OAuth2 - In a Simple Way

Last week I started playing with OAuth 2.0. I started with a github project called spring-security-oauth. I checked the sample OAuth 2 provider sparklr and OAuth 2 client tonr. But I could not get much from the sample example and the documentation provided. I explored a bit in the internet and finally could able to conclude some thing. I created a sample provider and checked all authorization on that. Now, I am here to explain different aspects of OAuth 2.0 from the practical point of view. I will try my best to present a modular and easy explanation here.

Many services such as Facebook, Github, and Google have already implemetated OAuth 2.0. That is why today most of the web sites using google/ facebook for authentication and authorization. They work as resource server, from where other clients fetch profile informations.

This post is an attempt to describe OAuth 2.0 in a simplified format to help developers and service providers implement the protocol.

I will be covering the following topics in this article.

1. Entities
2. Creating an Application
3. Authorization

a. Web Server Apps
b. Browser-Based Apps
c. Mobile Apps
d. Others
4. Accessing Resources
5. Resources

OAuth 2 Entites

Entities:

OAuth Server:

This is also known as OAuth Provider. It's whole responsibility is to authenticate and authorize user/ client and manage the tokens. 

The Third-Party Application:

Third-Party Application popularly known as client, is going to attempt to get access to the user's account. It needs to get permission from the user, before it can do so. This could be a web server based application, browser based application, desktop application, mobile/tablet application or some smart devices like google Goggles and smart televisions. 

Resource Server:

The API popularly known as Resource Server, from where the data will be fetched out or served. This could be the SOAP or REST based service providers.

The User:

The User popularly known as Resource Owner, who gives access to access the resource.

Creating an Application:

Before you can begin the OAuth process, you must first register a new app with the service/provider. When registering a new app, you usually register basic information such as application clint id, secret, authorized-grant-types etc. In addition, you must register a redirect URI to be used for redirecting users to for web server, browser-based, or mobile apps.

Redirect URIs:

The service will only redirect users to a registered URI, which helps prevent some attacks. Any HTTP redirect URIs must be protected with SSL security, so the service will only redirect to URIs beginning with "https". This prevents tokens from being intercepted during the authorization process.

Client ID and Secret:

After registering your app, you will be having your client ID and a client secret. The client ID is considered public information, and is used to build login URLs, or included in Javascript source code on a page. The client secret must be kept confidential. If a deployed app cannot keep the secret confidential, such as Javascript or native apps, then the secret is not used.

Authorization:

The first step of OAuth 2 is to get authorization from the user. For browser-based or mobile apps, this is usually accomplished by displaying an interface provided by the service to the user.

OAuth 2 provides several grant types for different use cases. The grant types defined are:

Authorization Code for apps running on a web server

Implicit for browser-based or mobile apps

Password for logging in with a username and password

Client credentials for application access

Web Server Apps

Web apps are written in a server-side language and run on a server where the source code of the application is not available to the public.

Authorization request:

http://localhost:8080/oauth2/oauth/authorize?response_type=code&client_id=easylocate&scope=read&redirect_uri=http://localhost:8080/web

After accepting the access. the page will be redirected to the redirect uri with the authorization code.

http://localhost:8080/web/?code=t7ol7D

Now it is time to exchange the authorization code to get the access token.

http://localhost:8080/oauth2/oauth/token?grant_type=authorization_code&code=t7ol7D&redirect_uri=http://localhost:8080/web&client_id=easylocate&client_secret=secret

The OAuth server replies with the access token

1 2 3 4 5 6 7

{ "access_token": "372c3458-4067-4b0b-8b77-7930f660d990", "token_type": "bearer", "refresh_token": "ce23c924-3f28-456c-a112-b5d02162f10c", "expires_in": 37364, "scope": "read" }

In case of wrong authorization code, Oauth server replies error.

1 2 3 4

{ "error": "invalid_grant", "error_description": "Invalid authorization code: t7olD" }

Security: Note that the service should require apps to pre-register their redirect URIs. Or else there will be a mismatch.

Browser-Based Apps & Mobile Apps:

Browser-based apps run entirely in the browser after loading the source code from a web page. Since the entire source code is available to the browser, they cannot maintain the confidentiality of their client secret, so the secret is not used in this case.

Authorization request:

http://localhost:8080/oauth2/oauth/authorize?response_type=token&client_id=easylocate&redirect_uri=http://localhost:8080/web&scope=read

After accepting the access. the page will be redirected to the redirect uri with the token.

http://localhost:8080/web/#access_token=372c3458-4067-4b0b-8b77-7930f660d990&token_type=bearer&expires_in=37026

That's it, there's no other steps! At this point, some Javascript code can pull out the access token from the fragment (the part after the #) and begin making API requests.

If there is an error, you will instead receive an error in the URI fragment, such as:

http://localhost:8080/web/#error=invalid_scope&error_description=Invalid+scope%3A+rea&scope=read+write

Password Based:

OAuth 2 also provides a password grant type which can be used to exchange a username and password for an access token directly. Since this obviously requires the application to collect the user's password, it should only be used by apps created by the service itself. For example, the native Twitter app could use this grant type to log in on mobile or desktop apps.

To use the password grant type, simply make a POST request like the following. I am using the curl tool to demonstrate the POST request. You may use any rest client.

curl -i -X POST -d "client_id=easylocate&grant_type=password&username=admin&password=admin&client_secret=secret" http://localhost:8080/oauth2/oauth/token

The server will get back with the token

1 2 3 4 5 6 7

{ "access_token": "4e56e9ec-2f8e-46b4-88b1-5d06847909ad", "token_type": "bearer", "refresh_token": "7e14c979-7039-49d0-9c5d-854efe7f5b38", "expires_in": 36133, "scope": "read write" }

Client Credential Based:

Client credentals based authorization is used for server to server application access. I am just showing a POST request using the curl tool.

curl -i -X POST -d "client_id=easylocate&grant_type=client_credentials&client_secret=secret" http://localhost:8080/oauth2/oauth/token

Server will get back with the access token

1 2 3 4 5 6

{ "access_token": "9cd23bef-ae56-46b0-82f5-b9a8f78da569", "token_type": "bearer", "expires_in": 43199, "scope": "read write" }

Accessing Resources:

Once you are been authenticated and got the access token, you can provide the the access token to access the protected resources.

1	curl -i -H "Authorization: Bearer 4e56e9ec-2f8e-46b4-88b1-5d06847909ad" http://localhost:8080/oauth2/users

I have created my OAuth2 server/provider using spring oauth2 api. I will be creating deferent types of clients and services to demonstrate more. I am not that good in mobile app development, appreciate if some one fork the project and add sample mobile applications. I have shared the code at GitHub.

Resources:

http://blog.cloudfoundry.org/2012/10/09/oauth-rest/

http://techblog.hybris.com/2012/08/10/oauth2-server-side-implementation-using-spring-security-oauth2-module/

http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/admin-guide/index/chap-oauth2.html

https://github.com/SpringSource/spring-security-oauth

https://github.com/karasatishkumar/easylocate

http://resthub.org/java/oauth2.html

Read More

@RequestParam - JAX-RS

For this tutorial, I will be using the workspace created in my tutorial RESTful Web Service with Spring 3.1. So I suggest you to read RESTful Web Service with Spring 3.1, before start reading this tutorial. In JAX-RS, you can use @RequestParam annotation to inject URI query parameter into Java method and in this tutorial I will demonstrate how to use this using Spring 3.1.0.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54

package com.techiekernel.service; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import com.techiekernel.model.FooBar; import com.techiekernel.model.FooBarSet; /** * This exmaple has been created to demonstrate the @RequestParam for JAX-RS * * @author satish * */ @Controller @RequestMapping("/foobaresample3") public class FooBarServiceExample3 { static FooBarSet fooBarSet; static { fooBarSet = new FooBarSet(); FooBar foobar = null; for (int i = 0; i < 10; i++) { foobar = new FooBar(i, "TechieKernel" + i); fooBarSet.add(foobar); } } @RequestMapping(method = RequestMethod.GET, headers = "Accept=application/xml, application/json", produces = { "application/json", "application/xml" }) @ResponseBody public FooBar getFoobar(@RequestParam int foobarId) { for (FooBar foobar : fooBarSet) { if (foobar.getId() == foobarId) return foobar; } return null; } @RequestMapping(value= "/name" ,method = RequestMethod.GET, headers = "Accept=application/xml, application/json", produces = { "application/json", "application/xml" }) @ResponseBody public FooBar getFoobar(@RequestParam int foobarId, @RequestParam String name) { for (FooBar foobar : fooBarSet) { if (foobar.getId() == foobarId && foobar.getName().equalsIgnoreCase(name)) return foobar; } return null; } }

Now it is time to test the web service for different inputs..

1 2 3

curl -i "http://springmvc-rest.cloudfoundry.com/foobaresample3?foobarId=1" -X GET curl -i "http://springmvc-rest.cloudfoundry.com/foobaresample3/name?foobarId=1&name=techiekernel1" -X GET

I have deployed the application in cloud space and it is available for you to test. You can use the above URLs to test from your side..

Source Code:

You can pull the source code from GitHub. 

Read More

@PathParam - JAX-RS

For this tutorial, I will be using the workspace created in my tutorial RESTful Web Service with Spring 3.1. So I suggest you to read RESTful Web Service with Spring 3.1, before start reading this tutorial. In JAX-RS, you can use @PathParam to inject the value of URI parameter that defined in @Path expression, into Java method and in this tutorial I will demonstrate how to use this using Spring 3.1.0. 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63

package com.techiekernel.service; import java.util.Iterator; import org.springframework.stereotype.Controller; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import com.techiekernel.model.FooBar; import com.techiekernel.model.FooBarSet; /** * This exmaple has been created to demonstrate the @path for JAX-RS * * @author satish * */ @Controller @RequestMapping("/foobaresample2") public class FooBarServiceExample2 { static FooBarSet fooBarSet; static { fooBarSet = new FooBarSet(); FooBar foobar = null; for (int i = 0; i < 10; i++) { foobar = new FooBar(i, "TechieKernel" + i); fooBarSet.add(foobar); } } /** * Normal URI Mapping with parameter * @param foobarId * @return */ @RequestMapping(value = "/{foobarId}", method = RequestMethod.GET, headers = "Accept=application/xml, application/json", produces = { "application/json", "application/xml" }) @ResponseBody public FooBar getFoobar(@PathVariable int foobarId) { for (FooBar foobar : fooBarSet) { if (foobar.getId() == foobarId) return foobar; } return null; } @RequestMapping(value = "/{foobarId}/{name}", method = RequestMethod.GET, headers = "Accept=application/xml, application/json", produces = { "application/json", "application/xml" }) @ResponseBody public FooBar getFoobar(@PathVariable int foobarId, @PathVariable String name) { for (FooBar foobar : fooBarSet) { if (foobar.getId() == foobarId && foobar.getName().equalsIgnoreCase(name)) return foobar; } return null; } }

Now it is time to test the web service for different inputs..

1 2 3

curl -i "http://springmvc-rest.cloudfoundry.com/foobaresample2/1" -X GET curl -i "http://springmvc-rest.cloudfoundry.com/foobaresample2/1/techiekernel1" -X GET

I have deployed the application in cloud space and it is available for you to test. You can use the above URLs to test from your side..

Source Code:

You can pull the source code from GitHub. 

Read More

@Path - JAX-RS

For this tutorial, I will be using the workspace created in my tutorial RESTful Web Service with Spring 3.1. So I suggest you to read RESTful Web Service with Spring 3.1, before start reading this tutorial. In JAX-RS, you can use @Path to bind URI pattern to a Java method and in this tutorial I will demonstrate how to use this using Spring 3.1.0. In this example, I will show you how to write normal URI mapping, URI mapping with parameter and also show you the use of regular expression to validate the inputs.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93

package com.techiekernel.service; import java.util.Iterator; import org.springframework.stereotype.Controller; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import com.techiekernel.model.FooBar; import com.techiekernel.model.FooBarSet; /** * This exmaple has been created to demonstrate the @path for JAX-RS * * @author satish * */ @Controller @RequestMapping("/foobaresample1") public class FooBarServiceExample1 { static FooBarSet fooBarSet; static { fooBarSet = new FooBarSet(); FooBar foobar = null; for (int i = 0; i < 10; i++) { foobar = new FooBar(i, "TechieKernel" + i); fooBarSet.add(foobar); } } /** * Normal URI Mapping with parameter * @param foobarId * @return */ @RequestMapping(value = "/{foobarId}", method = RequestMethod.GET, headers = "Accept=application/xml, application/json", produces = { "application/json", "application/xml" }) @ResponseBody public FooBar getFoobar(@PathVariable int foobarId) { for (FooBar foobar : fooBarSet) { if (foobar.getId() == foobarId) return foobar; } return null; } /** * Normal URI Mapping * @return */ @RequestMapping(method = RequestMethod.GET, headers = "Accept=application/xml, application/json", produces = { "application/json", "application/xml" }) @ResponseBody public FooBarSet getFoobars() { return fooBarSet; } /** * URI mapping and regular expression * @param foobarId * @return */ @RequestMapping("/id/{foobarId:\\d+}") @ResponseBody public FooBar getFoobarById(@PathVariable int foobarId) { for (FooBar foobar : fooBarSet) { if (foobar.getId() == foobarId) return foobar; } return null; } /** * URI mapping and regular expression * @param foobarName * @return */ @RequestMapping("/name/{foobarName:[a-zA-Z_0-9]+}") @ResponseBody public FooBar getFoobarByName(@PathVariable String foobarName) { for (FooBar foobar : fooBarSet) { if (foobar.getName().equalsIgnoreCase(foobarName)) return foobar; } return null; } }

Now it is time to test the web service for different inputs..

1 2 3 4 5 6 7

curl -i "http://springmvc-rest.cloudfoundry.com/foobaresample1/" -X GET curl -i "http://springmvc-rest.cloudfoundry.com/foobaresample1/1" -X GET curl -i "http://springmvc-rest.cloudfoundry.com/foobaresample1/id/1" -X GET curl -i "http://springmvc-rest.cloudfoundry.com/foobaresample1/name/techiekernel1" -X GET

If the inputs will be failed as per the regular expression, you will get a HTTP 404 response. I have deployed the application in cloud space and it is available for you to test. You can use the above URL to test from your side..

Source Code:

You can pull the source code from GitHub. 

Read More

RESTful Web Service with Spring 3.1

I posted lot of tutorials to create RESTful web services using different APIs like JAX-RS With GlassFish Jersey, JAX-RS With Jboss RESTEasy and JAX-RS With Apache CXF. I also posted the tutorials for Spring integration in Spring And Jersey, Spring and RESTEasy and Spring And CXF. But when it comes to RESTful web services, I personally like to use Spring 3.1 MVC. Some time back when RESTful web services were booming in industry, SpringSource developers released Spring 3.1 with REST support. They used the existing Spring MVC request mapping and took the help of JAX-RS 2.0 implementation for JSON and XML marshaling/ demarshaling. That is how they made it very simple.

This tutorial, I am going to demonstrate how to build a RESTful web service using Spring 3.1 MVC. Not only I will be creating a demo, along with that I will be demonstrating the CRUD operation with one of the model object. In this case I will be using FooBar as model object.

I am going to use the following tools and technologies in this turorial.

• Spring 3.1.0.RELEASE
• jackson-mapper-asl 1.9.9
• jaxb-api 2.2.7
• JDK 1.7
• Tomcat 7.0
• Maven
• Eclipse 

I am going to take you to the following areas in this tutorial.

• Service/Controller
• Model Class
• Spring MVC Context Configuration
• Spring Integration With Web Container
• Application Deployment
• Testing
• Source Code

Before start coding let's create a dynamic web project using the following maven command.

1	mvn archetype:generate -DgroupId=com.techiekernel.rest -DartifactId=SpringMVC-REST -DarchetypeArtifactId=maven-archetype-webapp -DinteractiveMode=false

After executing, the project will be get created with pom.xml file. As I am using JDK 7 and annotations, I have to specify the updated maven plugin. After giving the Jackson, JAXB and Spring dependency, the pom.xml looks as following.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.techiekernel.rest</groupId> <artifactId>SpringMVC-REST</artifactId> <packaging>war</packaging> <version>1.0-SNAPSHOT</version> <name>SpringMVC-REST Maven Webapp</name> <url>http://maven.apache.org</url> <properties> <jackson-mapper-asl.version>1.9.9</jackson-mapper-asl.version> <jaxb-api.version>2.2.7</jaxb-api.version> </properties> <dependencies> <!-- Spring 3 dependencies --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>3.1.0.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>3.1.0.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>3.1.0.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>3.1.0.RELEASE</version> </dependency> <dependency> <groupId>org.codehaus.jackson</groupId> <artifactId>jackson-mapper-asl</artifactId> <version>${jackson-mapper-asl.version}</version> </dependency> <dependency> <groupId>javax.xml.bind</groupId> <artifactId>jaxb-api</artifactId> <version>${jaxb-api.version}</version> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>2.1.1</version> </plugin> <plugin> <artifactId>maven-compiler-plugin</artifactId> <configuration> <source>1.5</source> <target>1.5</target> </configuration> </plugin> </plugins> <finalName>SpringMVC-REST</finalName> </build> </project>

Service/Controller:

In this case, we are going to write the web service in our Spring MVC controller. As you can see I have created POST, PUT, GET, DELETE methods to demonstrate the CRUD operations on FooBar. All the other configurations  are well self explanatory.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90

package com.techiekernel.service; import java.util.HashSet; import java.util.Iterator; import java.util.Set; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import com.techiekernel.model.FooBar; @Controller @RequestMapping("/foobar") public class FooBarService { static Set<FooBar> fooBars; static { fooBars = new HashSet<FooBar>(); FooBar foobar = null; for (int i = 0; i < 10; i++) { foobar = new FooBar(i, "Techie Kernel " + i); fooBars.add(foobar); } } @RequestMapping(value = "/{foobarId}", method = RequestMethod.GET, headers = "Accept=application/xml, application/json", produces = { "application/json", "application/xml" }) @ResponseBody public FooBar getFoobar(@PathVariable int foobarId) { for (FooBar foobar : fooBars) { if (foobar.getId() == foobarId) return foobar; } return null; } @RequestMapping(method = RequestMethod.GET, headers = "Accept=application/xml, application/json", produces = { "application/json", "application/xml" }) @ResponseBody public Set<FooBar> getFoobars() { return fooBars; } @RequestMapping(value = "/{foobarId}", method = RequestMethod.PUT, headers = "Accept=application/xml, application/json", produces = { "application/json", "application/xml" }, consumes = { "application/json", "application/xml" }) @ResponseBody public FooBar editFoobar(@RequestBody FooBar foobar, @PathVariable int foobarId) { for (FooBar foobar1 : fooBars) { if (foobarId == foobar1.getId()) { foobar1.setId(foobar.getId()); foobar1.setName(foobar.getName()); return foobar1; } } return null; } @RequestMapping(value = "/{foobarId}", method = RequestMethod.DELETE, headers = "Accept=application/xml, application/json", produces = { "application/json", "application/xml" }) @ResponseBody public boolean deleteFoobar(@PathVariable int foobarId) { System.out.println("Delete call."); Iterator<FooBar> fooIterator = fooBars.iterator(); while (fooIterator.hasNext()) { FooBar foobar = fooIterator.next(); System.out.println(foobar); if (foobar.getId() == foobarId) { fooIterator.remove(); return true; } } return false; } @RequestMapping(method = RequestMethod.POST, headers = "Accept=application/xml, application/json", produces = { "application/json", "application/xml" }, consumes = { "application/json", "application/xml" }) @ResponseBody public boolean createFoobar(@RequestBody FooBar fooBar) { return fooBars.add(fooBar); } }

Model Class:

This is the FooBar our model class which has to be marshaled and demarshaled by JAX-RS APIs. So be very care full to annotate @XmlRootElement and @JsonAutoDetect. These two annotations will mark the class for marshaling and marshaling.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62

package com.techiekernel.model; import javax.xml.bind.annotation.XmlRootElement; import org.codehaus.jackson.annotate.JsonAutoDetect; @XmlRootElement @JsonAutoDetect public class FooBar { int id; String name; public FooBar() { this.id = 1; this.name = "Techie Kernel"; } public FooBar(int id, String name) { this.id = id; this.name = name; } public int getId() { return id; } public void setId(int id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; } @Override public String toString() { return "FooBar [id=" + id + ", name=" + name + ", hashCode()=" + hashCode() + "]"; } @Override public int hashCode() { // TODO Auto-generated method stub return this.id; } @Override public boolean equals(Object obj) { if (obj instanceof FooBar) { if(this.id == ((FooBar)obj).id) return true; } return false; } }

Spring MVC Context Configuration:

Now it's time to save the Spring MVC configuration in a xml file. Let's save the mvc-dispacher-servlet.xml in WEB-INF folder.

1 2 3 4 5 6 7 8 9 10 11 12 13 14

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd"> <mvc:annotation-driven /> <context:component-scan base-package="com.techiekernel.service" /> </beans>

Spring Integration With Web Container:

The integration is going to be in web.xml. Register Spring “ContextLoaderListener” listener class and specify the Spring MVC dispacher servlet “org.springframework.web.servlet.DispatcherServlet“ as front controller for all requests.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <display-name>Spring MVC REST</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/mvc-dispatcher-servlet.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <servlet> <servlet-name>mvc-dispatcher</servlet-name> <servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>mvc-dispatcher</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> </web-app>

Application Deployment:

Now every thing is ready and time to build for creating a war file.

1	mvn clean install;

On successful completion of the above command a war file will be get created in target folder. Copy the war file to webapp folder of your tomcat and start the tomcat. For you people to test, I have put the application in the VMWare Cloud. You can access the application using this URL.

Testing:

I could have wrote a Junit test to test all the services. But for a better user experience, I would suggest you to test using one of the REST tools with browser. I am using REST Client addon from Mozzila Firefox. As I have told I am going to demonstrate the CRUD operations on model object FooBar, I will be doing the all four GET, POST, PUT and DELETE operations using the Cloud URL. I would request you not to hit the URLs blindly, as at some time there there will be a change in data or there will be no data, so better hit the GET URL first to see the data status. I will be using UNIX curl command here to give you a idea for testing. 

http://localhost:8080/SpringMVC-REST - localhost tomcat URL

http://springmvc-rest.cloudfoundry.com - Cloud URL

1 2 3 4 5 6 7 8 9 10 11 12 13

Get: curl -i http://springmvc-rest.cloudfoundry.com/foobar -H "accept:application/json" -X GET curl -i http://springmvc-rest.cloudfoundry.com/foobar/1 -H "accept:application/json" -X GET curl -i http://springmvc-rest.cloudfoundry.com/foobar/1 -H "accept:application/xml" -X GET PUT: curl -i http://springmvc-rest.cloudfoundry.com/foobar/1 -H "accept:application/json" -H "content-Type:application/json" -X PUT -d "{ \"id\": 1, \"name\": \"Techie Kernel-modified\"}" POST: curl -i http://springmvc-rest.cloudfoundry.com/foobar -H "accept:application/json" -H "content-Type:application/json" -X POST -d "{ \"id\": 10, \"name\": \"Techie Kernel 10\"}" DELETE: curl -i http://springmvc-rest.cloudfoundry.com/foobar/10 -H "accept:application/json" -X DELETE

Source Code:

You can pull the code from GitHub.

Read More