Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Version status: 0.0.1-SNAPSHOT alpha, request for comments

Icon

APIs subject to change

With 600 million users and counting, it's the new Internet. Yes, I'm talking about Facebook. Whether you love it or hate it, these days you have to have a Facebook strategy.

Tynamo-federatedaccounts is an add-on to tapestry-security module and provides and API and components for doing federated authentication, i.e. authenticating (your application) users with a third-party, such as Facebook, Twitter or Google. The most well-known protocol for this is Oauth. The module provides an authenticating realm for a each specific third-party, required components and pages for a particular federated authentication scheme. The module is designed to as light-weight and non-evasive with minimal amount of configuration. For example, for enabling simple authentication with Facebook in your (Hibernate) application, you only need to provide the following configuration:

The User.class above is your own persistent type, or in the case of Hibernate/JPA, an @Entity. Any types you are contributing for FederatedAccountService, need to implement the interface org.tynamo.security.federatedaccounts.FederatedAccount. FederatedAccount interface is shown below:

You don't necessarily need to provide any meaningful implementation for federate(...) operation, but it's provided in case you need to merge/update some account properties. See the example implementation for ideas.

FederatedAccountService is a light-weight interface, providing a bridge between your local user accounts and remote accounts. The only operation in FederatedAccountService is:

The operation is designed to be invoked after a remote authentication has succeeded. "remotePrincipal" parameter is the username or user id in the remote system and the last parameter is an optional object describing the remote account. The current Facebook realm is using resfb and returns restfb User object as the remoteAccount. DefaultHibernateFederatedAccountServiceImpl tries to obtain the configured entity for this realm (see the configuration above) and saves or updates the entity after calling its federate(...) operation.

FederatedAccounts module requires that FederatedAccountService interface is bound to an existing service, but doesn't bind to any by default. This is so you can provide a custom implementation for FederatedAccountService, using your own persistence model.

To load tynamo-federatedaccounts module, specify the following in your application pom.xml:

Note that for a snapshot version, you need to use the following repository:

Check out more examples from our full-featured functional tests or a simple, live demonstration with the default Facebook authentication in action, running on GAE. Note that GAE is slow to start up those JVMs...

  • No labels