. I read the message too quickly and I didn't notice the
> "server" part. (facepalm).
>
> Thanks for the shout out to Oltu. I didn't know about it and it seems
> pretty interesting. It shouldn't be hard to integrate it into a Tapestry
> application.
>
> Is Tynamo not a client only solution ?
>>
>
> Yes.
>
>
> --
> Thiago H. de Paula Figueiredo
> Tapestry, Java and Hibernate consultant and developer
> http://machina.com.br
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: OAuth2 Server tapestry implementation

abangkis
In reply to this post by duymap
Hi, thanks alot for the hints. I've been trying to do the steps but with
servlet. Since the example mostly in servlet/jax-ws. Maybe I should do it
with Tapestry directly.

On Tue, Mar 22, 2016 at 8:38 PM, Chung Khanh Duy <
[hidden email]> wrote:

> On Tue, Mar 22, 2016 at 6:14 PM, abangkis <[hidden email]> wrote:
>
> > Hi, is there a Tapestry module for OAuth2 Server available?
> >
> ==> Hi, my understanding so far there is no tapestry library for oauth2.
> You have to integrate spring-tapestry security from tynamo project and
> integrate spring oauth2. But this is a little bit tricky to do. However, if
> you understand principle of oauth2, I don't think it's too tough to
> implement oauth2 mechanism yourself:
>
> - define a page ( URL ) and receive a "redirect" param
> - a page should have form to login require user input username and password
> - since user input correct username and password, generate token and expire
> date. Store token and expire date in database.
> - you can use jwt ( json web token ) library to generate token based on
> timestamp + username as seed.
> - Then you redirect to URL that you received via "redirect" param plus with
> token and expire date.
>
> - You can use apache oltu and integrate it to tapestry, it will help you to
> reduce effort to redirect, generating token, expire date....
>
> Hope this help.
>
>
> >
> > I'm currently looking at Apache Oltu to create a OAuth2 Server.
> >
> > Regards.
> >
> > --
> > http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
> > twitter : @mreunionlabs @abangkis
> > page : https://plus.google.com/104168782385184990771
> >
>
>
>
> --
> Chung Khánh Duy
> Project Support Manager
> Formos
>



--
http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
twitter : @mreunionlabs @abangkis
page : https://plus.google.com/104168782385184990771
Reply | Threaded
Open this post in threaded view
|

Re: OAuth2 Server tapestry implementation

abangkis
In reply to this post by Prakash Manjeshwar
Hi all, thanks for the response. Yes, it's the server Implementation :)

I don't think i would integrate spring social, since I don't use spring.
Been tinkering with the servlet implementation of OAuth2, turn out the
effort is greater than I previously think (probably because I don't
understand OAuth2 that well). So i think I'm going to lower the priority of
using OAuth2 for now.

Thanks everyone :)

On Tue, Mar 22, 2016 at 10:46 PM, Prakash Manjeshwar <[hidden email]
> wrote:

> My OAuth know-how is very limited. Nevertheless, following links might
> help...
>
>
>
>
> https://gist.github.com/sody/1324553/f4a12ce37f65b96b98c98921ab9caff7d6d5d037
>
>
> http://docs.spring.io/spring-social/docs/1.0.x/reference/html/implementing.html
>
>
> http://docs.spring.io/spring-social/docs/1.0.x/reference/html/overview.html#table-spring-social-modules
>
>
>
> ---
> Regards,
> Prakash
>
>
> On 22 March 2016 at 21:06, Thiago H de Paula Figueiredo <
> [hidden email]>
> wrote:
>
> > On Tue, 22 Mar 2016 12:27:59 -0300, Prakash Manjeshwar <
> > [hidden email]> wrote:
> >
> > I think, original question was about an OAuth *server implementation *as
> >> there was reference to Apache Oltu.
> >>
> >
> > Oh, I'm sorry. I read the message too quickly and I didn't notice the
> > "server" part. (facepalm).
> >
> > Thanks for the shout out to Oltu. I didn't know about it and it seems
> > pretty interesting. It shouldn't be hard to integrate it into a Tapestry
> > application.
> >
> > Is Tynamo not a client only solution ?
> >>
> >
> > Yes.
> >
> >
> > --
> > Thiago H. de Paula Figueiredo
> > Tapestry, Java and Hibernate consultant and developer
> > http://machina.com.br
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [hidden email]
> > For additional commands, e-mail: [hidden email]
> >
> >
>



--
http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
twitter : @mreunionlabs @abangkis
page : https://plus.google.com/104168782385184990771
Reply | Threaded
Open this post in threaded view
|

Re: OAuth2 Server tapestry implementation

Kalle Korhonen-2
Adapting the code from Oltu's integration tests (e.g. see
https://github.com/apache/oltu/blob/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/AuthzEndpoint.java),
it should be relatively simple to implement Oauth authorization & resource
servers as JAX-RS endpoints with Tynamo's tapestry-resteasy (
http://www.tynamo.org/tapestry-resteasy+guide/). Tynamo-federatedaccounts
can certainly be used as a a client to your own server with some
customization. It's not too difficult, but previous knowledge on basic
Oauth workflow and JAX-RS is required. I'd love to make this much simpler
really but there are lots and lots of options how you want things to behave
so one size doesn't fit all.

One of the more interesting things in authorization space I've been working
on lately is invoking an Oauth request with a third-party authorization
server from an Ember client, then validating the access token through my
own service, federating it with a local account and finally returning JWTs
for sessionless *and* using the same tokens for authorizing websocket
connections. Phew. I may try to spin some parts of it off to an open source
library but not quite sure yet what exactly would make a good reusable
module.

Kalle

On Tue, Mar 22, 2016 at 6:39 PM, abangkis <[hidden email]> wrote:

> Hi all, thanks for the response. Yes, it's the server Implementation :)
>
> I don't think i would integrate spring social, since I don't use spring.
> Been tinkering with the servlet implementation of OAuth2, turn out the
> effort is greater than I previously think (probably because I don't
> understand OAuth2 that well). So i think I'm going to lower the priority of
> using OAuth2 for now.
>
> Thanks everyone :)
>
> On Tue, Mar 22, 2016 at 10:46 PM, Prakash Manjeshwar <
> [hidden email]
> > wrote:
>
> > My OAuth know-how is very limited. Nevertheless, following links might
> > help...
> >
> >
> >
> >
> >
> https://gist.github.com/sody/1324553/f4a12ce37f65b96b98c98921ab9caff7d6d5d037
> >
> >
> >
> http://docs.spring.io/spring-social/docs/1.0.x/reference/html/implementing.html
> >
> >
> >
> http://docs.spring.io/spring-social/docs/1.0.x/reference/html/overview.html#table-spring-social-modules
> >
> >
> >
> > ---
> > Regards,
> > Prakash
> >
> >
> > On 22 March 2016 at 21:06, Thiago H de Paula Figueiredo <
> > [hidden email]>
> > wrote:
> >
> > > On Tue, 22 Mar 2016 12:27:59 -0300, Prakash Manjeshwar <
> > > [hidden email]> wrote:
> > >
> > > I think, original question was about an OAuth *server implementation
> *as
> > >> there was reference to Apache Oltu.
> > >>
> > >
> > > Oh, I'm sorry. I read the message too quickly and I didn't notice the
> > > "server" part. (facepalm).
> > >
> > > Thanks for the shout out to Oltu. I didn't know about it and it seems
> > > pretty interesting. It shouldn't be hard to integrate it into a
> Tapestry
> > > application.
> > >
> > > Is Tynamo not a client only solution ?
> > >>
> > >
> > > Yes.
> > >
> > >
> > > --
> > > Thiago H. de Paula Figueiredo
> > > Tapestry, Java and Hibernate consultant and developer
> > > http://machina.com.br
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [hidden email]
> > > For additional commands, e-mail: [hidden email]
> > >
> > >
> >
>
>
>
> --
> http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
> twitter : @mreunionlabs @abangkis
> page : https://plus.google.com/104168782385184990771
>
Reply | Threaded
Open this post in threaded view
|

Re: OAuth2 Server tapestry implementation

abangkis
Thanks Kalle. Yes, I've been following that. Turning the Jax-RS sample to a
servlet one, before try to migrate it to tapestry. I Guess my knowledge on
OAuth2, JAX-RS & Servlet isn't deep enough to quickly do it for now. I'll
set aside a few weekends to learn more about it in the future :)


On Wed, Mar 23, 2016 at 12:36 PM, Kalle Korhonen <[hidden email]
> wrote:

> Adapting the code from Oltu's integration tests (e.g. see
>
> https://github.com/apache/oltu/blob/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/AuthzEndpoint.java
> ),
> it should be relatively simple to implement Oauth authorization & resource
> servers as JAX-RS endpoints with Tynamo's tapestry-resteasy (
> http://www.tynamo.org/tapestry-resteasy+guide/). Tynamo-federatedaccounts
> can certainly be used as a a client to your own server with some
> customization. It's not too difficult, but previous knowledge on basic
> Oauth workflow and JAX-RS is required. I'd love to make this much simpler
> really but there are lots and lots of options how you want things to behave
> so one size doesn't fit all.
>
> One of the more interesting things in authorization space I've been working
> on lately is invoking an Oauth request with a third-party authorization
> server from an Ember client, then validating the access token through my
> own service, federating it with a local account and finally returning JWTs
> for sessionless *and* using the same tokens for authorizing websocket
> connections. Phew. I may try to spin some parts of it off to an open source
> library but not quite sure yet what exactly would make a good reusable
> module.
>
> Kalle
>
> On Tue, Mar 22, 2016 at 6:39 PM, abangkis <[hidden email]> wrote:
>
> > Hi all, thanks for the response. Yes, it's the server Implementation :)
> >
> > I don't think i would integrate spring social, since I don't use spring.
> > Been tinkering with the servlet implementation of OAuth2, turn out the
> > effort is greater than I previously think (probably because I don't
> > understand OAuth2 that well). So i think I'm going to lower the priority
> of
> > using OAuth2 for now.
> >
> > Thanks everyone :)
> >
> > On Tue, Mar 22, 2016 at 10:46 PM, Prakash Manjeshwar <
> > [hidden email]
> > > wrote:
> >
> > > My OAuth know-how is very limited. Nevertheless, following links might
> > > help...
> > >
> > >
> > >
> > >
> > >
> >
> https://gist.github.com/sody/1324553/f4a12ce37f65b96b98c98921ab9caff7d6d5d037
> > >
> > >
> > >
> >
> http://docs.spring.io/spring-social/docs/1.0.x/reference/html/implementing.html
> > >
> > >
> > >
> >
> http://docs.spring.io/spring-social/docs/1.0.x/reference/html/overview.html#table-spring-social-modules
> > >
> > >
> > >
> > > ---
> > > Regards,
> > > Prakash
> > >
> > >
> > > On 22 March 2016 at 21:06, Thiago H de Paula Figueiredo <
> > > [hidden email]>
> > > wrote:
> > >
> > > > On Tue, 22 Mar 2016 12:27:59 -0300, Prakash Manjeshwar <
> > > > [hidden email]> wrote:
> > > >
> > > > I think, original question was about an OAuth *server implementation
> > *as
> > > >> there was reference to Apache Oltu.
> > > >>
> > > >
> > > > Oh, I'm sorry. I read the message too quickly and I didn't notice the
> > > > "server" part. (facepalm).
> > > >
> > > > Thanks for the shout out to Oltu. I didn't know about it and it seems
> > > > pretty interesting. It shouldn't be hard to integrate it into a
> > Tapestry
> > > > application.
> > > >
> > > > Is Tynamo not a client only solution ?
> > > >>
> > > >
> > > > Yes.
> > > >
> > > >
> > > > --
> > > > Thiago H. de Paula Figueiredo
> > > > Tapestry, Java and Hibernate consultant and developer
> > > > http://machina.com.br
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [hidden email]
> > > > For additional commands, e-mail: [hidden email]
> > > >
> > > >
> > >
> >
> >
> >
> > --
> > http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
> > twitter : @mreunionlabs @abangkis
> > page : https://plus.google.com/104168782385184990771
> >
>



--
http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
twitter : @mreunionlabs @abangkis
page : https://plus.google.com/104168782385184990771
Reply | Threaded
Open this post in threaded view
|

Re: OAuth2 Server tapestry implementation

Kalle Korhonen-2
I don't see a reason to do a plain servlet implementation if it's not for
educational reasons only. JAX-RS or even a Tapestry API would serve you
much better as an Oauth endpoint.

Kalle

On Wed, Mar 23, 2016 at 1:13 AM, abangkis <[hidden email]> wrote:

> Thanks Kalle. Yes, I've been following that. Turning the Jax-RS sample to a
> servlet one, before try to migrate it to tapestry. I Guess my knowledge on
> OAuth2, JAX-RS & Servlet isn't deep enough to quickly do it for now. I'll
> set aside a few weekends to learn more about it in the future :)
>
>
> On Wed, Mar 23, 2016 at 12:36 PM, Kalle Korhonen <
> [hidden email]
> > wrote:
>
> > Adapting the code from Oltu's integration tests (e.g. see
> >
> >
> https://github.com/apache/oltu/blob/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/AuthzEndpoint.java
> > ),
> > it should be relatively simple to implement Oauth authorization &
> resource
> > servers as JAX-RS endpoints with Tynamo's tapestry-resteasy (
> > http://www.tynamo.org/tapestry-resteasy+guide/).
> Tynamo-federatedaccounts
> > can certainly be used as a a client to your own server with some
> > customization. It's not too difficult, but previous knowledge on basic
> > Oauth workflow and JAX-RS is required. I'd love to make this much simpler
> > really but there are lots and lots of options how you want things to
> behave
> > so one size doesn't fit all.
> >
> > One of the more interesting things in authorization space I've been
> working
> > on lately is invoking an Oauth request with a third-party authorization
> > server from an Ember client, then validating the access token through my
> > own service, federating it with a local account and finally returning
> JWTs
> > for sessionless *and* using the same tokens for authorizing websocket
> > connections. Phew. I may try to spin some parts of it off to an open
> source
> > library but not quite sure yet what exactly would make a good reusable
> > module.
> >
> > Kalle
> >
> > On Tue, Mar 22, 2016 at 6:39 PM, abangkis <[hidden email]> wrote:
> >
> > > Hi all, thanks for the response. Yes, it's the server Implementation :)
> > >
> > > I don't think i would integrate spring social, since I don't use
> spring.
> > > Been tinkering with the servlet implementation of OAuth2, turn out the
> > > effort is greater than I previously think (probably because I don't
> > > understand OAuth2 that well). So i think I'm going to lower the
> priority
> > of
> > > using OAuth2 for now.
> > >
> > > Thanks everyone :)
> > >
> > > On Tue, Mar 22, 2016 at 10:46 PM, Prakash Manjeshwar <
> > > [hidden email]
> > > > wrote:
> > >
> > > > My OAuth know-how is very limited. Nevertheless, following links
> might
> > > > help...
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> >
> https://gist.github.com/sody/1324553/f4a12ce37f65b96b98c98921ab9caff7d6d5d037
> > > >
> > > >
> > > >
> > >
> >
> http://docs.spring.io/spring-social/docs/1.0.x/reference/html/implementing.html
> > > >
> > > >
> > > >
> > >
> >
> http://docs.spring.io/spring-social/docs/1.0.x/reference/html/overview.html#table-spring-social-modules
> > > >
> > > >
> > > >
> > > > ---
> > > > Regards,
> > > > Prakash
> > > >
> > > >
> > > > On 22 March 2016 at 21:06, Thiago H de Paula Figueiredo <
> > > > [hidden email]>
> > > > wrote:
> > > >
> > > > > On Tue, 22 Mar 2016 12:27:59 -0300, Prakash Manjeshwar <
> > > > > [hidden email]> wrote:
> > > > >
> > > > > I think, original question was about an OAuth *server
> implementation
> > > *as
> > > > >> there was reference to Apache Oltu.
> > > > >>
> > > > >
> > > > > Oh, I'm sorry. I read the message too quickly and I didn't notice
> the
> > > > > "server" part. (facepalm).
> > > > >
> > > > > Thanks for the shout out to Oltu. I didn't know about it and it
> seems
> > > > > pretty interesting. It shouldn't be hard to integrate it into a
> > > Tapestry
> > > > > application.
> > > > >
> > > > > Is Tynamo not a client only solution ?
> > > > >>
> > > > >
> > > > > Yes.
> > > > >
> > > > >
> > > > > --
> > > > > Thiago H. de Paula Figueiredo
> > > > > Tapestry, Java and Hibernate consultant and developer
> > > > > http://machina.com.br
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: [hidden email]
> > > > > For additional commands, e-mail: [hidden email]
> > > > >
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
> > > twitter : @mreunionlabs @abangkis
> > > page : https://plus.google.com/104168782385184990771
> > >
> >
>
>
>
> --
> http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
> twitter : @mreunionlabs @abangkis
> page : https://plus.google.com/104168782385184990771
>
Reply | Threaded
Open this post in threaded view
|

Re: OAuth2 Server tapestry implementation

abangkis
Yes, it was for educational purposes only.

Regards

On Wed, Mar 23, 2016 at 11:47 PM, Kalle Korhonen <[hidden email]
> wrote:

> I don't see a reason to do a plain servlet implementation if it's not for
> educational reasons only. JAX-RS or even a Tapestry API would serve you
> much better as an Oauth endpoint.
>
> Kalle
>
> On Wed, Mar 23, 2016 at 1:13 AM, abangkis <[hidden email]> wrote:
>
> > Thanks Kalle. Yes, I've been following that. Turning the Jax-RS sample
> to a
> > servlet one, before try to migrate it to tapestry. I Guess my knowledge
> on
> > OAuth2, JAX-RS & Servlet isn't deep enough to quickly do it for now. I'll
> > set aside a few weekends to learn more about it in the future :)
> >
> >
> > On Wed, Mar 23, 2016 at 12:36 PM, Kalle Korhonen <
> > [hidden email]
> > > wrote:
> >
> > > Adapting the code from Oltu's integration tests (e.g. see
> > >
> > >
> >
> https://github.com/apache/oltu/blob/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/AuthzEndpoint.java
> > > ),
> > > it should be relatively simple to implement Oauth authorization &
> > resource
> > > servers as JAX-RS endpoints with Tynamo's tapestry-resteasy (
> > > http://www.tynamo.org/tapestry-resteasy+guide/).
> > Tynamo-federatedaccounts
> > > can certainly be used as a a client to your own server with some
> > > customization. It's not too difficult, but previous knowledge on basic
> > > Oauth workflow and JAX-RS is required. I'd love to make this much
> simpler
> > > really but there are lots and lots of options how you want things to
> > behave
> > > so one size doesn't fit all.
> > >
> > > One of the more interesting things in authorization space I've been
> > working
> > > on lately is invoking an Oauth request with a third-party authorization
> > > server from an Ember client, then validating the access token through
> my
> > > own service, federating it with a local account and finally returning
> > JWTs
> > > for sessionless *and* using the same tokens for authorizing websocket
> > > connections. Phew. I may try to spin some parts of it off to an open
> > source
> > > library but not quite sure yet what exactly would make a good reusable
> > > module.
> > >
> > > Kalle
> > >
> > > On Tue, Mar 22, 2016 at 6:39 PM, abangkis <[hidden email]> wrote:
> > >
> > > > Hi all, thanks for the response. Yes, it's the server Implementation
> :)
> > > >
> > > > I don't think i would integrate spring social, since I don't use
> > spring.
> > > > Been tinkering with the servlet implementation of OAuth2, turn out
> the
> > > > effort is greater than I previously think (probably because I don't
> > > > understand OAuth2 that well). So i think I'm going to lower the
> > priority
> > > of
> > > > using OAuth2 for now.
> > > >
> > > > Thanks everyone :)
> > > >
> > > > On Tue, Mar 22, 2016 at 10:46 PM, Prakash Manjeshwar <
> > > > [hidden email]
> > > > > wrote:
> > > >
> > > > > My OAuth know-how is very limited. Nevertheless, following links
> > might
> > > > > help...
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> https://gist.github.com/sody/1324553/f4a12ce37f65b96b98c98921ab9caff7d6d5d037
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> http://docs.spring.io/spring-social/docs/1.0.x/reference/html/implementing.html
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> http://docs.spring.io/spring-social/docs/1.0.x/reference/html/overview.html#table-spring-social-modules
> > > > >
> > > > >
> > > > >
> > > > > ---
> > > > > Regards,
> > > > > Prakash
> > > > >
> > > > >
> > > > > On 22 March 2016 at 21:06, Thiago H de Paula Figueiredo <
> > > > > [hidden email]>
> > > > > wrote:
> > > > >
> > > > > > On Tue, 22 Mar 2016 12:27:59 -0300, Prakash Manjeshwar <
> > > > > > [hidden email]> wrote:
> > > > > >
> > > > > > I think, original question was about an OAuth *server
> > implementation
> > > > *as
> > > > > >> there was reference to Apache Oltu.
> > > > > >>
> > > > > >
> > > > > > Oh, I'm sorry. I read the message too quickly and I didn't notice
> > the
> > > > > > "server" part. (facepalm).
> > > > > >
> > > > > > Thanks for the shout out to Oltu. I didn't know about it and it
> > seems
> > > > > > pretty interesting. It shouldn't be hard to integrate it into a
> > > > Tapestry
> > > > > > application.
> > > > > >
> > > > > > Is Tynamo not a client only solution ?
> > > > > >>
> > > > > >
> > > > > > Yes.
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Thiago H. de Paula Figueiredo
> > > > > > Tapestry, Java and Hibernate consultant and developer
> > > > > > http://machina.com.br
> > > > > >
> > > > > >
> > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: [hidden email]
> > > > > > For additional commands, e-mail: [hidden email]
> > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
> > > > twitter : @mreunionlabs @abangkis
> > > > page : https://plus.google.com/104168782385184990771
> > > >
> > >
> >
> >
> >
> > --
> > http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
> > twitter : @mreunionlabs @abangkis
> > page : https://plus.google.com/104168782385184990771
> >
>



--
http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
twitter : @mreunionlabs @abangkis
page : https://plus.google.com/104168782385184990771