Table of Contents
| Table of Contents |
|---|
...
As a framework Apache HttpComponents HttpClient is be used, a successor of Commons HttpClient.
It seems the most widely used/supported by community framework. It is very simple to find all kind of solutions and workaround already implemented, which makes plugin development and maintenance easy. Framework has a built in support for compession, https tunneling, digest auth and lot of other functions.
...
2.1 STEP 1 - Get XML by XPath
XML parsing is done by default Java DOM parser. Which is able to get items by a specified XPath. XPath is super flexible it allows user to get nodes by attribute value, as well as to group nodes from different parents into single result, as well as chose nodes conditionally etc. etc.
Some XPath examples:
| Code Block |
|---|
/bookstores/bookstore/book[position()<3] //title[@lang] //title[@lang='en'] /bookstores/bookstore/book/price[text()] # convert all subelements to string /bookstores/bookstore/book[price>35.00]/title |
...
| Name | Description | Default | Widget | Validations |
|---|---|---|---|---|
| OAuth2 Enabled | True or false. | false | Radio group | |
| Callback URL | CDAP will start a local server on the given url. Only localhost urls are allowed. For more info click here. This is a URL where service callbacks with authCode after user enters username and password and agrees to grant the permissions. This URL is also usually configured when registering the OAuth2 application in the service (e.g. Twitter). If the URL registered there is not equal to the one we send, OAuth2 will get denied. | http://localhost:27435 | Text Box | Fail is hostname does not resolve to loopback address or if port is already in use. |
| Auth URL | A page, where the user is directed to enter his credentials. Example: https://www.facebook.com/dialog/oauth | Text Box | Assert to be empty if OAuth2 is disabled and the not empty if enabled. | |
| Token URL | A page, where CDAP can exchange authCode for accessToken and refreshToken. Or refresh the accessToken. | Text Box | Assert to be empty if OAuth2 is disabled and the not empty if enabled. | |
| Client ID | User should obtain this when registering the OAuth2 application in the service (e.g. Twitter). | Text Box | Assert to be empty if OAuth2 is disabled and the not empty if enabled. | |
| Client Secret | User should obtain this when registering the OAuth2 application in the service (e.g. Twitter). | Password | Assert to be empty if OAuth2 is disabled and the not empty if enabled. | |
| Scope | This is optional. Scope is a mechanism in OAuth 2.0 to limit an application's access to a user's account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted. | Text Box | Assert to be empty if OAuth2 is disabled. | |
| Refresh Token | This is populated by the button "Login via OAuth 2.0". Since we save Refresh Token (not an access token which is short lived), this should be done only once, during initial pipeline deployment. For more information click here. | Fail is empty and OAuth2 is enabled. |
...
All the APIs I checked: Google APIs, PayPal, WordPress, Microsoft Azure, Okta support refreshing _ access token. Actually this is parf of RFC. The only API which does not is Facebook. Instead they use concept they have made up called fb_exchange_token. Here's more info. Since facebook is widely spread, I suggest we just add ugly check "if url contains facebook.com" (or talking in fancy Java terms create a factory class, which creates oauth2 handlers depending on url provided) than save long-lived-access token instead of refreshToken and do a refresh the way facebook wants. The factory can than be used to implement behavior for other services with non-default oauth2 implementations.
...
| Name | Description | Default | Widget | Validations |
|---|---|---|---|---|
| Keystore File | Path to a keystore file | Text Box | Check if file exists | |
| Keystore Type | According to Oracle docs. There are 3 supported keystore types. Possible values:
| JKS | Radio Group | |
| Keystore Password | Leave empty if keystore is not password protected | Password | Try to load keystore with given password | |
| Keystore Key Algorithm | SunX509 is default in Java. | SunX509 | Text Box | |
| TrustStore File | Path to a truststore file. If empty use default Java truststores. | Text Box | Check if file exists | |
| TrustStore Type | According to Oracle docs. There are 3 supported truststore types. Possible values:
| JKS | Radio Group | |
| TrustStore Password | Leave empty if keystore is not password protected | Password | Try to load truststore with given password | |
| Truststore Trust Algorithm | SunX509 | Text Box | ||
| Transport Protocols | User can add multiple protocols. Which will be offered by client during handshake. | TLSv1.2 | Array | Validate if names are correct |
| Cipher Suites | User can add multiple cipher suites. They will be offered by client during handshake. If empty use default cipher suites. This is textBox with comma separated list of ciphers. Since sometimes there can be 20, 30 or more ciphers it is not usable for user to add every one of them manually into an array. | Text Box | Validate if supported by current java implementation |
...