Introduction to

Spring Socialillustrated in the Europe PMC project

Yuci Gou (ygou@ebi.ac.uk)

Literature Service Group

2017-06-20

1

• Background – Why needed it?

• What is Spring Social & Why chose Spring

Social?

• Underneath Protocol – OAuth 2.0

• Spring Social Architecture

• Spring Social Components

• Spring Social Configuration

• Demo

• References

Agenda

2

Background – Why needed Spring Social in Europe PMC?

3

Background – Why needed Spring Social in Europe PMC?

4

Background – Why needed Spring Social in Europe PMC?

5

Background – Why needed it?

Twitter users!

We had a requirement to allow Twitter users to sign

into Europe PMC by just using their Twitter accounts,

without having to signing up with Europe PMC.

6

What is Spring Social?

• A Spring module

• Enable 3rd party systems to establish connection

with Software-as-a-Service (SaaS) providers,

such as Twitter and Facebook, to

• Authenticate a user, and

• Invoke APIs on behalf of the user

7

Why chose Spring Social?

• Twitter is an OAuth based service provider, which

is supported by Spring Social out of the box.

• Implementing the OAuth 3-legged “dance” is

non-trivial.

• Also Facebook, LinkedIn, Google, GitHub, and

many more.

• Europe PMC front-end is Spring based, already.

8

Underneath Protocol - OAuth

• An open standard for authorization between

computer systems (RFC 6749)

• Allows users to share their private resources stored

on one system (e.g., ORCID, Twitter) with a 3rd party

system (e.g., Europe PMC), without having to give up

their credentials (username, password) to the 3rd

party.

9

OAuth: 3-legged Dance

10

Spring Social Dependencies

<dependency>

<groupId>org.springframework.social</groupId>

<artifactId>spring-social-core</artifactId>

<version>1.1.0.RELEASE</version>

</dependency>

<dependency>

<groupId>org.springframework.social</groupId>

<artifactId>spring-social-web</artifactId>

<version>1.1.0.RELEASE</version>

</dependency>

<dependency>

<groupId>org.springframework.social</groupId>

<artifactId>spring-social-twitter</artifactId>

<version>1.1.0.RELEASE</version>

</dependency>

11

Spring Social Architecture

12

Spring Social Main Components

• Connection<A> interface

• ConnectionFactory interface

• Sign in Controller

• Provider specific modules

13

Components - Connection<A> interface

• Represents the connection to a service provider.

• Enables the client application to access or update

user information using the provider's (such as

Twitter) API.

Note: <A> is a strongly-typed binding to the service provider's API.

14

Components - ConnectionFactory interface

• Two types factory interfaces, such as:

• OAuth1ConnectionFactory<A> interface

• OAuth2ConnectionFactory<A> interface

• Each provider implements one of these factories,

depending on the protocol it uses.

15

Components - Sign in Controller

• A Spring MVC controller

• Guides the user through the sign-in process, handling

the 3 legged OAuth dance for authentication.

• Entry URL: POST /signin/{providerId}

16

Components - Sign in Controller

17

Components - Provider specific modules

• Two important classes:

• The Java API for the service, titled as Provider (e.g. Twitter)

• The provider’s connection factory, titled

ProviderConnectionFactory (e.g.

TwitterConnectionFactory)

18

Components - User Connection Repository

HSQL database schema

CREATE TABLE IF NOT EXISTS UserConnection (

userId varchar(255) NOT NULL,

providerId varchar(255) NOT NULL,

providerUserId varchar(255) DEFAULT '' NOT NULL,

rank INTEGER NOT NULL,

displayName varchar(255) DEFAULT NULL,

profileUrl varchar(512) DEFAULT NULL,

imageUrl varchar(512) DEFAULT NULL,

accessToken varchar(255) NOT NULL,

secret varchar(255) DEFAULT NULL,

refreshToken varchar(255) DEFAULT NULL,

expireTime BIGINT DEFAULT NULL,

PRIMARY KEY (userId,providerId,providerUserId)

);

19

Components - User Connection Repository

Dependencies

<dependency>

<groupId>org.hsqldb</groupId>

<artifactId>hsqldb</artifactId>

<version>2.3.2</version>

</dependency>

20

Components - User Connection Repository

Configuration

21

Configuration - Properties

social.properties

22

Configuration

Connection Factory

23

Configuration

Connection Repository

24

Configuration

Sign in Controller

25

Demo

26

Demo

27

Demo

28

Demo

29

Expand the Spring Social Project Family

30

References

• OAuth 2.0 Official Site & Specifications

• Spring Social Project Official Site

• Spring Social Project Official Document

• Spring Social Twitter Official Document

• Spring Social ORCID (on GitHub) contributed by Europe PMC

• Examples from Europe PMC demonstrating the usage of Spring

Social ORCID

• Web Application (on GitHub)

• RESTful Web Service example and its JavaScript client app (on GitHub)

31

Questions?

Thank You!

32