Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

FederatedAccounts module requires that FederatedAccountService interface is bound to an existing service, but doesn't bind to any by default. This is so you can easily provide a custom implementation for FederatedAccountService, using your own persistence model. Two implementations are provided by default for FederatedAccountService: DefaultHibernateFederatedAccountServiceImpl and DefaultJpaFederatedAccountServiceImpl.

Extension points
Anchor
extensionpoints
extensionpoints

...

Check out more examples from our full-featured functional tests or a simple, live demonstration with the default Facebook authentication in action, running on GAE.

Info
titleNote on GAE

The module currently uses httpclient 4.x which doesn't run on GAE by default. To make it work, the example uses an additional dependency that is under LGPL. The code was taken from ESXX project and repackaged for Tynamo. This additional library is not included by default, you have to explicitly include it in your project if you want to use it and then set configuration.add(FederatedAccountSymbols.HTTPCLIENT_ON_GAE, "true"); in your AppModule. See the example pom.xml for more details.

Configuring realms

The modularized architecture allows each module (and realm) to use their own, provider specific communication library. Each realm can support additional, provider-specific features. For example, you may want to request additional permissions from Facebook users etc. If you don't have a need for provider-specific features (like reading posting tweets on behalf of the user, utilizing the user's social graph etc.) you may use a Pac4jFederatedRealm (based on Pac4j module), which is a generic Oauth module that unifies access to the user's federated profile. See below for documentation on specific realms and sub-modules.

...

If you just need a quick & dirty way for adding a few Oauth providers to your application, check out how Pac4j is being used in the tynamo-federatedaccounts-test module. At this time, Pac4j supports facebook, dropbox, github, google2, linkedIn2, twitter, windowslive, wordpress & yahoo Oauth providers (the number at the end of the provider key refers to the authentication protocol in case the provider itself supports both). The module even sports a fully functional UI component (see the federatedSignInOptionsPanel on the login page of the test app), so you enable specific providers, provider the credentials and entity configuration and you are done! Of course, you don't have to use the options panel but you can also just add specific Oauth logins using the <t:federated.Pac4jOauthSignIn provider="yahoo" / > component. Note that since Pac4j handles multiple specific providers, you need to use the form "pacj_<supported client name>" as a key when setting up entity mapping (e.g.  // configuration.add(FederatedAccountType.pac4j_.name() + SupportedClient.google2.name(), GoogleAccount.class) ).

TwitterRealm - in tynamo-federatedaccounts-twitter module

This modules uses Twitter4j library. Twitter4j allows you to execute any read/write operations (search tweets, post on behalf of the user etc.) provided by the Twitter API. You typically want to use this module directly if you plan on exercising these Twitter APIs.

FacebookRealm - in tynamo-federatedaccounts-facebook module

...

By default, FacebookRealm will use the Facebook user id as the principal property, i.e. that property is used as the remotePrincipal. You may change it by configuring FacebookRealm.FACEBOOK_PRINCIPAL. Facebook.PrincipalProperty {id, email, name} are the only supported principals. Using email as the principal property may sometimes be valuable for automatically merging existing accounts but remember that you need to explicitly request access to user's email. You can specify name as well, but note that it's not a uniquely identifying property (not even within Facebook), so you likely want to implement your own FederatedAccountService in that case and use composite keys or make the principal otherwise unique.

Tip
titleTapestry makes it easy!

Oauth is based on callback URIs back to your application. This module automatically adds an Facebook Oauth page as the callback URI, and handles the mechanics of obtaining and verifying the Oauth access key. Even if you've secured access to the rest of your site (with tapestry-security), distributed configuration contributed by this module allows unauthenticated requests to access the callback pages (but only if you do it all in Java!).

Workin together with the FacebookRealm is FacebookOauthSignIn component. This component displays the Facebook login icon and initiates the Oauth callflow. The component requires that you've contributed values for "facebook.clientid" and "facebook.clientsecret" to work. Additionally, you may require Facebook specific permissions and decide to manage transactions yourself (set FederatedAccountSymbols.COMMITAFTER_OAUTH to false, true by default). FacebookSignIn also support three different window modes [blank|inline|self] (e.g. windowmode="blank"). The live example well demonstrates these configuration choices.

Oauth is based on callback URIs back to your application. This module automatically adds an Facebook Oauth page as the callback URI, and handles the mechanics of obtaining and verifying the Oauth access key. Even if you've secured access to the rest of your site (with tapestry-security), distributed configuration contributed by this module allows unauthenticated requests to access the callback pages (but only if you do it all in Java!).
Tipinfo
titleTapestry makes it easy!
Note on GAE

The module currently uses httpclient 4.x which doesn't run on GAE by default. To make it work, the example uses an additional dependency that is under LGPL. The code was taken from ESXX project and repackaged for Tynamo. This additional library is not included by default, you have to explicitly include it in your project if you want to use it and then set configuration.add(FederatedAccountSymbols.HTTPCLIENT_ON_GAE, "true"); in your AppModule. See the example pom.xml for more details.

RollingTokenRealm in tynamo-federatedaccounts-rollingtokens

...