Socializing Spring Applications

Engineering | Craig Walls | November 03, 2010 | ...

Increasingly, web surfers are using the internet to connect with friends, family, and colleagues using social networking sites. Conversations that once took place over email are now taking place in short messages written on someone's Facebook wall or in a brief tweet on Twitter. Connections once made with a handshake are now created using LinkedIn. And when a face-to-face meetings are desired, travel details can be shared using TripIt.

Just as people are using these social networking sites to interact with each other, businesses are also finding ways to inject themselves into the social graph so that they can connect in a more personal way with their customers and also make their web sites an extension of their customers' social experiences.

This week, we are pleased to have released the first milestone of Spring Social, a new extension to Spring that aims to provide a platform upon which social-ready Spring applications may be built. I thought I'd take this opportunity to introduce you to Spring Social and give you a taste of what it offers.

Securely Sharing Social Data

On the surface, developing applications that interact with the various social networks may appear straightforward. Since most of the social networks offer a REST API, Spring's RestTemplate would seem to be all you need. But you'll quickly discover that those social REST APIs are protected by OAuth and that signing a request sent through RestTemplate with OAuth credentials is a non-trivial task.

OAuth is an open protocol that enables a user to share their data hosted on one or more service providers with another application. With access to that data, the application can aggregate, present, and process the information in ways that provide additional value beyond what the service providers themselves ever intended or imagined.

Virtually all of the major service providers support OAuth, including Twitter, Facebook, LinkedIn, TripIt, and Foursquare, as well as the Google and Yahoo APIs. Therefore, OAuth is essential to developing social-ready applications.

At the beginning of an OAuth-secured interaction is a back-and-forth conversation that is commonly known as the "OAuth Dance". In a typical OAuth Dance, there are three parties involved:

  • The service provider (such as Twitter or LinkedIn)
  • The user who wants to access or update data hosted by that service provider.
  • The consumer application that the user wants to share their data with.

The key steps in this dance are as follows:

  1. The consumer application directs the user to the service provider's site to sign in and authorize the consumer.
  2. Assuming that the user agrees to grant the consumer access to their data, the flow is sent back to the consumer application.
  3. The consumer application receives an access token from the service provider.

The access token received in step 3 is the "valet key" that must accompany any request to the service provider's REST API. In OAuth 1, this means that the access token, along with the request URL, parameters, and a few other bits of information are collected together in a base string, encrypted, and sent on the request in an Authorization header. Constructing this header and attaching it to the request is a complicated task. This is the reason that using RestTemplate to access OAuth-secured resources is difficult. If you get it wrong, the service provider will respond with an HTTP 401 for any resource you try to access and debugging the encrypted Authorization header is tricky.

Working with Social Templates

A key component of Spring Social is its collection of social templates. These templates (which leverage RestTemplate under the covers) expose operations of the service providers that they model, handling the intricacies of adding OAuth Authorization headers for you.

Spring Social 1.0.0.M1 includes 4 social templates to choose from:

  • TwitterTemplate
  • FacebookTemplate
  • LinkedInTemplate
  • TripItTemplate

To use any of these templates, simply create an instance of it, providing the OAuth connection details through constructor arguments. For example, to create an instance of TwitterTemplate:

TwitterTemplate twitter = new TwitterTemplate(apiKey, apiSecret, accessToken, accessTokenSecret);

The four parameters to TwitterTemplate's constructor are all Strings values. The API key and API secret are given to you when you register your application with Twitter (see http://dev.twitter.com/apps/new). The access token and access token secret are granted to your application on a per-user basis at the end of the OAuth Dance with Twitter. At this point, I'm going to assume that you've already obtained all four of these values; we'll circle back to how to manage API keys and tokens a little later.

Creating instances of the other social templates isn't much different. LinkedInTemplate and TripItTemplate each have constructors with the same argument list as the TwitterTemplate constructor shown above. Since Facebook's API security is based on OAuth 2, FacebookTemplate has a slightly simpler constructor that only requires the value of the access token:

FacebookTemplate facebook = new FacebookTemplate(accessToken);

Once you have an instance of one of these social templates, what can you do with it? If you're using TwitterTemplate, perhaps you want to know the authenticated user's Twitter screen name:

String screenName = twitter.getProfileId();

Or for something a bit more involved, maybe you could send a tweet on behalf of the user:

twitter.updateStatus("Hey, I'm tweeting with #Spring Social!");

Similarly, with a FacebookTemplate in hand, you can post to the user's wall:

facebook.updateStatus("Spring Social can also post to Facebook!");

And if you want to examine a user's upcoming travel itineraries, TripItTemplate's getTrips() can oblige:

List trips = tripIt.getTrips();
for(Trip trip : trips) {
    System.out.println("I'm traveling to " + trip.getPrimaryLocation() +
                                 " on " + trip.getStartDate());
}

This is just a sampling of the kinds of things you can do with Spring Social's templates. Check out the API documentation to see the other operations that are available.

Managing OAuth Connections

When I created the TwitterTemplate instance above, I glossed over where the API key/secret and the access token came from. Initially, the access token would be received after a user authorizes the application to access their data hosted on the service provider. But you probably don't want to force your users to perform authorization every time they use your application, so you'll need a way to store the access tokens long-term for reuse in future sessions.

In its first milestone release Spring Social doesn't provide an OAuth token management strategy, leaving it up to the application to obtain and manage OAuth details for itself. This is something that we intend to address for 1.0 Milestone 2. In the meantime, however, we can look to Greenhouse for an example of how this might take shape.

In Greenhouse, all of the information about a service provider is stored in a relational database in a ServiceProvider table with the following schema:

As you can see, the ServiceProvider table includes, among other things, the provider's API key and secret. To access an individual service provider record, Greenhouse uses JdbcServiceProviderFactory, an implementation of a ServiceProvider interface:

package com.springsource…

Spring Python 1.2.0.RC1 is released!

Engineering | Greg L. Turnquist | November 03, 2010 | ...

After many months of work, Spring Python's first 1.2 release is available.

The project has migrated its documentation to Sphinx, the same tool used for documenting the Python language itself. You can visit the project site and view it in HTML or download an epub version for viewing on a smart phone or tablet device.

This version of Spring Python transitions to Python 2.6, dropping support for 2.4 and 2.5. This means the team is gearing up to utilize many of the newer features of Python, which also paves the way to transition towards Python 3.x at some time in the future.

Spring Python has…

Spring Integration 2.0 Release Candidate 1

Engineering | Mark Fisher | October 29, 2010 | ...

We are pleased to announce the first release candidate of Spring Integration 2.0! Download | Reference Manual | JavaDoc

I thought I would take the opportunity to provide a general "what's new?" guide. There are actually too many new features and improvements to cover them all in a single post, but I will focus on some of the highlights. We will be posting more blogs as we get closer to the 2.0 GA release. For now, this post is roughly based on a session that Oleg and I presented last week at SpringOne. That presentation was mostly demo-driven, and the code is available in our Git repository.

A Big Hop Forward: Spring Roo 1.1.0 Is Released!

Engineering | Ben Alex | October 27, 2010 | ...

After more than ten months of development and nearly 900 individual improvements, Spring Roo 1.1.0 has been released (download here)! Coinciding with the Spring Roo 1.1.0 GA release, the Google Web Toolkit, SpringSource Tool Suite, AspectJ and AJDT teams have completed supporting GA releases so that you can enjoy the latest versions of these tools all working nicely together.

We've introduced so many new features in Spring Roo 1.1.0 that it's difficult to decide what to highlight. Nevertheless, let's take a brief tour over some of the goodies we've added for your Java programming pleasure.

Incremental Database Reverse Engineering

It's now possible to reverse engineer an existing relational database and automatically create Roo entities with corresponding fields. But hasn't it been possible to do that using JPA tools for a long time? Yes, absolutely. The key difference is Roo's database reverse engineering is incremental. This means that when Roo reverse engineers a database, it places all of the fields it discovers into inter-type declarations (ITDs). This is consistent with the rest of Roo, and allows Roo to easily deliver round-trip maintenance of the reverse engineered entity. In particular, you can re-introspect a database repeatedly to identify any changes while ensuring any code you've written in the .java sources is preserved. Roo will even delete entities that no longer exist (unless of course you've asked Roo not to) and Roo automatically handles complex situations like composite primary keys (complete with identifier class creation and maintenance…

Introducing GORM for Gemfire

Engineering | Graeme Rocher | October 26, 2010 | ...

One of the many reasons for the rise of NoSQL datastores is the need to scale applications beyond their traditional comfort zone in the relational world. The irony is that Gemfire has been doing exactly this long before the term NoSQL was even coined by providing scale to some of the largest financial organizations in the world.

Gemfire is far more than a cache, but a complete data fabric with support for Grid Computing, Map/Reduce, continuous queries and transactional write-behind.

For those of you who attended the keynote at the hugely successful SpringOne2GX conference this may be old news. For the rest today I am pleased to announce the availability of the GORM for Gemfire

SpringOne2GX 2010: Driving Java Innovation into the Cloud

Engineering | Rod Johnson | October 22, 2010 | ...

We are currently celebrating our 6th SpringOne 2GX developer show—since last year, also a celebration of Groovy and Grails. As always, it’s great to hang out with the developer community that has made Spring the phenomenon it is. This year, we not only have record attendance (doubled over last year!) and a fantastic roster of partners (headed by Google, salesforce.com and Accenture), but an unusually large number of initiatives to share with our community.

With so many topics to discuss this could easily turn into the longest blog post in history. Instead, let’s address some of the highlights…

Spring 3 on a Java EE 6 server

Engineering | Juergen Hoeller | October 20, 2010 | ...

Spring on Java EE 6 - a viable combination? Can you easily continue to use Spring when you have a Java EE 6 server to deploy to? At this year's edition of the SpringOne conference which kicked off just a few hours ago, I'll once again be presenting a session on Spring and EE 6: now with a focus on GlassFish 3 as an actually available (and at this point, still the only available) EE 6 server for production environments. As a sneak preview, here are four key considerations taken from that presentation...

1. A Java EE 6 server like GlassFish 3 is a fine runtime environment for Spring 3

GlassFish 3 provides a lot of out-of-the-box middleware: Servlet 3.0, JSF 2.0, JPA 2.0, as…

VMware vFabric GemFire 6.5: modern data management for modern applications

Engineering | Adam Fitzgerald | October 12, 2010 | ...

Just some of the properties of new, modern applications are that they tend to be highly interactive, data rich, include business processes, and are available over the web from PCs and mobile devices. Powering these applications are platforms that leverage virtualized infrastructure, provide just the right amount of functionality and can scale easily as demand shifts.

VMware’s vFabric Cloud Application Platform is just such a platform designed to run Spring applications most efficiently and deliver the modern application experience. An essential component of this platform is vFabric GemFire. vFabric GemFire in-memory distributed data management brings data to applications with low latency, high reliability and linear, dynamic scalability. We are pleased to announce vFabric GemFire version 6.5

Gemini Web Release Candidate

Engineering | Glyn Normington | October 04, 2010 | ...

The first release candidate of the Gemini Web project is available for download. See the bug list for what's changed since milestone 4. Thanks to Violeta Georgieva of SAP for her continued contributions.

The project is due for an Eclipse review on 20 October so that it can graduate from incubation and ship a 1.1.0 release by the end of October. The Virgo project, which depends on Gemini Web, should also graduate and ship its 2.1.0 release concurrently with Gemini Web.

New Spring Integration Samples

Engineering | Oleg Zhurakousky | September 29, 2010 | ...

Based on your overwhelming requests for more Spring Integration samples and more usable structure we are pleased to make the following announcement:

Starting with the current release of Spring Integration the samples will no longer be included with Spring Integration distribution. Instead we've switched to a much simpler collaborative model that should promote better community participation and community contributions. Samples now have a dedicated Git SCM repository and a dedicated JIRA Issue Tracking system. Sample development will also have its own lifecycle which is not dependent on the…

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all