Tutorial : Converting a java project to Maven project

Why Maven : You would find lot of articles on usage and power of Maven but in my experience biggest advantage is that you do not have to include/maintain those huge jar files in your code repository server. Very often real code or core of project runs into few mb's but if you include all the dependencies the size can become extremely bloated. With Maven in place developers (and consumers) can happily do quick rebase/clone commands, leaving the time consuming job of including dependencies to Maven. Best still if you have downloaded jars for other project, you do not have to download them again, and maven plugins in IDE (like Eclipse) handles the class paths transparently enough for you.

         

Imagine a scenario where you started off developing a java project and now would want to share it with developers/customers/testers etc. by leveraging Maven.There were a lot of hardships in converting your existing java projects into Maven earlier, but IDE plugins have have made developers life easier these days.

                                   

If you are using new releases of Eclipse, you already have a plugin installed m2e, if not you can download it from here : M2E Plugin

Steps to Convert

1. Right click on your existing project in eclipse and choose Configure -> Convert to Maven Project


                

2. Now you can open newly generated pom file in your project and add dependencies, and you can remove references from build path if you had added them manually.

3. If you want to get details on dependencies on jar files, try searching them on maven central. Once you click on the listed jar, you can get information like groupid, artifactid and version you want to use.


4. Once you have added all dependencies, right click on project and choose run as Maven clean, this should trigger download of all dependencies in your maven home directory. This also automatically adds dependencies to referenced libraries of your project, so you do not have to do it manually.

Setting up a server based on GIT repository

GIT ( https://github.com/ ) now supports SSH and it is a fabulous way for administrators to keep their server machines updated with latest code from code repositories.

Present Scenario : Whenever you do a git pull using http mechanism, you have to share your credentials. When there are multiple developers/administrators (which is generally the case now), it is nightmarish doing this.

SSH Scenario : This mechanism allows you to have a machine level access instead of user level, which is an excellent way to keep and maintain code on a typical server infrastructure.

1. Navigate to directory where you would like to clone git repository
2. To generate a ssh certificate on your machine use the following command
   ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
3. Add key information generated earlier to ssh-agent using below commands
           eval "$(ssh-agent -s)"
           ssh-add ~/.ssh/id_rsa
4. Adding this new SSH key to your GitHub account
   Copy rsa by using command clip < ~/.ssh/id_rsa.pub
   Now navigate in browser to github account and click on Settings -> SSH and GPG keys.
   Paste the copied key in the new key section.
5. From gitbash prompt add below command to fetch sources to local
   git clone "git@github****/.git"
   Be sure you use SSH url here and not the https.
6.  and just do a git pull whenever you wish to pull the latest sources.

Note : I find Gitbash extremely convenient when using git on windows.

                                                    
You can download it from here GIT Download Windows

Getting Started with OAuth2.0 and IBM SmartCloud.

 There are several advantages of using Open Authorization 2.0 (OAuth2.0) framework for accessing resources from a server, over the more traditional ones like Basic or Form authentication, prime being the peace of mind of end user. With OAuth2.0 end users do not have to worry about sharing their credentials with a third party application allowing it to access data from main server on their behalf.                    

There are obviously other advantages like easy mingling of OAuth2.0 with other security protocols like SAML, providing granular access to resources etc., but scope of this article would be making end users secure by allowing them not to share their credentials with any third party applications.

So what's the best way for training a developer on OAuth2.0, who has experience of authentication using Basic and Form standards, show him a sample and show it's not complicated as is the normal perception.

I love the analogy which is used on IBM Smartcloud documentation page to explain OAuth2.0, here is the scenario

1. Mike asks Paul to go to the bank on his behalf.
2. Paul gives Mike his previously registered ID to submit to the Bank.
3. Mike goes to the Bank, proves his own identity, and then submits Paul's ID to register Paul as his courier.
4. Bank confirms with Mike: "Do you want to allow Paul to access your assets?"
5. As Mike trusts Paul, he agrees.
6. Bank grants a temporary code to Mike.
7. Mike passes the temporary code to Paul.
8. Paul immediately goes to the bank to submit the code because the code is short-lived
    (if Paul waits too long the code expires and the process must begin all over again).
9. Bank validates the temporary code submitted by Paul.
10. Bank issues Paul a token that lets him bypass the registration check for the next two hours.
11. Paul accesses Mike's assets. (Note: The Connections Cloud implementation of OAuth 2.0 provides unlimited access to user resources).
12. Within 2 hours, Paul must renew the token so he can continue to access Mike's assets.

As you can see, Mike never shares his banking credentials directly with Paul, instead all Paul has is a temporary token to do transactions on behalf (or impersonating) Mike. This is critical since cases of user credentials being stolen from such third party app stores is becoming all common these days, consider what would happen if the ecommerce site where you stored your card details gets hacked ?

Getting the code part of things

Application Registration
For a third party application wishing to leverage OAuth2.0 on IBM Connections Cloud, it has to register itself with I BM Connections cloud platform. It also has to provide a Callback URL while registering, this is the url where Smartcloud will redirect user to on successful authorization, so it is important to finalize this before application starts registration process.

Upon successful registration platform returns with a ClientId and Client Secret..

OAuth2.0 Dance : Process of an application leveraging OAuth2.0 is often referred to as OAuth2.0 dance.

Step One : When user tries to access Third party application, and it recognizes user is not logged in, it redirects user to the IBM Connections Cloud authorization page using a url like below

https://apps.na.collabserv.com/manage/oauth2/authorize?response_type=code&client_id=<client_id>&callback_uri=<callback_uri>

Once user enters right credentials, an explicit question is asked if user wants to allow 'third party application' to access his data on server

Step Two : IBM Connections Cloud returns with a 302, with the target value header having the value of applications callback url. It also includes a special token called Authorization token.
Here is the format used
https:///<callback-uri>?code=1236879.


Step Three : Third party application then exchanges this authorization code with access token from host server. Here is the api call it would be making

https://apps.na.collabserv.com/manage/oauth2/token?callback_uri=<callback_uri>&lient_secret=<client_secret>&client_id=<client_id>&grant_type=authorization_code&code=<authorization_code>

IBM Connections cloud then returns with access token, which application can use to make api calls on behalf of end users.

Below are some diagrams which explains the above process

 

Incase you are looking for a sample implementation look at 

1. https://github.com/OpenNTF/SocialSDK

2. https://www.youtube.com/watch?v=BW6t-WeEGs0