Anda di halaman 1dari 39

REPORT ON

SOCIAL AUTH
(June 2012-August 2012)

Submitted for the partial fulfillment for the award of The degree of

BACHELOR OF TECHNOLOGY In Computer Science Engineering

Under the guidance of: Mr. Abhinav Maheshwari (chief technical officer) Brickred Sector-58,noida

Submitted By: Nitish Kumar Jha (08610402709) (CSE,4thYear)

Amity School of Engineering and Technology (Affiliated to Guru Gobind Singh Indraprastha University) 580, Delhi PalamVihar Road Bijwasan, New Delhi-110061

COMPANYS PROFILE
At BrickRed, our business is to make the offshore strategy work for ISVs and software enabled companies. And thats what we are really good at. Outsourcing has been here for long. But at BrickRed, we lend a refreshingly new meaning to it. We use our decade-long experience of this industry to bring a level of maturity which makes us best-in-class. Its no surprise that the Black book of Outsourcing has rated us in the Top 10 in the world for Outsourced product development. For all our Clients, software is core to their business where value for money is more important than low cost and time to market is absolutely critical. So for our clients, it is not about finding a software outsourcing vendor, but about having a trusted product development partner who can build commercial-grade, industrial-strength software and help you succeed. Since 2002 when we were founded, we have been a trusted partner for hundreds of ISVs and software enabled companies across the globe. Many of these were start-ups or funded companies looking at creating version 1.0, while many others were mature ISVs and SaaS companies looking at the offshore strategy for long-term benefits. Our recent merger with Three Pillar has created a global force to reckon with. With strength of more than 500 across four continents, we bring an interesting mix of onshore, near-shore and offshore choices for our Client-partners. Three Pillar/ BrickRed has been named in the list of fastest growing 500 companies in North America by the Inc. magazine. We have also been ranked 34th in Best companies to work for in India, in a study conducted by Great Place to Work Institute

BrickRed follows a consultative approach assisting clients in adopting the right sourcing strategy; providing you with various sourcing options and helping you start with the right option depending upon your business demands and objectives. Over the last two decades outsourcing has come a long way and BrickRed clearly distinguishes between Conventional Outsourcing options and the modern day sourcing strategies. BrickReds Managed Sourcing option is a mature approach perfectly suitable for clients that lack a product engineering team (like start-ups) or companies with established products and a growing need to support the product lines. Through this option BrickRed provides the full lifecycle product development & support expertise from its delivery centers in India, Romania or Argentina by taking full responsibility of the product lifecycle activities thus freeing up clients key resources to focus on business. In the Managed Sourcing approach, BrickRed takes complete ownership of one or more product lifecycle activities by creating a self managed virtual offshore delivery center made up of a dedicated team. BrickReds accountability in this model is much more than just individual resource performance. The offshore dedicated team performs under the guidance of senior managers and technology experts in the framework of proven processes and mature development methodology. This model is best suitable when a client decides to integrate offshore strategy into their long term business plans and targets to have long term consistent cost advantage, continuous flexibility and scalability benefits. It is not uncommon to test the waters of an offshore strategy using Conventional Outsourcing options before transitioning to a more mature sourcing strategy like BrickReds Managed Sourcing.

PREFACE
With the advent of various programming technologies and their broad support toward a lot of stuffs, our needs have escalated over the years, making computers and similar automatic devices our friend, relative, and teacher and guides many times. The need for integrating our daily use devices to these machines has become more and more important. Finding the various fields of application for the use of these revolutionary machines is not a new era of research, but even now it has much potential to attract the programmers for making it more functional for simplifying their daily life tasks.

It was very much expected that there will one day when every will have computer not on his desk but on his hands, but it was difficult to imagine that it would be so early. When talking about the suitability and flexibility of moving along with data, then we have to compromise with the size and power requirements. Major software technologies are providing the means to make this type of transfer possible and descent approaches towards this era of application is the necessity of time.

My project is just a little attempt in this direction.

The application may be not fulfilling all the need of the hungry industry and technology but it may be said an attempt to make an effort toward simplifying the business needs with using the assistance of technology with its efficient use. The next targets are to make the same feasible with now popular technology. I was unable to do that stuff because of the lack of time and resources right now. I hope you will appreciate the efforts and forgot the errors and inefficiency that it may have as just an educational project it is.

ACKNOWLEDGEMENT
I have great pleasure in acknowledging the help from all those who favored me with giving shape to the present project. My heartiest thanks go to my guide Mr. Tarun Nagpal for his help and support throughout the project. The help rendered by Mr. ShyamalBhattachharya (DGM -C&I Dept) is greatly acknowledged. I wish to express my grateful thanks to Mr.Udisht Jha for permitting me to do this project in their organization. I take this opportunity to express my sincere gratitude to Ms. ShavetaTatwani, Mr. Amar Arora, Mr. Abhijeet for their valuable suggestion, constant encouragement, silent support and unwavering confidence, without which this project would not have been possible. The perfection of a man lies on his depth of gratitude. Its not only my duty but a matter of joy and pleasure to once again convey my thanks to all. The training gave me an opportunity to understand various technical fundamentals and its application to different processes and work on the job as an effective team.

CERTIFICATE

This is to certify that this report entitled SocialAuth comprehends the authentic work of industrial training accomplished by NITISH KUMAR JHA Enrollment

No.08610402709, and student of AMITY SCHOOL OF ENGINEERING AND TECHNOLOGY (GGSIPU).

This Industrial Training partially fulfills his Bachelor of Technology course requirement after third year at Brickred Technologies,sector-58 Noida.

Guide Name: Mr. Tarun Nagpal

(Dept. of Information and Technology)

CONTENTS
Preface Acknowledgement. Certificate...

1: Project description 1.1. introduction 1.2. How it works .. 1.3. Why Socialauth 1.4. Scope...

2: Project Requirements 2.1. Functional Requirements.... 2.2. Non-functional Requirements. 2.3. Software/Hardware requirements... 2.3.1. Software Requirements. 2.3.2. Hardware Requirements

3: Project Details 3.1. Technologies used... 3.2. Diagrams..... 3.3.1. Flowchart.. 3.3.2. Use Case diagrams.... 3.3.3. Class diagrams.. 3.3.4. Sequence diagrams.... 3.3.5. Activity diagrams...... 3.3.6. State Chart diagrams. 4: Screen Shots...

5: Conclusion 5.1. Conclusion ..... 5.2. User Feedback....

6: Bibliography

Project Description
In This Section: Introduction How it works Why socialauth

Scope

INTRODUCTION

SocialAuth is a Java library (.NET port available) for you if your web application requires:

Authenticating users through external oAuth providers like Gmail, Hotmail, Yahoo, Twitter, Facebook, LinkedIn, Foursquare, MySpace, Salesforce, Yammer as well as through OpenID providers like myopenid.com.

Easy user registration. All you need to do is create a page where users can click on buttons for the above providers or other supported providers. Just call SocialAuth and you can get all their profile details. Importing contacts from Google, Yahoo or Hotmail. Support for importing friends from Facebook, followers from Twitter and contacts from LinkedIn is available, but currently Facebook, Twitter and LinkedIn do not provide email addresses. UPDATE: Hotmail has stopped providing email addresses.

HOW IT WORKS?

1. You get the API keys from providers like Facebook, Google and Yahoo. For this, you need to have a public domain on which you plan to deploy the application. It is important to note that your application can only run on the domain which you provided while getting the keys. If you want to run it locally, please see the steps here.

2. You make a request for authentication by using SocialAuth library. The library redirects the user to Facebook, Yahoo or other providers website where they enter the credentials. 3. The provider redirects the user back to your application with a token appended. Now you call the SocialAuth library and pass it this request token. 4. Now you can call SocialAuth library to get information about the user, and contacts from the provider.

WHY SOCIALAUTH ?

There are so many libraries out there which implement OpenID and oAuth, so why another library? There many practical challenges that we faced while doing the implementation of above use cases. None of them is insurmountable but the developer could spend a couple of weeks solving these, which we actually did and hence decided to make things better for the community.

There are many libraries for implementing Open ID and many for implementing oAuth. It becomes a difficult exercise to choose one that will do the integration quickly with the providers you want. Some libraries do not implement all the features and it becomes known only in the later stages of implementation for example we found out that openid4java does not implement the hybrid protocol. We also found out that it is not easy to integrate dyuproject library. Even after implementing using the library, it does not work out of the box for all providers. There are always certain things specific to a certain provider. For example the scopes are different as well as some steps in authorization may be different. Getting the actual data, for example contacts of a user is out of the scope of these protocols and hence most libraries do not implement this functionality.

So what we implemented is a wrapper that leverages these existing libraries, and works out of the box without requiring you to face the above challenges. You get the same interface to deal with integration of every provider.

Scope
Whats new in Version 2.2 ?
1. Support to manage state of logged-in providers in socialauth filter 2. Fixes to work with GAE 3. Options in properties file to set proxy 4. Option in properties file to set HttpConnection timeout

Project
Requirements
In This Section: functional requirements non-functional requirements software/hardware requirements

PROJECT REQUIREMENTS
FUNCTIONAL REQUIREMENTS:

In software engineering, a functional requirement defines a function of a software system or its component. A function is described as a set of inputs, the behavior, and outputs. Functional requirements may be calculations, technical details, data manipulation and processing and other specific functionality that show how a use case is to be fulfilled. They are supported by non-functional requirements, which impose constraints on the design or implementation (such as performance requirements, security, or reliability).As defined in requirements engineering, functional requirements specify particular behaviors of a system. This should be contrasted with non-functional requirements which specify overall characteristics such as cost and reliability.

NON-FUNCTIONAL REQUIREMENTS:

In systems engineering and requirements engineering, non-functional requirements are requirements which specify criteria that can be used to judge the operation of a system, rather than specific behaviors. This should be contrasted with functional requirements that specify specific behavior or functions. Non-functional requirements are often called qualities of a system. Other terms for non-functional requirements are "constraints", "quality attributes", "quality goals" and "quality of service requirements". Qualities, of Non-functional requirements can be divided into two main categories.

Execution qualities, such as security and usability, are observable at run time. Evolution qualities, such as extensibility and scalability, embody in the static structure of the software system.

SOFTWARE REQUIREMENTS: JDK 1.6 Struts Jdbc Driver for MySQL Database Server ODBC administrator

Database Server MySQL 5.0

Operating system Windows2000/XP/7/8

NetBeansIDE 7.1.2, Apache Tomcat 7.0.22

HARDWARE REQUIREMENTS: Intel P4 processor with minimum 2.0Ghz Speed RAM: Minimum 256MB Hard Disk: Minimum 20GB

Project Details
In This Section: technologies used getting started

diagrams

TECHNOLOGIES USED:

JAVA: Java is a platform independent, object-oriented, robust, secure and innovative programming language. It consist of Two Parts JVM (Java Virtual Machine), which is software component that is used to execute java programs. Java API (Application Programming Interface) that consist of inbuilt classes that are used in different programs.

DATABASE PROGRAMMING:

Jdbc version3.0: Jdbc is Java Database Connectivity that is used for communication between database server and a java application. Jdbc is a specification and API that is in programming database applications in java.

HTML:

HTML, an initialism of HyperText Markup Language, is the predominant markup language for web pages. It provides a means to describe the structure of text-based information in a document by denoting certain text as links, headings, paragraphs, lists, and so on and to supplement that text with interactive forms, embedded images, and other objects. HTML is written in the form of tags, surrounded by angle brackets. HTML can also describe, to some degree, the appearance and semantics of a document, and can include embedded scripting language code (such as JavaScript) which can affect the behavior of Web browsers and other HTML processors. Web pages are built with the help of this HTML which are called the Web Documents.

SERVLETS:
Java Servlet technology provides Web developers with a simple, consistent mechanism for extending the functionality of a web server and for accessing existing business systems. A servlet can almost be thought of as an applet that runs on the server side-without a face. Java servlets make many Web applications possible.

Fig : Servlet Architecture

A servlet is a Java programming language class used to extend the capabilities of servers that host applications accessed via a request-response programming model. Although

servlets can respond to any type of request, they are commonly used to extend the applications hosted by Web servers. For such applications, Java Servlet technology defines HTTP-specific servlet classes. The javax.servlet and javax.servlet.http packages provide interfaces and classes for writing servlets. All servlets must implement the Servlet interface, which defines lifecycle methods.

Servlet containers A Servlet container is a specialized web server that supports Servlet execution. It

combines the basic functionality of a web server with certain Java/Servlet specific optimizations and extensions such as an integrated Java runtime environment, and the ability to automatically translate specific URLs into Servlet requests. Individual Servlets are registered with a Servlet container, providing the container with information about what functionality they provide, and what URL or other resource locator they will use to identify themselves. The Servlet container is then able to initialize the Servlet as necessary and deliver requests to the Servlet as they arrive. Many containers have the ability to dynamically add and remove Servlets from the system, allowing new Servlets to quickly be deployed or removed without affecting other Servlets running from the same container. Servlet containers are also referred to as web containers or web engines.

STRUTS:

Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-viewcontroller (MVC) architecture.

Struts features
Simple POJO based Actions Simplified testability Thread Safe AJAX Support

jQuery Plugin Dojo Plugin (deprecated) AJAX Client Side Validation

Template Support Support for different result types Easy to extend with Plugins REST Plugin (REST based Actions, Extension-less URLs) Convention Plugin (Action Configuration via Conventions and Annotations) Spring Plugin (Dependency Injection) Hibernate Plugin support in Design JFreechart Plugin (Charts) jQuery Plugin (AJAX Support, UI Widgets, Dynamic Table, Charts) Rome Plugin (R

JAVA SERVER PAGES (JSP):

A JSP page is a text page document that describes how to process request to create a response. JSP is a Java-based technology that simplifies the process of developing dynamic web sites. With JSP, web designers and developers can quickly incorporate dynamic elements into web pages using embedded Java and simple mark-up tags. These tags provide the HTML designer with a way to access data and business logic stored inside Java object. JSP are txt files with extension .jsp which takes place of traditional HTML pages. JSP files contain traditional HTML along with the embedded code that allows the developer to access data from the Java code running on the server.

JSP is now an integral part of developing web-based application using java. Because of the ability to separate presentation from implementation logic by combing standard markup text with scripting element and object-oriented components, JSP provides an excellent front end technology for application that are the deployed over the web.

The java server pages technology offers the following advantages:

1. Write once, run anywhere properties 2. High quality tool support. 3. Re-use of components and tag libraries. SCRIPTING LANGUAGES:

The default scripting languages for JSP is, naturally, java. Since JSP Pages are compiled into java servlets, this assumption makes the translation of the scripts into servlets code every straight forward. To be acceptable for use with JSP, scripting languages must meet three requirements:

1. It must support the manipulation of Java objects. 2. It must be include the ability to catch Java exceptions and specify exception handlers. 3. It must be able to invoke methods on Java objects.

JSP TAGS:

JSP provides four major categories of markup tags. The first, directives, is a set of tags for providing the JSP container with page specific instructions for how the documents containing the directives are to be processed. Secondly, scripting elements are used to embedded programming instructions written in the designated scripting language for the pages witch are to be executed each time. The page is processed for request. Thirdly, comments are used for adding documentation strings to a JSP page. Fourthly, action support different behaviors. <%=%> <%%> <%!%> <%@%> : : : : USED FOR EXPRESSIONS USED FOR SCRIPLETS USED FOR DECLARATION USED FOR DIRECTIVES

<%@page%>

USED FOR PAGE DIRECTIVES

Expressions:

A JSP expression element is scripting language expression that is evaluated and that can be converted into a string which is succeed emitted into the out object. Syntax: <%= expression%>

Scrip let:

Scrip let can contain any code fragment that is valid for scripting language fragment. Syntax: <%scrip let %>

Declarations:

These are used to declare variables and methods in the scripting language. A declaration is initialized when the JSP page is initialized and is make available to other declarations and scrip lets. Syntax: <%! Declarations%>

Directives:

These are messages to JSP engine. Syntax: <%@directives%>

Page Directives:

The page directive defines a number of page dependent attributes and communicates these to the JSP engine. Syntax: <%@page = directive-attribute-list%>

ARCHITECTURE:

Fig: Three tier Three-tier is a client-server architecture in which the user interface, functional process logic, computer data storage and data access are developed and maintained as independent modules, most often on separate platforms. The 3-Tier architecture has the following three tiers: Presentation Tier: This is the topmost level of the application. The presentation tier displays information related to such services as browsing merchandise, purchasing, and shopping cart contents. It communicates with other tiers by outputting results to the browser/client tier and all other tiers in the network.

Application Tier (Business Logic/Logic Tier):


The logic tier is pulled out from the presentation tier and, as its own layer, it controls an applications functionality by performing detailed processing.

Data Tier:
This tier consists of Database Servers. Here information is stored and retrieved. This tier keeps data neutral and independent from application servers or business logic. Giving data its own tier also improves scalability and performance.

Fig: 3-tier Architecture

GETTING STARTED
Step 1. Prerequisites
Authenticating using the external oAuth providers requires that we register our application with the providers and obtain a key/secret from them that will be configured in our application. So following steps are needed to be set up before we can begin. 1. Public domain - You will need a public domain for testing. You should have a public domain because most of the providers require a public domain to be specified when you register an application with them. 2. Get the API Keys: You can get the API keys from the following URLs. o Google (show screenshot) http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto .html

o o o o o o o o o o

Yahoo (show screenshot) https://developer.apps.yahoo.com/dashboard/createKey.html Twitter - http://twitter.com/apps Facebook - http://www.facebook.com/developers/apps.php Hotmail (show screenshot) - http://msdn.microsoft.com/enus/library/cc287659.aspx FourSquare - (show screenshot) - https://foursquare.com/oauth/ MySpace - (show screenshot) - http://developer.myspace.com/Apps.mvc Linkedin - (show screenshot) - https://www.linkedin.com/secure/developer Salesforce - (show screenshot) Yammer - (show screenshot) https://www.yammer.com/client_applications/new Mendeley - (show screenshot) http://dev.mendeley.com/applications/register/

1. You can now develop the application using keys and secrets obtained above and deploy the application on your public domain. However, most people need to test the application on a local development machine using the API keys and secrets obtained above. 2. We do not recommend it at all, but if you do not want to obtain your own keys and secrets while testing, you can use the keys and secrets that we obtained by registering "opensource.brickred.com" for our demo. Follow the same steps as above but with domain as "opensource.brickred.com" and keys from our sample.

Step 2. Getting the library


You can either download our SDK and use pre-built jars or use Maven to integrate socialauth in your project. You can download socialauth-java-sdk-2.3.zip and following are the files that you would need to incorporate in your project from "dist" and "dependencies" directory of SDK.: Application Type Generic / Struts Application Spring Application Seam Application Using Filter Grails Application socialauth2.3.jar socialauth2.3.jar socialauth2.3.jar socialauth2.3.jar] socialauth2.3.jar Jars Required Files from dependencies folder Files from dependencies socialauth-spring-2.0folder beta2.jar Files from dependencies socialauth-seam-2.0folder beta1.jar Files from dependencies socialauth-filter-2.2.jar folder Files from dependencies socialauth-filter-2.2.jar folder

Note: If you are not using OpenID provider, in that case you can remove openid4java.jar from dependencies folder. If you are using Maven, you can configure the pom.xml as follows:

Add the repository <repository> <id>sonatype-oss-public</id> <url>https://oss.sonatype.org/content/groups/public/</url> <releases> <enabled>true</enabled> </releases> </repository>

Add dependency of core library <dependency> <groupId>org.brickred</groupId> <artifactId>socialauth</artifactId> <version>2.3</version> </dependency> Add Dependency for spring library if required <dependency> <groupId>org.brickred</groupId> <artifactId>socialauth-spring</artifactId> <version>2.0-beta2</version> </dependency> Add Dependency for seam library if required <dependency> <groupId>org.brickred</groupId> <artifactId>socialauth-seam</artifactId> <version>2.0-beta1</version> </dependency> Add Dependency for filter library if required <dependency> <groupId>org.brickred</groupId> <artifactId>socialauth-filter</artifactId> <version>2.2</version> </dependency>

Step 3. Implementation
Using the socialauth.jar consists of two main steps:

User chooses provider - Create a page where you ask the user to choose a provider. When the user clicks on a provider, in your handling code you should do the follwing:

1. Create a instance of SocialAuthConfig and call load() method to load configuration for providers. 2. Create a instance of SocialAuthManager and call setSocialAuthConfig() to set the configuration. 3. Store !SocialAuthManager object in session. 4. Redirect to the URL obtained by calling the function getAuthenticationUrl() //Create an instance of SocialAuthConfgi object SocialAuthConfig config = SocialAuthConfig.getDefault(); //load configuration. By default load the configuration from oauth_consumer.properties. //You can also pass input stream, properties object or properties file name. config.load(); //Create an instance of SocialAuthManager and set config SocialAuthManager manager = new SocialAuthManager(); manager.setSocialAuthConfig(config); //URL of YOUR application which will be called after authentication String successUrl = "http://opensource.brickred.com/socialauthdemo/socialAuthSuccessA ction.do"; // get Provider URL to which you should redirect for authentication. // id can have values "facebook", "twitter", "yahoo" etc. or the OpenID URL String url = manager.getAuthenticationUrl(id, successUrl); // Store in session session.setAttribute("authManager", manager); Provider redirects back - When you redirect the user to the provider URL, the provider would validate the user, either by asking for username / password or by existing session and will then redirect the user back to you application URL mentioned above, i.e. "http://opensource.brickred.com/socialauthdemo/socialAuthSuccessAction.do". Now you can obtain any profile information using the following code // get the auth provider manager from session SocialAuthManager manager = (SocialAuthManager)session.getAttribute("authManager"); // call connect method of manager which returns the provider object. // Pass request parameter map while calling connect method. Map<String, String> paramsMap = SocialAuthUtil.getRequestParametersMap(request); AuthProvider provider = manager.connect(paramsMap); // get profile Profile p = provider.getUserProfile();

// you can obtain profile information System.out.println(p.getFirstName()); // OR also obtain list of contacts List<Contact> contactsList = provider.getContactList();

SEQUENCE DIAGRAM :

SCREEN SHOTS

Conclusion
In This Section: conclusion feedback

CONCLUSION

CONCLUSION:

Definitely I am not starting a brand new thing and there are still many successfully running products till the date, but it was to just an attempt to utilize my capability to provide a solution in this direction. There are obvious limitations in the product presented by me, but under provided resources, technical helps and a short scale of time, I tried my best.

I am looking for more resources to move into this direction and want to make a complete product that works effectively and efficiently and it is not very much problematic.

I hope my efforts for going towards a very useful application, in the form of this project will be praised by my educational institution and we will get a good response from the institution and the industry as well.

USER FEEDBACK:

User is ultimate destination, where the success or failure of any product is expected to be decided. There are a lot of examples of many expensive and highly technical projects that failed only because of not getting users proper anticipation. Thats why before finalizing this project, it was necessary to take support of a person far away from the programming side of the project and also has a good knowledge of the system, so he can test the possibilities for which the project could be a failure.

BIBLIOGRAPHY
In This Section: bibliography technical references

BIBLIOGRAPHY
Taking something entirely new as a project is always problematic as far as the availability of resources is concerned. I tried and tried to get some good and feasible books for the topic, from library and friends. I also got the material from the websites and books for the references. Iam not mentioning any particular books for that one. Iam writing down some websites for which we are especially thankful to the respective owners. I am writing them as technical references in the next paragraph.

Technical References: www.wikipedia.com www.youtube.com www.netbeans.org

Anda mungkin juga menyukai