Hi Łukasz can you please fix checkstyle errors in the demo... Re the callback uri : I think one of the providers on the server is configured with the callback URI
thanks, Sergey 2010/8/2 Łukasz Moreń <lukasz.mo...@gmail.com> > > > > Please update the demo so that the consume > > registers itself, plus supplies a callback itself with a request token > > request > > > callback url is passed in this request, however this request is done in > backend through URLConnection so it's not visible at UI. > > Cheers, Lukasz > > W dniu 2 sierpnia 2010 13:36 użytkownik Łukasz Moreń < > lukasz.mo...@gmail.com > > napisał: > > > Hi, > > I've committed changes I've made: > > - added possibility to register new OAuth client applications at OAuth > > server > > - OAuth demos moved to distribution\src\main\samples\ > > - added README to OAuth demos > > - fixes in pom.xml files > > > > - fix the checkstyle errors and move the demo to the > > > > ""distribution/src/main/release/samples/"" area and also add Readme; > after > > > > building the distribution (mvn install in trunk/distribution) you can > >> easily > > > > verify the demo can be run by locating in the target. > > > > > > fixed that, and added readme > > > > > >> - add the oauth dependency in the parent pom so that the rs/oauth module > >> can > > > > depend on it without specifying a version and have the demo client module > > > > depending on rt/rs/oauth module instead (similarly to the server one) > > > > > > done, hovewer demo client don't need to depend on rt/rs/oauth as it > doesn't > > use cxf functionality, just on oauth libraries > > > > > >> - during the main build please use the Spring version CXF depends upon > and > > > > use its -Pspring3 profile to build for the deployment into GAE > > > > > > changed, both client and server demos needs to be build with -Pspring3 > for > > local jetty run and GAE as well. > > Otherwise I would need use different spring config files for spring 2.5 > and > > 3.0.x > > > > Cheers, Lukasz > > > > W dniu 29 lipca 2010 21:15 użytkownik Sergey Beryozkin < > > sberyoz...@gmail.com> napisał: > > > > Hi > >> > >> 2010/7/29 Łukasz Moreń <lukasz.mo...@gmail.com> > >> > >> > Hi, > >> > > >> > I'm still working on refactoring and changes in demo you suggested. > >> > I will likely update it tomorrow. > >> > > >> > I'll likely ask for some modifications but perhaps if you could start > >> with > >> > > updating the demo > >> > > >> > such that a consumer initiates its own registration with the OAuth > >> server. > >> > > >> > > >> > I'm going to put high effort on my GSoC project next weeks. I would > >> really > >> > appreciate, > >> > if you would have some more modifications requests/directions which > >> project > >> > should go, as you have limited time next week > >> > and current changes will not take long. > >> > > >> > From what I'm seeing, I need to cover spec with code, simplify > >> > configuration > >> > and do more testing. > >> > > >> > > >> I have to sign off now...Please update the demo so that the consumer > >> registers itself, plus supplies a callback itself with a request token > >> request, add README and it would let users start experimenting. IMHO the > >> initial phase can be considered complete once there's a demo there which > >> can > >> show users what they need to do. > >> > >> We can then discuss things further > >> > >> cheers, Sergey > >> > >> > >> > >> > Cheers, > >> > Lukasz > >> > > >> > 2010/7/29 Daniel Kulp <dk...@apache.org> > >> > > >> > > > >> > > You probably just need to change your deps to: > >> > > > >> > > geronimo-servlet_3.0_spec > >> > > > >> > > > >> > > Dan > >> > > > >> > > > >> > > On Thursday 29 July 2010 3:35:57 pm Sergey Beryozkin wrote: > >> > > > Hi Lucasz > >> > > > > >> > > > I can't build the oauth sandbox project, seeing > >> > > > [ERROR] FATAL ERROR > >> > > > [INFO] > >> > > > > >> > > ------------------------------------------------------------------------ > >> > > > [INFO] Error building POM (may not be this project's POM). > >> > > > > >> > > > > >> > > > Project ID: org.apache.cxf:cxf-rt-rs-oauth > >> > > > POM Location: > >> > > > /home/sberyozkin/work/cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml > >> > > > Validation Messages: > >> > > > > >> > > > [0] 'dependencies.dependency.version' is missing for > >> > > > org.apache.geronimo.specs:geronimo-servlet_2.5_spec:jar > >> > > > > >> > > > > >> > > > Reason: Failed to validate POM for project > >> > org.apache.cxf:cxf-rt-rs-oauth > >> > > > at > /home/sberyozkin/work/cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml > >> > > > > >> > > > so I can not review the latest merge, sorry. I could've tried to > fix > >> > this > >> > > > issue but I'm not sure if you're finished with the refactoring > just > >> > yet. > >> > > > I'll be travelling tomorrow and I'll have some very limited time > >> during > >> > > the > >> > > > evenings next week but I'll try to provide some feedback at least > >> > > > > >> > > > cheers, Sergey > >> > > > > >> > > > > >> > > > 2010/7/26 Sergey Beryozkin <sberyoz...@gmail.com> > >> > > > > >> > > > > Hi Łukasz > >> > > > > > >> > > > > 2010/7/26 Łukasz Moreń <lukasz.mo...@gmail.com> > >> > > > > > >> > > > > Hi Sergey, > >> > > > > > >> > > > >> I'm really sorry for such commit, I know it shouldn't happen. I > >> > turned > >> > > > >> off checkstyle as i couldn't configure it properly on intellij > >> and > >> > it > >> > > > >> was annoying during development. > >> > > > >> I will apply proper changes ASAP. > >> > > > >> > >> > > > >> no worries at all, I've broken the real builds with checkstyle > >> > errors > >> > > so > >> > > > > > >> > > > > many times and it is the CXF sandbox after :-) > >> > > > > > >> > > > >> According to the demo, I built it as usual web-app, if it > worked, > >> > use > >> > > > >> this same sources to deploy on GAE. > >> > > > >> However because of GAE restrictions it always needs minor > changes > >> > > > >> before deploy, i.e. GAE can't read configuration files such as: > >> > > > >> cxf-extension-http.xml > >> > > > >> from jars, so I copied it to WEB-INF folder. > >> > > > >> Commited to svn version does not depend on GAE SDK and can be > run > >> > > > >> locally with jetty:run. > >> > > > >> > >> > > > >> Yes, I warned about server configuration part:). I will take > care > >> to > >> > > > >> make it simpler. > >> > > > > > >> > > > > I do not think it is too complicated - the simplification can be > >> done > >> > > > > once the whole flow is sound... > >> > > > > > >> > > > >> So far, oauth consumer properties are hardcoded and injected > into > >> > > > >> oauth provider, as I think it is not oauth library > responsibility > >> to > >> > > > >> deal with consumer registration. > >> > > > >> Hovewer for demo it would be good to have something like that. > I > >> > would > >> > > > >> do registration form at the server as it is done by current big > >> > oauth > >> > > > >> implementations. > >> > > > > > >> > > > > I agree that conceptually the registration of consumers is a > >> separate > >> > > > > issue. But it is part of the solution that users will be > >> eventually > >> > > > > offering so just showing them that the consumers have to go and > >> > > register > >> > > > > themselves with help people with coming up with some custom > >> > > registration > >> > > > > forms, etc. The registration does not have to be done at the > >> server > >> > > > > hosting the resource, it is just important for the OAuth > provider > >> be > >> > > > > able to get to the consumer details. I'm fine with assuming at > the > >> > > > > moment that the registration handler is collocated with the > >> > > > > endpoints/providers enforcing OAuth flow. > >> > > > > > >> > > > > But the callback uri which is being injected at the moment > should > >> go > >> > > > > anyway given that it is part of the actual flow, specifically, > the > >> > > > > consumer provides it during the request token request > >> > > > > > >> > > > >> Recently I've noticed that Camel have done oauth client as > >> well:): > >> > > > >> http://camel.apache.org/tutorial-oauth.html > >> > > > >> > >> > > > >> Thanks much for review, and hints. > >> > > > > > >> > > > > thanks for your effort :-) > >> > > > > > >> > > > > Sergey > >> > > > > > >> > > > >> Cheers, > >> > > > >> Lukasz > >> > > > >> > >> > > > >> 2010/7/24 Sergey Beryozkin <sberyoz...@gmail.com>: > >> > > > >> > Hi Łukasz > >> > > > >> > > >> > > > >> > Sorry for a delay, I should've come back earlier to you. > >> > > > >> > > >> > > > >> > I've run the demo hosted at the app engine and I think from > the > >> > > > >> > >> > > > >> education > >> > > > >> > >> > > > >> > point of view it is a good demo and it is handy one does not > >> even > >> > > has > >> > > > >> > to build anything in order to try it. > >> > > > >> > > >> > > > >> > I've had a problem building the rt/rs/oauth tests - there's a > >> > bunch > >> > > of > >> > > > >> > CheckStyle errors. Can you please build sandbox/oauth_1.0a > from > >> > the > >> > > > >> > >> > > > >> trunk, > >> > > > >> > >> > > > >> > just do 'mvn install -Pfastinstall' and then do 'mvn install' > >> from > >> > > > >> > >> > > > >> rt/rs/ ? > >> > > > >> > >> > > > >> > One other thing, please move the demo to > >> > > > >> > "distribution/src/main/release/samples/" as well add Readme > to > >> it. > >> > > > >> > > >> > > > >> > Also I can not build the demo too, the client build fails > with > >> the > >> > > > >> > >> > > > >> following > >> > > > >> > >> > > > >> > dependency missing > >> > > > >> > 1) net.oauth.core:oauth-consumer:jar:20100527 > >> > > > >> > > >> > > > >> > But I'm seeing an oauth repo in the rt/rs/oauth pom, have you > >> > built > >> > > it > >> > > > >> > >> > > > >> in > >> > > > >> > >> > > > >> > the GAE dev environment ? > >> > > > >> > > >> > > > >> > Can you please spend a bit of time on cleaning the build a > bit > >> : > >> > > > >> > - fix the checkstyle errors and move the demo to the > >> > > > >> > ""distribution/src/main/release/samples/"" area and also add > >> > Readme; > >> > > > >> > >> > > > >> after > >> > > > >> > >> > > > >> > building the distribution (mvn install in trunk/distribution) > >> you > >> > > can > >> > > > >> > >> > > > >> easily > >> > > > >> > >> > > > >> > verify the demo can be run by locating in the target. > >> > > > >> > - add the oauth dependency in the parent pom so that the > >> rs/oauth > >> > > > >> > module > >> > > > >> > >> > > > >> can > >> > > > >> > >> > > > >> > depend on it without specifying a version and have the demo > >> client > >> > > > >> > >> > > > >> module > >> > > > >> > >> > > > >> > depending on rt/rs/oauth module instead (similarly to the > >> server > >> > > one) > >> > > > >> > - during the main build please use the Spring version CXF > >> depends > >> > > upon > >> > > > >> > >> > > > >> and > >> > > > >> > >> > > > >> > use its -Pspring3 profile to build for the deployment into > GAE > >> > > > >> > > >> > > > >> > As far as the demo is concerned. I looked at the server part > >> and > >> > it > >> > > > >> > >> > > > >> looks > >> > > > >> > >> > > > >> > complicated enough :-) but I think it makes sense to me. I'll > >> > likely > >> > > > >> > ask > >> > > > >> > >> > > > >> for > >> > > > >> > >> > > > >> > some modifications but perhaps if you could start with > updating > >> > the > >> > > > >> > demo such that a consumer initiates its own registration with > >> the > >> > > > >> > OAuth > >> > > > >> > >> > > > >> server : > >> > > > >> > I can see at the moment an oauth provider is injected with > some > >> > > sample > >> > > > >> > consumer properties. I'm not sure what is the best way to do > it > >> : > >> > > may > >> > > > >> > be > >> > > > >> > >> > > > >> the > >> > > > >> > >> > > > >> > server can return a registration form or the client can just > >> push > >> > > the > >> > > > >> > registration info itself. > >> > > > >> > > >> > > > >> > Overall I think it is a good progress indeed especially given > >> the > >> > > > >> > >> > > > >> complexity > >> > > > >> > >> > > > >> > of the whole effort. > >> > > > >> > > >> > > > >> > > >> > > > >> > > >> > > > >> > thanks, Sergey > >> > > > >> > > >> > > > >> > On Wed, Jul 14, 2010 at 10:14 PM, Łukasz Moreń < > >> > > lukasz.mo...@gmail.com > >> > > > >> > > >> > > > >> >wrote: > >> > > > >> >> Hi all, > >> > > > >> >> > >> > > > >> >> I have managed to create two sample OAuth aplications: > >> > > > >> >> ordinary OAuth 1.0a client: > >> http://www.oauthclient.appspot.com > >> > > > >> >> and authorization server that uses CXF OAuth module: > >> > > > >> >> http://www.cxfoauthserver.appspot.com > >> > > > >> >> > >> > > > >> >> Both sample applications and changes in oauth library are > >> > commited > >> > > in > >> > > > >> >> sandbox. > >> > > > >> >> > >> > > > >> >> OAuth configuration in sample authorization server app looks > a > >> > bit > >> > > > >> >> awfully but I think most of that can be hidden and done out > of > >> > > band. > >> > > > >> >> There is still some areas in specification not covered by > >> > > > >> >> implementation, so I would like to take care of that in next > >> > steps. > >> > > > >> >> > >> > > > >> >> Thanks in advance for some feedback. > >> > > > >> >> > >> > > > >> >> Cheers, > >> > > > >> >> Lukasz > >> > > > >> > > -- > >> > > Daniel Kulp > >> > > dk...@apache.org > >> > > http://dankulp.com/blog > >> > > > >> > > >> > > > > >
