Selected blog entry about wicket stuff and others

Xaloon SignIn panel for Apache Wicket - Login via Facebook, Google, Linked, Twitter and Yahoo

2010-02-08 09:19 | Author: vytautas.racelis

Introduction

Don't want to store customer's password? Do not want to create new profile in order just to post a comment? This is a panel to enable authentication via various third party sites.

We will discuss here how to add signin panel into existing wicket application and get authenticated via facebook, google, linkedin, twitter and yahoo.

Requirements

Apache maven;
Spring security;
Xaloon repository;
Tested on Apache tomcat 6.x;
Other dependencies.

Also you should already know how to register your application at facebook, linkedin, twitter and get your secred

Creating Apache Wicket application

I guess you already know kow to setup Apache wicket application:

mvn archetype:create -DarchetypeGroupId=org.apache.wicket

-DarchetypeArtifactId=wicket-archetype-quickstart

-DarchetypeVersion=1.4.5 -DgroupId=org.xaloon -DartifactId=xaloon-app

Adding Maven repositories and dependencies

You should add xaloon repository into new pom.xml file

<repository>
  <id>repository.xaloon.org</id>
  <name>xaloon Maven Repository</name>
  <url>http://xaloon.googlecode.com/svn/maven2/snapshots</url>
 </repository>

Xaloon components dependency contains other 3rd party requirements, such as facebook java api, oauth, spring security, etc.

<dependency>
  <groupId>org.xaloon</groupId>
  <artifactId>xaloon-wicket-components</artifactId>
  <version>1.2.1-SNAPSHOT</version>
</dependency>

There are two ways to use xaloon signin panel: easy and hard. Hard way is discussed in this part :)

Creating Authenticated WebSession

Default Wicket AuthenticatedWebSession is designed for default signin form processing (username and password should be provided), so new AbstractXaloonWebSession class is introduced to be able to authenticate user via 3rd party.

public class MyWicketSession extends AbstractXaloonWebSession {
	private static final long serialVersionUID = 1L;

	public MyWicketSession(Request request) {
		super(request);
	}

	/*
	 * This method is executed after successful external authentication in order to 
	 * process additional steps, e.g., load authenticated user profile.
	 * @result true - if profile is found and bound to authenticated user, false - otherwise
	 * 
	 * (non-Javadoc)
	 * @see org.xaloon.wicket.component.application.AbstractXaloonWebSession#
	 * afterSuccessExternalAuthentication
	 * (org.xaloon.wicket.component.security.impl.ExternalAuthenticationToken)
	 */
	@Override
	protected boolean afterSuccessExternalAuthentication(ExternalAuthenticationToken token) {
		return true;
	}

	/*
	 * Process default authentication - if username and password were intered into signin panel
	 * 
	 * (non-Javadoc)
	 * @see org.xaloon.wicket.component.application.AbstractXaloonWebSession#
	 * authenticateDefault(java.lang.String, java.lang.String)
	 */
	@Override
	protected boolean authenticateDefault(String username, String password) {
		return true;
	}

	/*
	 * @return get user roles after success authentication
	 * 
	 * (non-Javadoc)
	 * @see org.apache.wicket.authentication.AuthenticatedWebSession#getRoles()
	 */
	@Override
	public Roles getRoles() {
		if (isSignedIn()) {
			Roles roles = new Roles();
			roles.add("TEST");
			return roles;
		}
		return null;
	}

	/*
	 * Where to redirect authenticated user if there is no profile associated with signed in user. 
	 * Depends on afterSuccessExternalAuthentication result.
	 * 
	 * (non-Javadoc)
	 * @see org.xaloon.wicket.component.application.AbstractXaloonWebSession#
	 * getRedirectIfProfileNotFound()
	 */
	@Override
	protected String getRedirectIfProfileNotFound() {		
		return "/customer/profile/create";
	}
}

Extending AbstractSignInPanel

AbstractSigninPanel points us the page class where response from 3rd party will be processed:

public class MySignInPanel extends AbstractSignInPanel {
	private static final long serialVersionUID = 1L;
	
	public MySignInPanel(String id, PageParameters params) {
		super(id, params);
	}

	@Override
	protected Class getResponseValidationPageClass() {
		return LoginPage.class;
	}
}

And LoginPage will contain just created signin panel:

public class LoginPage extends WebPage {
	public LoginPage(PageParameters params) {
		add(new MySignInPanel("sign-in", params));
	}
}

IMPORTANT: LoginPage should be mounted using MixedParamUrlCodingStrategy and there should be one parameter added. You will see mounting configuration below. Now we add @AuthorizeInstantiation("TEST") annotation to our secure page:

@AuthorizeInstantiation("TEST")
public class SecurePage extends WebPage {
	public SecurePage(PageParameters params) {
		
	}
}

Configuring WebApplication

public class WicketApplication extends AuthenticatedWebApplication {
	/**
	 * Constructor
	 */
	public WicketApplication() {
	}

	/**
	 * @see org.apache.wicket.Application#getHomePage()
	 */
	public Class getHomePage() {
		return HomePage.class;
	}

	@Override
	protected void init() {
		super.init();
		//Configure spring
		addComponentInstantiationListener(new SpringComponentInjector(this));
		mountBookmarkablePage("/secure", SecurePage.class);
		//IMPORTANT: mount Login page using MixedParamUrlCodingStrategy and pass login type to the page
		mount(new MixedParamUrlCodingStrategy("/login", 
                       LoginPage.class, new String[] { SignInPanel.LOGIN_TYPE }));
	}

	@Override
	protected Class getSignInPageClass() {
		return LoginPage.class;
	}

	@Override
	protected Class getWebSessionClass() {
		return MyWicketSession.class;
	}
}

Final, most important part

Now you need to configure spring application context and provide consumer and secret keys:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:jee="http://www.springframework.org/schema/jee" 
xmlns:context="http://www.springframework.org/schema/context" 
xmlns:tool="http://www.springframework.org/schema/tool" xsi:schemaLocation="
	http://www.springframework.org/schema/tool http://www.springframework.org/schema/tool/spring-tool-2.5.xsd
      http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
      http://www.springframework.org/schema/context 
      http://www.springframework.org/schema/context/spring-context-2.5.xsd" default-autowire="byName">
   
	<bean id="facebookAuthenticationProvider" 
                class="org.xaloon.wicket.component.security.plugin.AuthenticationProvider">
		<property name="consumerKey" value="#"/>
		<property name="consumerSecret" value="#"/>
	</bean>
	
	<bean id="linkedinAuthenticationProvider" 
                class="org.xaloon.wicket.component.security.plugin.AuthenticationProvider">
		<property name="consumerKey" value="#"/>
		<property name="consumerSecret" value="#"/>
		
		<property name="requestTokenEndpointUrl" value="https://api.linkedin.com/uas/oauth/requestToken"/>
		<property name="accessTokenEndpointUrl" value="https://api.linkedin.com/uas/oauth/accessToken"/>
		<property name="authorizationWebsiteUrl" value="https://api.linkedin.com/uas/oauth/authorize"/>
	</bean>
	
	<bean id="twitterAuthenticationProvider" 
                class="org.xaloon.wicket.component.security.plugin.AuthenticationProvider">
		<property name="consumerKey" value="#"/>
		<property name="consumerSecret" value="#"/>
		
		<property name="requestTokenEndpointUrl" value="http://twitter.com/oauth/request_token"/>
		<property name="accessTokenEndpointUrl" value="http://twitter.com/oauth/access_token"/>
		<property name="authorizationWebsiteUrl" value="http://twitter.com/oauth/authorize"/>
	</bean>
	
	<bean id="facebookAuthenticationFacade" 
		class="org.xaloon.wicket.component.security.impl.FacebookOauthAuthenticationFacadeImpl">
		<property name="authenticationProvider" ref="facebookAuthenticationProvider"/>
	</bean>
	
	<bean id="linkedInAuthenticationFacade" 
		class="org.xaloon.wicket.component.security.impl.LinkedInOauthAuthenticationFacadeImpl">
		<property name="authenticationProvider" ref="linkedinAuthenticationProvider"/>
	</bean>
	
	<bean id="googleOpenidAuthenticationFacade" 
		class="org.xaloon.wicket.component.security.impl.OpenidAuthenticationFacadeImpl">
		<property name="claimedIdentity" value="https://www.google.com/accounts/o8/id" />
	</bean>
	<bean id="yahooOpenidAuthenticationFacade" 
		class="org.xaloon.wicket.component.security.impl.OpenidAuthenticationFacadeImpl">
		<property name="claimedIdentity" value="http://yahoo.com/" />
	</bean>
	
	<bean id="twitterAuthenticationFacade" 
		class="org.xaloon.wicket.component.security.impl.TwitterOauthAuthenticationFacadeImpl">
		<property name="authenticationProvider" ref="twitterAuthenticationProvider"/>
	</bean>
</beans>

Real implementation might be found here.

Missing something?

<< < > >>

xaloon / wicket components