Friday, April 5, 2013

Book Review: Spring Security 3.1

I haven't written any tutorials for my blog since December because of a new job I just got in Chicago. And today I won't be sharing any new tutorials as well. But don't despair because I will be sharing my review of another Spring book: Spring Security 3.1 by Robert Winch and Peter Mularien and published by Packt Publishing. You can find the book at http://www.packtpub.com/spring-security-3-1/book for $25.49.

It may sound that I'm selling, but I'm not. I'm actually promoting this book because it's a great reference that will help all developers regardless of expertise. In addition, the book is written by Robert, the project lead for Spring Security and by Peter, the author of the Spring Security 3 book. That means you're getting your information from the source and experts!

What's good about this book?
The book is fully packed with information regarding various aspects of Spring Security and integration steps with different scenarios, such as:


  • Basic Spring Security configuration
  • OpenID integration
  • Access Control List (ACL)
  • JDBC-based configuration
  • Remember-me services
  • LDAP-based authentication
  • Single Sign-on services
  • JSF and GWT integration
  • and many more

I like how the introduction starts with a fictitious company and enumerates the reasons why you may need to secure an unsecured application. There's an index that shows how to load the sample projects in STS and configure Tomcat along with SSL. If you have read the previous Spring Security 3 book, you might find the contents somewhat similar.

For me the most interesting chapters are Chapter 3: Custom Authentication and Chapter 10: Fine-grained Access Control because both chapters provide information on how to adapt Spring Security to match any project requirements.

What's bad about this book?
I believe the glaring problem of this book is it doesn't describe a whole project in any of its chapters. Mostly the chapters are focus on each aspect of Spring Security. They are detailed, but it's hard to see the overview or the general outlook of the chapter. Maybe because I'm used to the way I present my blog, and I prefer to have a full project laid out. Then describe each section part-by-part. Though there are samples in the book, but it's up to the reader to comprehend the whole project. But overall, this book is a great reference.
StumpleUpon DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit Google I'm reading: Book Review: Spring Security 3.1 ~ Twitter FaceBook

Subscribe by reader Subscribe by email Share

Monday, December 10, 2012

Spring Social with JavaConfig (Part 1)

In this tutorial, we will create an application that can post messages and retrieve profile information from Facebook and Twitter. We will use Spring Social to implement these features. To secure our application we will use Spring Security, and to manage our views, we will use Thymeleaf.

Table of Contents

Click on a link to jump to that section:
  1. Functional Specs
  2. Generate OAuth keys
    • Facebook
    • Twitter
  3. Spring Social configuration
  4. Spring Security configuration
  5. JavaConfig
    • ApplicationInitializer.java
    • ApplicationContext.java
    • DataConfig.java
    • ThymeleafConfig.java
    • spring.properties
  6. View with Thymeleaf
  7. Layers
    • Domain
    • Repository
    • Service
    • Controller
  8. Running the application
    • Clone from GitHub
    • Create the Database
    • Run with Maven and Tomcat 7
    • Run with Maven and Jetty 8
    • Import to Eclipse
    • Validate with W3C

Dependencies

These are the main Maven dependencies:
  • Spring 3.2.0.RELEASE
  • Spring Data JPA 1.2.0.RELEASE
  • Spring Security 3.1.3.RELEASE
  • Thymeleaf 2.0.14
  • Hibernate 3.6.3.Final
  • See pom.xml for full details

Required Tools

These are the minimum required tools:
  • Git
  • Maven 3.0.4
  • MySQL
  • Eclipse IDE or SpringSource Tool Suite (STS)

GitHub Repository

There are two versions of the application: a JavaConfig-based and an XML config-based app. Both versions are identical in their feature set.

Functional Specs


Our application's requirements are the following:
  • Post to Facebook and Twitter
  • Retrieve profile information from Facebook and Twitter
  • Secure the application
  • Allow login and creation of new users
  • Create a page for managing users

Here's our Use Case diagrams:


[User]-(Post to Facebook)
[User]-(Post to Twitter)
[User]-(Retrieve info from Facebook)
[User]-(Retrieve info from Twitter)
[User]-(Sign in)
[User]-(Sign up)

//http://yuml.me/



[Admin]-(Edit users)
[Admin]-(Delete users)
[Admin]-(Add users)

//http://yuml.me/

Screenshots


Before we proceed, let's preview some screenshots of our application:

Sign in page


Sign up


Facebook Profile


Twitter Profile


Manage Users


Post to Facebook


Tweet to Tweeter


Connect to Social Site


Connected to Social Site



Next

In the next section, we will show how to generate the OAuth secret keys for Facebook and Twitter. Click here to proceed.

StumpleUpon DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit Google I'm reading: Spring Social with JavaConfig (Part 1) ~ Twitter FaceBook

Subscribe by reader Subscribe by email Share

Spring Social with JavaConfig (Part 2)

Review

In the previous section, we have discussed the functional requirements of our application. In this section we will study how to generate OAuth keys for Facebook and Twitter. These are required so that Spring Social can communicate with these social media sites.

Table of Contents

Click on a link to jump to that section:
  1. Functional Specs
  2. Generate OAuth keys
    • Facebook
    • Twitter
  3. Spring Social configuration
  4. Spring Security configuration
  5. JavaConfig
    • ApplicationInitializer.java
    • ApplicationContext.java
    • DataConfig.java
    • ThymeleafConfig.java
    • spring.properties
  6. View with Thymeleaf
  7. Layers
    • Domain
    • Repository
    • Service
    • Controller
  8. Running the application
    • Clone from GitHub
    • Create the Database
    • Run with Maven and Tomcat 7
    • Run with Maven and Jetty 8
    • Import to Eclipse
    • Validate with W3C

Generate OAuth keys

Facebook

To generate a Facebook secret key, you need to sign-up for a Facebook account first. Once you have an account, follow these steps:
  1. Open a browser
  2. Visit https://developers.facebook.com/apps
  3. Click on Create New App
  4. Fill-in the App Name
  5. You will be redirected to the Basic settings page
  6. Now copy the App ID value. This is your client ID
  7. Then copy the App Secret value. This is your client secret

Note: The values need to be stored in the spring.properties file (see Part 5).

On my sample app, here's the Basic settings page. I've purposely changed the App ID and App Secret values:


Twitter

To generate a Twitter secret key, you need to sign-up for a Twitter account first. Once you have an account, follow these steps:
  1. Open a browser
  2. Visit https://dev.twitter.com/
  3. Visit the My applications page at https://dev.twitter.com/apps
  4. Click on Create a new application
  5. Fill-in the Name
  6. Fill-in the Description
  7. Fill-in the Website (You will need to invent a fictitious URL)
  8. You will be redirected to the Details tab of your new application
  9. Now copy the Consumer key value. This is your client ID
  10. Then copy the Consumer secret value. This is your client secret

Note: The values need to be stored in the spring.properties file (see Part 5).

On my sample app, here's the Details tab. I've purposely changed the Consumer key and Consumer secret values:



Next

In the next section, we will setup the Spring Social-related configuration through JavaConfig. Click here to proceed.
StumpleUpon DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit Google I'm reading: Spring Social with JavaConfig (Part 2) ~ Twitter FaceBook

Subscribe by reader Subscribe by email Share