Saturday, April 29, 2017

How to integrate Struts and Hibernate

Hi everybody,



  Today's article, I would like to explain how to integrate Struts and Hibernate framework. First of all, I would like to explain that I am using the MVC pattern to configure it. Struts is my VIEW and CONTROLLER and Hibernate will be the MODEL.

 

Steps of the integration :

  • Configure the plug-in property on struts-config or in another class to setup the configuration of the file .cfg.xml.
  • Create a Hibernate - Struts plugin to set the Hibernate session factory in the servlet context based on the previous setup.
  • Then get the Hibernate  session factory from the servlet context and call/execute whatever Hibernate task needed.

Step-by-step:

   1.0- In my case, I've created a util class called HibernateUtil.java where I am setting up the CreateSessionFactory as below.


   1.1 - You can also do the same dynamic step above manually inserting the Hibernate config XML plugin in struts-config.xml as below:<struts-config>
  1.     ...
    <plug-in className="com.mkyong.common.plugin.HibernatePluginThiago">
       <set-property property="path" value="/hibernate.cfg.xml"/>
    </plug-in>
 ...
<struts-config
I prefer the first option as you keep your code reusing as much as possible code.


2.0 - On the same scenario, HibernateUtil is where you reference the struts-config.xml parameters and add the datasource session picking up the methods as below:




As you can see the datasouirce is called THIAGO-DB, and this is configured thru all methods that belongs to HibernateUtil.java.

3.0 - Next and final step now is get the Hibernate session factory thru the DAO object that you need to configure. The suggestion that I have is keep as much dynamic as possible in order to make it very easy to change later, as needed.

Here it's the piece of code that I've created to call the session factory from my Hibernate configuration in Struts.

You can see in my try-catch block above that I am calling the current session of HibernateUtil instance that has the THIAGO_DB configuration. So, you are now getting the session factory configured to Hibernate in Struts framework.


I hope this helps, happy coding.
Thiago Leoncio.



Posted by at No comments:

Tuesday, April 18, 2017

OAuth using Google Cloud Platform


What is OAuth?

OAuth is a standard for access delegation. If you are trying to grant app/client access to information on other places(websites) without providing passwords, that's basically the purpose of OAuth. This feature is used by several companies and permits users to share information about their accounts with third-party applications or websites.

OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.


Auth0 helps you to:
  • Add authentication with multiple authentication sources, either social like Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce, among others, or enterprise identity systems like Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider.
  • Add authentication through the more traditional username/password databases.
  • Add support for linking different user accounts with the same user.
  • Support for generating signed JSON Web Tokens to call your APIs and flow the user identity securely.
  • Analytics of how, when, and where users are logging in.
  • Pull data from other sources and add it to the user profile, through JavaScript rules.


What you should add to your OAuth code:

CLIENT_ID, CLIENT_SECRET, AUTZ_URL and IDCS_URL:

Your code for parsingJWT and manipulating the JSON content provided by the OAuth mechanism should be similar to this:




In the case of Google, you should register the service account, the product name(equals project name), and the redirect_URI.

Web application configuration on GCP.

Service account and keys needed to Auth0 on Google.

Running your OAuth/Google app:






Getting the Authorization, Token and SessionID.

What's the difference between SSO/federation and this OAuth process?

A1- Federation uses SAML(Security Assertion Markup Language) to achieve SSO, Federation, and Identity Management.
OAuth(Open Authorization) is a standard for authorization of resources. It does not deal with authentication


A2-Token X Message Format
SAML deals with XML as the data constructor token format.

OAuth tokens can be binary, JSON, or SAML as explained in OAuth Bearer Tokens.

A3-Transport
SAML has Bindings that use HTTP such as HTTP POST Binding, HTTP REDIRECT Binding, etc.

But there is no restriction on the transport format. You can use SOAP or JMS or any transport you want to use to send SAML tokens or messages.

OAuth uses HTTP exclusively.


Happy coding.


I hope it helps,
Thiago Leoncio
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)