Mike's Notes

Twitter Login to a Java Web Application

mrmikewarren — Tue, 29 Nov 2011 23:35:47 +0000

Having taken Bruce Phillips Shiro tutorial’s app and added a login via Facebook option I’m now going to have a bash at implementing a “log in via twitter” option, I then will hopefully be able to step back and see what generlisations might be appropriate to make some of the code more generic between Facebook and Twitter logins, and also genererally for OAuth.

So first Create a Twitter Application

Do this on dev.twitter.com , with an application name, description and website.

There’s also an optional field for a call back URL, I’ve filled this in with the URL of the servlet that will be handling twitter login’s for my application, although twitter does say ” OAuth 1.0a applications should explicitly specify their oauth_callback URL on the request token step, regardless of the value given here”. So I may have to revisit this to determine which URL exactly should be entered.

This gives a consumer key and secret, and 4 URLS (Request token URL, Authorize URL , Access token URL and Callback URL ), so make a note of these, I’m assuming they may come in useful. Also note twitter’s “rules of the road”, which include things like display of a users twitter avatar if you’re using the twitter login mechanism, I’m not sure if Facebook makes the same requirement but if so will have to check.

Get Twitter4j

I’ll be using twitter4j to do a lot of the work, I’m already using it elsewhere, and been very happy so far with it’s ease of use.

http://twitter4j.org/en/index.html

I’ll be using the Sign in Via Twitter example as my guide (EDIT – I pretty much copy it)

http://twitter4j.org/en/code-examples.html#signinwithtwitter

Code

The first thing to do is add a log in via twitter link to our webpage, unlike the facebook one which is a link to facebook, this will be a link to a servlet implemented by our app.

The example above uses the following link.

Taking the Twitter4j example I then ended up with a TwitterLoginServlet (which maps to “TwitterLogin” linked to above) and a TwitterCallbackServlet.
I did find I had to fix the code below to hardcode the URL of the call back servlet when the app was deployed, possibly because I’m using Nginx as a reverse proxy so it was ending up with 127.0.0.1 instead of the host name, maybe I could fix Nginx configuration to avoid this.
Twitter properties is just a convenience class used in this demo to hold the properties given when the app was created, twitter4J would read in properties from a properties file on the class path by default.

package uk.co.mrdw.shiroexp.servlets;

import java.io.IOException;
import java.util.Properties;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import twitter4j.Twitter;
import twitter4j.TwitterException;
import twitter4j.TwitterFactory;
import twitter4j.auth.RequestToken;
import twitter4j.conf.ConfigurationBuilder;

public class TwitterLoginServlet extends HttpServlet {

private static final long serialVersionUID = 1L;

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println( "TwitterLoginServlet:doGet" );
ConfigurationBuilder cb = new ConfigurationBuilder();

Properties props = new TwitterProperties().getProperties();
cb.setDebugEnabled(true)
.setOAuthConsumerKey((String)props.get("twitterConsumerKey"))
.setOAuthConsumerSecret((String)props.get("twitterConsumerSecret"))
.setOAuthRequestTokenURL((String)props.get("twitterRequestTokenURL"))
.setOAuthAuthorizationURL((String)props.get("twitterAuthorizeURL"))
.setOAuthAccessTokenURL((String)props.get("twitterAccessTokenURL"));
TwitterFactory tf = new TwitterFactory(cb.build());
Twitter twitter = tf.getInstance();
request.getSession().setAttribute("twitter", twitter);
try {
StringBuffer callbackURL = request.getRequestURL();
System.out.println( "TwitterLoginServlet:callbackURL:"+callbackURL );
int index = callbackURL.lastIndexOf("/");
callbackURL.replace(index, callbackURL.length(), "").append("/TwitterCallback");

RequestToken requestToken = twitter.getOAuthRequestToken(callbackURL.toString());
request.getSession().setAttribute("requestToken", requestToken);
System.out.println( "requestToken.getAuthenticationURL():"+requestToken.getAuthenticationURL() );
response.sendRedirect(requestToken.getAuthenticationURL());

} catch (TwitterException e) {
throw new ServletException(e);
}

}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
*      response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException {
System.out.println("Unexpected doPost ...");
}
}

and the callback servlet (URL it’s mapped to needs to match the callbackURL generated in the login servlet above) …

package uk.co.mrdw.shiroexp.servlets;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import twitter4j.Twitter;
import twitter4j.TwitterException;
import twitter4j.auth.RequestToken;

public class TwitterCallbackServlet  extends HttpServlet {

private static final long serialVersionUID = 1L;

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Twitter twitter = (Twitter) request.getSession().getAttribute("twitter");
RequestToken requestToken = (RequestToken) request.getSession().getAttribute("requestToken");
System.out.println( "TwitterCallbackServlet:requestToken:"+requestToken);
String verifier = request.getParameter("oauth_verifier");
try {
twitter.getOAuthAccessToken(requestToken, verifier);
request.getSession().removeAttribute("requestToken");
} catch (TwitterException e) {
throw new ServletException(e);
}
response.sendRedirect(request.getContextPath() + "/");
}
}

This is pretty much a straight copy of the Twitter4J example.

Just to prove it was working I was able to add the following to the index.jsp

<%
<%@ page import="twitter4j.Twitter"%>
<%@ page import="twitter4j.ProfileImage"%>

....

Twitter twitter = (Twitter) request.getSession().getAttribute("twitter");
if(twitter!=null){
String imageUrl = "";
try {
imageUrl = twitter.getProfileImage(twitter.getScreenName(), ProfileImage.NORMAL).getURL();
} catch (Exception e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
%>
Twitter ID:<%=twitter.getId()%>
Twitter Screen Name:<%=twitter.getScreenName()%>
"/>

<%
}
%>

So that’s the basics of a twitter login to a Java web application working – I know it’s not actually logging in via Shiro at them moment, or doing anything useful, that will come ( I’ll also need to check the Twitter “Rules of the Road” before deploying and make sure I’m complying).

Haven’t looked at what there is in common with the Facebook login yet from a point of view of making the Shiro implementation more generic,
but I can see differences:
Unlike the Facebook example this works wherever its deployed – Facebook uses the URL configured for the application to call back to.
The login link on the web page goes to the web app, not to twitter.
Using Twitter4j has hidden a lot of the nuts and bolts, which is good, but may mean less chance of sharing OAuth code between Facebook and Twitter implementations.

Next step login via google I think, then try and put it all together in a Shiro implementation.

Using Apache Shiro Security to allow login via Facebook – part 2

mrmikewarren — Mon, 28 Nov 2011 12:53:29 +0000

Using Apache Shiro

So in part 1 I got a basic servlet that can be used to determine if a user has logged in via Facebook, and get hold of details like the Facebook users’s ID and name etc.

Now comes configuring and extending Shiro to handle Facebook login.

I’ve taken the approach of creating a new realm for Facebook, which will use a custom CredentialsMatcher (which won’t actually have to do much as it’s Facebook that handles any credentials matching). So with two new classes to be written uk.co.mrdw.security.facebook.FacebookCredentialsMatcher and uk.co.mrdw.security.facebook.FacebookRealm the config in shiro.ini (or embedded in web.xml in the tutorial) will have the following “main” section.

[main]
 realmA = name.brucephillips.somesecurity.dao.RoleSecurityJdbcRealm
 fbCredentialsMatcher = uk.co.mrdw.shiro.facebook.FacebookCredentialsMatcher
 realmB = uk.co.mrdw.security.facebook.FacebookRealm
 realmB.credentialsMatcher = $fbCredentialsMatcher
 securityManager.realms = $realmA, $realmB

(Maybe realmA and and realmB could be better named)

So shiro will first try realmA (the jdbc realm, backed by a users table), and if that realm doesn’t support the token being passed in to the SecurityUtils.getSubject().login(token) it will try realmB, the Facebook realm. So we’ll need a new token class for Facebook to identify facebook logins.

The code in the authenticate method in the FacebookLoginServlet will be moved to the FacebookRealm class, and the FacebookLoginServlet will just create a Facebook token and call SecurityUtils.getSubject().login(token).

So we end up with a FacebookRealm class like this


package uk.co.mrdw.shiro.facebook;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import uk.co.mrdw.shiroexp.servlets.FacebookProperties;

public class FacebookRealm extends AuthorizingRealm {

private static final Properties props = new FacebookProperties().getProperties();
private static final String APP_SECRET = props.get("fbAppSecret").toString();
private static final String APP_ID = props.get("fbAppId").toString();
private static final String REDIRECT_URL = props.get("fbLoginRedirectURL").toString();

@Override
public boolean supports(AuthenticationToken token) {
if (token instanceof FacebookToken) {
return true;
}
return false;
}

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return new FacebookAuthorizationInfo();
}

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
FacebookToken facebookToken = (FacebookToken) token;

// do all the facebook gubbins
if (facebookToken.getCode() != null && facebookToken.getCode().trim().length() > 0) {
URL authUrl;
try {
authUrl = new URL("https://graph.facebook.com/oauth/access_token?" + "client_id=" + APP_ID
+ "&redirect_uri=" + REDIRECT_URL + "&client_secret=" + APP_SECRET + "&code="
+ facebookToken.getCode());

String authResponse = readURL(authUrl);
System.out.println(authResponse);
String accessToken = getPropsMap(authResponse).get("access_token");
URL url = new URL("https://graph.facebook.com/me?access_token=" + accessToken);
String fbResponse = readURL(url);
FacebookUserDetails fud = new FacebookUserDetails(fbResponse);
return new FacebookAuthenticationInfo(fud, this.getName());
} catch (MalformedURLException e1) {
e1.printStackTrace();
throw new AuthenticationException(e1);
} catch (IOException ioe) {
ioe.printStackTrace();
throw new AuthenticationException(ioe);
} catch (Throwable e) {
e.printStackTrace();
}
}
return null;
}

// ------------------------------------------------------------
// STUFF here should be in a more generic place TODO
// ------------------------------------------------------------

private String readURL(URL url) throws IOException {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
InputStream is = url.openStream();
int r;
while ((r = is.read()) != -1) {
baos.write(r);
}
return new String(baos.toByteArray());
}

private Map getPropsMap(String someString) {
String[] pairs = someString.split("&");
Map props = new HashMap();
for (String propPair : pairs) {
String[] pair = propPair.split("=");
props.put(pair[0], pair[1]);
}
return props;
}
}

I have also added some getters to the FacebookUserDetails class – just extracting data from the json String it’s created with, will be refined as required in the future.

package uk.co.mrdw.shiro.facebook;

import org.json.JSONException;
import org.json.JSONObject;

/**
* Simple class for holding data relating to a facebook user
*
* @author Mike
*
*/
public class FacebookUserDetails {
private String id;
private String firstName;
private String lastName;
private String email;
// jsonString Expected to be something like this
// {
// "education": [{
// "school": {
// "id": "123456789012345",
// "name": "University of Sheffield"
// },
// "type": "Graduate School",
// "with": [{
// "id": "123456789",
// "name": "Daffy Duck"
// }]
// }],
// "first_name": "Mike",
// "id": "121212121",
// "last_name": "Warren",
// "link":
// "http://www.facebook.com/profile.php?id=121212121",
// "locale": "en_US",
// "name": "Mike Warren",
// "updated_time": "2011-08-15T14:51:05+0000",
// "verified": true
// }
private String jsonString;

public FacebookUserDetails(String fbResponse){
jsonString = fbResponse;
JSONObject respjson;
try {
respjson = new JSONObject(fbResponse);
this.id = respjson.getString("id");
this.firstName = respjson.has("first_name") ? respjson.getString("first_name") : " no name" + id;
this.lastName = respjson.has("last_name") ? respjson.getString("last_name") : "";
this.email = respjson.has("email") ? respjson.getString("email") : "-no email-";
} catch (JSONException e) {
System.out.println( "fbResponse:"+fbResponse );
e.printStackTrace();
throw new RuntimeException(e);
}

}

public String toString(){
return jsonString;
}

public String getId() {
return id;
}

public void setId(String id) {
this.id = id;
}

public String getFirstName() {
return firstName;
}

public void setFirstName(String firstName) {
this.firstName = firstName;
}

public String getLastName() {
return lastName;
}

public void setLastName(String lastName) {
this.lastName = lastName;
}

public String getEmail() {
return email;
}

public void setEmail(String email) {
this.email = email;
}
}


The CredentialsMatcher class shouldn’t need to do anything, as Facebook is doing the credentials matching for us.
package uk.co.mrdw.shiro.facebook;

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;

public class FacebookCredentialsMatcher implements CredentialsMatcher {

/**
* Just confirms that token is the right type - credentials checking is done by facebook OAuth
*/
@Override
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
if(info instanceof FacebookAuthenticationInfo){
return true;
}
return false;
}

}


create a facebook token class, will just be used to hold the “code” provided by Facebook
package uk.co.mrdw.shiro.facebook;

import org.apache.shiro.authc.AuthenticationToken;

public class FacebookToken implements AuthenticationToken {

private static final long serialVersionUID = 1L;
private String code;

public FacebookToken(String code){
this.code = code;
}

@Override
public Object getPrincipal() {
return null;// not known - facebook does the login
}

@Override
public Object getCredentials() {
return null;// credentials handled by facebook - we don't need them
}

public String getCode() {
return code;
}

public void setCode(String code) {
this.code = code;
}
}

And a FacebookAuthenticationInfo class
package uk.co.mrdw.shiro.facebook;

import java.util.ArrayList;
import java.util.Collection;

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;

public class FacebookAuthenticationInfo implements AuthenticationInfo {

private static final long serialVersionUID = 1L;

private PrincipalCollection principalCollection;

public FacebookAuthenticationInfo(FacebookUserDetails facebookUserDetails, String realmName){
Collection principals = new ArrayList();
principals.add(facebookUserDetails.getId());
principals.add(facebookUserDetails.getFirstName()+" "+facebookUserDetails.getLastName()); // Is this appropriate is the name not really a Principal ?
this.principalCollection = new SimplePrincipalCollection(principals, realmName);
}

@Override
public PrincipalCollection getPrincipals() {
return principalCollection;
}

@Override
public Object getCredentials() {
return null;// no credentials required
}
}


The FacebookLoginServlet then becomes much simpler – basically just use’s Shiro’s login mechanism.
package uk.co.mrdw.shiroexp.servlets;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;

import uk.co.mrdw.shiro.facebook.FacebookToken;

/**
* Simple Facebook Login Handling, doesn't actually do anything except display page confirming login
* successfull.
*
*
* @author Mike
*
*/
public class FacebookLoginServlet  extends HttpServlet {

private static final long serialVersionUID = 1L;

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println("FacebookLoginServlet getting..");

String code = request.getParameter("code");
FacebookToken facebookToken = new FacebookToken(code);
try{
SecurityUtils.getSubject().login(facebookToken);
response.sendRedirect(response.encodeRedirectURL("index.jsp"));
}
catch(AuthenticationException ae){
throw new ServletException(ae);
}
}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
*      response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException {
System.out.println("Unexpected doPost ...");
}
}


I’ve added a few lines to index.jsp, just to give some feedback on the result of the login via facebook
<%@ page import="org.apache.shiro.SecurityUtils"%>
<%@ page import="org.apache.shiro.subject.PrincipalCollection"%>

...

Is authenticated? <%= SecurityUtils.getSubject().isAuthenticated() %>
Principal:<%= SecurityUtils.getSubject().getPrincipal() %>
Principals:
<% PrincipalCollection principalCollection = SecurityUtils.getSubject().getPrincipals();
if(principalCollection!=null){
for(Object principal : principalCollection.asList()){
//request.out.println(""+principal +"");
%><%=principal %><%
}
}
%>

which ends up with output like this

Is authenticated? true

Principal:121212121

Principals:

121212121

Mike Warren

And that’s it – have just tested it and it works, I can login via facebook and get access to the “secure” page, get a display of the facebook ID as the principal, and can logout via the standard logout link.

Think I may need to read up on Principals and Roles a bit to see how to integrate shiro authorization capabilities with what I’ve got, but it may be that this is enough for my currrent needs.
I have a few doubts about whether this is the right way to use Shiro, so may well post a follow up post – “Using Shiro properly” to correct mistakes here.

Using Apache Shiro Security to allow login via Facebook – part 1

mrmikewarren — Mon, 28 Nov 2011 12:53:01 +0000

Background

Having got Facebook login working for my message board project in a quick and dirty way I decided to try and switch to using Apache Shiro for my security needs. This should hopefully mean I end up with something a bit more maintainable that could be extended without ending up with a custom made mess.

I’ve now got Shiro working in the message board project, and it has been pretty straighforward to get it running wityh a database tables of users,roles and passwords (encyrpted of course). After looking at the documentation on the Apache Shiro site I’d recommend the tutorial by Bruce Phillips http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity–A-Beginners–Tutorial-Part-1

Next step was to allow login via facebook (hoping to add other logins for twitter, google etc. soon) . I have a rough version of facebook login using Shiro working on my message board, but I’m not 100% sure about my approach, so rather than steam ahead with what I’ve done I’m going to try taking a step back and add facebook login to the tutorial project Bruce Phillips has created. At least then I can use this for demonstrating to others what I’ve done, which may be useful for anyone else trying something similar, and also have a simple project that I can experiment with without worrying about other distractions.

So bear in mind that this is my first rough stab at Facebook login with Shiro, I’m new to Shiro and to OAuth/Facebook login, so may well be setting a bad example, if so hopefully I’ll learn and be able to post a follow up with a better way of doing it. Basically feel free to copy stuff hear, but don’t blame me if it’s wrong.

I got some inspiration from Tynamo , which is a Tapestry module for doing exactly this

http://tynamo.org/tynamo-federatedaccounts+guide

which I came accross in the Shiro user forum here

http://shiro-user.582556.n2.nabble.com/Advice-on-Shira-with-FB-Connect-Session-Clustering-Efficiency-td6832777.html

Adding Facebook Login to “Somesecurity” Tutorial App

So copied the “somescurity” project in Eclipse to a new ShiroFacebook project ( found I had to go to “project->properties->Web Project Settings” and change the context root).

Create a Facebook App

This requires you to have URL where the app will be deployed.

In Facebook https://developers.facebook.com/apps select development, and create an App.

First you need to come up with a display name and a namespace for the app.

Then in the Website “I want to allow people to log into my website using Facebook” section you need to provide the URL for your app.

You should then have an App ID, and an App Secret for your application – make a note of these.

Add Login Via Facebook Link

Next add a login via facebook link on index.jsp , which will be like this.

https://www.facebook.com/dialog/oauth?client_id=123456789012345&redirect_uri=http://www.somesite.co.uk/shirofb/FacebookLogin

Where an “App ID” of 123456789012345 and the application will be running at http://www.somesite.co.uk/shirofb .

Create FacebookLogin Servlet

Now we need to create a FacebookLogin servlet to handle the redirection from Facebook.

I found this blog post very helpful:

http://www.richardnichols.net/2010/06/implementing-facebook-oauth-2-0-authentication-in-java/

So from Richard Nichol’s blog above and reading Facebook documentation I’ve ended with the follow servlet .

Facebook sends a request to this servlet after a user has clicked on the facebook login link on our index.jsp, this request contains a code which is used in the authenticate method to request an access token from facebook, which can be used to get details (id, name etc. ) of the user who has logged in. The Servlet then just prints out a simple piece of html to display the users details, or an error message.

package uk.co.mrdw.shiroexp.servlets;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
* Simple Facebook Login Handling, doesn't actually do anything except display page confirming login
* successfull.
*
*
* @author Mike
*
*/
public class FacebookLoginServlet  extends HttpServlet {

private static final long serialVersionUID = 1L;

/**
* Properties will be as follows, but with values for this app.
* fbAppSecret=1a234bc1234d1234e1f123g1234567g1
* fbAppId=123456789012345
* fbLoginRedirectURL=http://www.yoursite.co.uk/shirofb/FacebookLogin
*/
private static final Properties props = new FacebookProperties().getProperties();

private static final String APP_SECRET = props.get("fbAppSecret").toString();
private static final String APP_ID = props.get("fbAppId").toString();
private static final String REDIRECT_URL = props.get("fbLoginRedirectURL").toString();

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println("FacebookLoginServlet getting..");

FacebookUserDetails fud = authenticate(request, response);

if (fud != null) {
response.getWriter().write("Facebook Logged In
"+fud.toString()+"");
response.getWriter().flush();

} else {
try {
System.out.println("fb log in failed");
String errorReason = request.getParameter("error_reason");
String error = request.getParameter("error");
response.getWriter().write("fb login failed" +
" reason:"+errorReason+" error:"+error+"");
response.getWriter().flush();

return;
} catch (Exception e) {
e.printStackTrace();
}
}
}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
*      response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException {
System.out.println("Unexpected doPost ...");
}

/**
* Makes call to Facebook to get access_token, and then to get id, name etc.
* for the facebook user relating to that token. Returns FacebookUserDetails
* object for that user, or null if unable to complete authentication.
*
* @param request
* @param response
* @param code
* @return FacebookUserDetails
* @throws MalformedURLException
* @throws IOException
*/
private FacebookUserDetails authenticate(HttpServletRequest request, HttpServletResponse response)
throws MalformedURLException, IOException {
FacebookUserDetails fud = null;
String code = request.getParameter("code");
if (code != null && code.trim().length() > 0) {
URL authUrl = new URL("https://graph.facebook.com/oauth/access_token?" + "client_id="
+ APP_ID + "&redirect_uri=" + REDIRECT_URL + "&client_secret="
+ APP_SECRET + "&code=" + code);

String authResponse = readURL(authUrl);
System.out.println(authResponse);

try {
String accessToken = getPropsMap(authResponse).get("access_token");
URL url = new URL("https://graph.facebook.com/me?access_token=" + accessToken);
String fbResponse = readURL(url);

System.out.println(fbResponse);

fud = new FacebookUserDetails(fbResponse);

} catch (Throwable e) {
e.printStackTrace();
throw new RuntimeException(e);
}
}
return fud;
}

private String readURL(URL url) throws IOException {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
InputStream is = url.openStream();
int r;
while ((r = is.read()) != -1) {
baos.write(r);
}
return new String(baos.toByteArray());
}

private Map getPropsMap(String someString) {
String[] pairs = someString.split("&");
Map props = new HashMap();
for (String propPair : pairs) {
String[] pair = propPair.split("=");
props.put(pair[0], pair[1]);
}
return props;

}

/**
* Simple class for holding data relating to a facebook user
* currentyl just holds jsonString, but could have extra properties added backed by the json
* e.g. id, firstName, lastName, link ,education[], etc.
*
* @author Mike
*
*/
class FacebookUserDetails {

// jsonString Expected to be something like this, although I'm sure it used to include
// email
// {
// "education": [{
// "school": {
// "id": "123456789012345",
// "name": "University of Sheffield"
// },
// "type": "Graduate School",
// "with": [{
// "id": "123456789",
// "name": "Daffy Duck"
// }]
// }],
// "first_name": "Mike",
// "id": "121212121",
// "last_name": "Warren",
// "link":
// "http://www.facebook.com/profile.php?id=121212121",
// "locale": "en_US",
// "name": "Mike Warren",
// "updated_time": "2011-08-15T14:51:05+0000",
// "verified": true
// }
private String jsonString;

FacebookUserDetails(String fbResponse){
jsonString = fbResponse;
}

public String toString(){
return jsonString;
}
}

}

… Next Part 2 Making use of Shiro

Welcome to wordpress.com

mrmikewarren — Mon, 28 Nov 2011 12:38:27 +0000

Just a quick post to confirm move from mrdw.co.uk/blog has happened – decided that wordpress probably have more experience than myself in hosting a blog, (saves me from having to update wordpress install etc.)

Another TODO List

mrmikewarren — Sun, 25 Sep 2011 12:39:46 +0000

I’ve completed the last todo list for the running club message board, including a few extras that I added on the way, but have also added many more things to my mental (as in held in my mind, but maybe also MENTAL) todo list, so nows I good time to write them down so I can tick them off as I go.

Tidy up code, not aiming for it to be perfect but having the luxury of just hacking away with getting functionality working quickly as the main driver it could do with being tidied up before attempting anymore work on it.
Templating: At the moment theres hardcoding, so will only work for one messageboard, but I want to set up another one for testing, one for demonstration, and also another running club have one that is still on the old PHP code so would be nice to update that, shouldn’t be too hard, be nice to just have a properties file that I can switch.
Use Github: I’ve been using Codesion for some subversion hosting, but the pricing doesn’t really make sense for small projects that aren’t expected to make any money, so having used up my allowance of projects I’ve resorted to backing up a zip file. Github looks good, I’m happy to make the code public, and also feel like I should make the effort to try Git.
Allow login through other services – google/twitter/yahoo etc., I don’t like Facebook so be good to not be encourageing people to use it even more.
Make the login system create actual users and generally be better, it works as it is but its about as basic as you can get – you’re logged in or not, but everyone effectively logs in as same user, but just gives a different name to their post.
Admin users – need to be able to have administrators that can delete posts etc.
Allow editing of posts/replies you’ve just created, not sure about going back and editing old messages, but should be able to use the session to allow editing of something that’s just been posted, which is when people normally spot typos.

That will do for starters, got loads of other stuff in I’d like to do, be good to start using it as a basis for trying / evaluating different technologies – and brushing up things I’ve got on my CV. For example using JPA, Spring, Shiro. Then be good to try a Ruby version, a google app engine version and things I’ve only just heard of Node and Mongodb …

A Facebook app that’s worse than Farmville is also on my mental list.

Facebook Login

mrmikewarren — Thu, 22 Sep 2011 21:28:49 +0000

Got Facebook login working yesterday.

It’s been a while since I posted so thought I should do a quick one whilst I’ve got time. I’ve got an idea to go back over the various tasks involved in getting the message board running and write them up as proper “how to” blog posts that might actually be useful to someone, or at least me if I forget how I did it.

Anyway, I got facebook login working, after a bit of googling and reading through the facebook developer documentation. I have resorted to dropping the Spring login stuff, which I’d used to allow ajax logins to work with standard J2EE security. As I couldn’t find away of getting the standard J2EE security to work with logins from Facebook (not facebook specific – would have had the same problem with any OAuth login I think). I did try the new(ish) HttpServletRequest.login method available in Servlet API 3.0 – Tomcat 7.0, but found it only seemed to login that request, not the session, so when the response redirected the user to the message board after the facebook login they were still logged out as far as the session was concerned. So I’ve done what feels like a quick hack and just stored a “logged in” flag in the session.

I will investigate Apache Shiro, http://shiro.apache.org/ , an alternative to J2EE security. I’m not convinced J2EE standard is flexible enough for most uses I’m likely to come accross in the real world, but maybe I’m missing something, but it seems as though the creator of Shiro thought the same.

Twitter me not

mrmikewarren — Wed, 17 Aug 2011 21:25:45 +0000

So in the past I’d used Twitter4J to work with twitter, and it had proved to be very simple, and just work.

For example the give a userid and password for twitter I could just write code as follows to do an update.

Twitter twitter = new Twitter(twitterID,twitterPassword);
twitter.setSource(“mikewarrenstwitterprogram”);

Status status = twitter.update( responseString );

Seems things have moved on, and there’s a whole load of configuration required to be able to authenticate programatically with Twitter. I’m not sure why exactly, because if I use a twitter client all I need to give it is username and password, but I’m sure there’s a good reason … just need to find out how and why, which means what I thought would be a 10 minute bit of work will be as long as a piece of string – that’s computing for you.

Looks like I need to start with https://dev.twitter.com/docs/auth

Update 22/09/2011:

Just a quick note to say I got it working after jumping though a couple of hoops, using Twitter4J still, but you’re now forced to use OAuth to interact with Twitter. Basically you need to authorise your app with the account you want to post to, and then set up access tokens and secrets etc. I’ll write it up as a nice “how to” blog post when I get round to it.

Message Board #6 – Done

mrmikewarren — Tue, 16 Aug 2011 22:22:29 +0000

Well almost, I want to make a tweak or two before I make it available for use , but the work I originally listed back in April is done

Switch to use the live DB currently being used by the PHP app. – DONE
Make links automatically out of URLs in messages – DONE
Clean up html so it looks presentable (this could be a big one) – DONE
Either set up email notifications, or some alternative, e.g. posts to twitter – DONE

I mainly want to change the URL that it’s using so that once it starts being used people can favourite a URL and not have it change a week later. Also although I’ve got email notifications, I’d like to add twitter posting as I know that’s pretty easy, and gives some advantage from a user’s point of view to the new version.

I’ve been tinkering with adding facebook “like” and google “plus 1″, but easy to do for the whole page, but not working for me when I try to make them refer to an individual post, so that’s another thing to add to the list.

Part of me can’t quite believe that it’s taken so long, but then it has been the just the odd bit of time here and there in between working, sleeping, and various recreational activitities, so part of me is pretty pleased to have done it. Blogging has be useful as a reminder of what progress I’ve made – important when it’s so slow, and also an incentive to at least try and do something every week or two.I intend to continue, documenting adding various features, refactoring and maybe trying out different languages/frameworks, keeping a low threshold on quality of what I write in the hope that will mean I do actually post something.

Now I can treat myself to a waterproof camera housing, although having spent this long I’m not sure how much I really want one …

Message Board #5 – regexp

mrmikewarren — Tue, 05 Jul 2011 22:50:42 +0000

Not much to report again, in the little bit of time I’ve managed to grab I’ve been looking at the ake links automatically out of URLs in messages task.

I’d already done this in PHP, and planned to do it in Java. After implementing the code to do it in a getter on my Message class I realised the serialization done by com.google.gson.Gson.toJson wasn’t using the getter. After stopping to consider I decided it made more sense to do it in the code doing the actual display anyway, i.e. the javascript.

So looking into Javascript regular expressions and regular expressions for URLs I found this http://daringfireball.net/2010/07/improved_regex_for_matching_urls which looked pretty promising. But had trouble converting it into a javascript regexp (I think mainly due to some none ASCII characters, and the escaping of certain characters in Javascript), and had a feeling that it would actually be more lenient than I really want – e.g. I don’t want to match ftp.
So resorted to just converting what I was doing in PHP, which is a bit inelegant, but seems to work. It uses three separate replaces to cater for URL’s starting with “http://” (but not www’s), then strips off any “http://” from www’s and then sorts out remaining urls starting with “www.”. I know one bug is that it seems to fail to match the url after a “www” on its own, and also with a bit of regexp skill I should be able to combine the 3 separate passes into one regular expression.

As a quick test I used this javascript: ( I definitely need to sort out WordPress displaying code)

var data = "blah http://google.co.uk blah http://www.bbc.co.uk www http://www.mrdw.co.uk http://www.bbc.co.uk blah http://www.bbc.co.uk blah http://google.co.uk /mb mike gahsj asghja"; var reg1 = new RegExp("http://[^w][^w][^w][a-zA-Z0-9|_+-/?&=.%:,~#]*","g"); var data1 = data.replace(reg1, '$&');// deal with non www addresses that have a http:// var reg2 = new RegExp("http://www.","g"); var data2 = data1.replace(reg2, ' www.');// 1st strip off any http://www to just www so next rule will work var reg3 = new RegExp("www.[a-zA-Z0-9|_+-/?&=.%:,~#]*","gim"); var data3 = data2.replace(reg3, '$&'); document.write("

"+data1+"

"); document.write("


"+data2+"
");

document.write("
"+data3+"

");

MessageBoard App #4 Email using Gmail and more nginx

mrmikewarren — Thu, 30 Jun 2011 21:25:41 +0000

So as is traditional a quick reminder for myself of what my todo list was looking like:

Switch to use the live DB currently being used by the PHP app. -mainly done – should be easy to switch over now

Make links automatically out of URLs in messages

Clean up html so it looks presentable (this could be a big one)

Either set up email notifications, or some alternative, e.g. posts to twitter proven in theory – using gmail

Setup a domain name. done

Setup a webserver, to stand in front of tomcat(which is running on port 8080) so can use port 80 (aka a reverse proxy server I’ve learnt) done, using nginx, but want to tidy up config and do some testing around logging in/out

So, as is traditional, I didn’t get to spend much time on it this week, if only I didn’t have any family or freinds or leisure activities I might have more time to write a crappy message board application. Oh well.

But have managed to prove that I should be able to use a gmail account to send notification emails from – not sure if this is an advantage or not over setting up an email server, but in the spirit of just getting something working in whatever way is easiest it does the job.

Also a bit of tweaking of nginx config seemed to be having no effect, despite “ctrl shift delete, delete all cache” in firefox, which stumped me till I found a default file in /etc/nginx/sites-available which was what seemed to be taking precedence. Or maybe nginx wasn’t reloading the config like I thought it was when I ran “nginx -s reload”. Anyway, it’s working now, but need to experiment a bit to be confident that I’ve got any sort of a clue as to why.

Code for emailing from Java using gmail (mostly from http://www.velocityreviews.com/forums/t141237-send-smtp-mail-using-javamail-with-gmail-account.html
) , sorry wordpress doesn’t format better …:
package uk.co.mrdw.util;


import java.security.Security;

import java.util.Date;

import java.util.Properties;
import javax.mail.Message;

import javax.mail.MessagingException;

import javax.mail.PasswordAuthentication;

import javax.mail.Session;

import javax.mail.Transport;

import javax.mail.internet.InternetAddress;

import javax.mail.internet.MimeMessage;
/**

 * based on code here

 * http://www.velocityreviews.com/forums/t141237-send-smtp-mail-using-javamail-with-gmail-account.html

 * @author Mike

 *

 */

public class Emailer {

	private static final String SMTP_HOST_NAME = "smtp.gmail.com";

	private static final String SMTP_PORT = "465";

	private static final String emailMsgTxt = "Test Message Contents";

	private static final String emailSubjectTxt = "A test from gmail";

	private static final String emailFromAddress = "xxxxxxxxxx@gmail.com";

	private static final String SSL_FACTORY = "javax.net.ssl.SSLSocketFactory";

	private static final String[] sendTo = { "yyyyyyy@gmail.com"};
	public static void main(String args[]) throws Exception {
		Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
		new Emailer().sendSSLMessage(sendTo, emailSubjectTxt,

				emailMsgTxt, emailFromAddress);

		System.out.println("Sucessfully Sent mail to All Users");

	}
	public void sendSSLMessage(String recipients[], String subject,

			String message, String from) throws MessagingException {

		boolean debug = true;
		Properties props = new Properties();

		props.put("mail.smtp.host", SMTP_HOST_NAME);

		props.put("mail.smtp.auth", "true");

		props.put("mail.debug", "true");

		props.put("mail.smtp.port", SMTP_PORT);

		props.put("mail.smtp.socketFactory.port", SMTP_PORT);

		props.put("mail.smtp.socketFactory.class", SSL_FACTORY);

		props.put("mail.smtp.socketFactory.fallback", "false");
		Session session = Session.getDefaultInstance(props,

				new javax.mail.Authenticator() {
			protected PasswordAuthentication getPasswordAuthentication() {

				return new PasswordAuthentication("xxxxxxxxxxx@gmail.com", "PASSWORD");

			}

		});
		session.setDebug(debug);
		Message msg = new MimeMessage(session);

		InternetAddress addressFrom = new InternetAddress(from);

		msg.setFrom(addressFrom);
		InternetAddress[] addressTo = new InternetAddress[recipients.length];

		for (int i = 0; i < recipients.length; i++) {

			addressTo[i] = new InternetAddress(recipients[i]);

		}

		msg.setRecipients(Message.RecipientType.TO, addressTo);

// Setting the Subject and Content Type msg.setSubject(subject); msg.setContent(message, "text/plain"); Transport.send(msg); } }