Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Table of Contents

...

As a framework Apache HttpComponents HttpClient is be used, a successor of Commons HttpClient.

It seems the most widely used/supported by community framework. It is very simple to find all kind of solutions and workaround already implemented, which makes plugin development and maintenance easy. Framework has a built in support for compession, https tunneling, digest auth and lot of other functions.

...

2.1 STEP 1 - Get XML by XPath

XML parsing is done by default Java DOM parser. Which is able to get items by a specified XPath. XPath is super flexible it allows user to get nodes by attribute value, as well as to group nodes from different parents into single result, as well as chose nodes conditionally etc. etc. 

Some XPath examples:

Code Block
/bookstores/bookstore/book[position()<3]
//title[@lang]
//title[@lang='en']
/bookstores/bookstore/book/price[text()] # convert all subelements to string
/bookstores/bookstore/book[price>35.00]/title

...

NameDescriptionDefaultWidgetValidations
OAuth2 EnabledTrue or false.falseRadio group
Callback URL

CDAP will start a local server on the given url. Only localhost urls are allowed. For more info click here.

This is a URL where service callbacks with authCode after user enters username and password and agrees to grant the permissions.

This URL is also usually configured when registering the OAuth2 application in the service (e.g. Twitter). If the URL registered there is not equal to the one we send, OAuth2 will get denied.

http://localhost:27435Text BoxFail is hostname does not resolve to loopback address or if port is already in use.
Auth URL

A page, where the user is directed to enter his credentials.

Example: https://www.facebook.com/dialog/oauth



Text BoxAssert to be empty if OAuth2 is disabled and the not empty if enabled.
Token URL

A page, where CDAP can exchange authCode for accessToken and refreshToken. Or refresh the accessToken.

Example: https://graph.facebook.com/v3.3/oauth/access_token


Text BoxAssert to be empty if OAuth2 is disabled and the not empty if enabled.
Client IDUser should obtain this when registering the OAuth2 application in the service (e.g. Twitter).
Text BoxAssert to be empty if OAuth2 is disabled and the not empty if enabled.
Client Secret

User should obtain this when registering the OAuth2 application in the service (e.g. Twitter).


PasswordAssert to be empty if OAuth2 is disabled and the not empty if enabled.
Scope

This is optional.

Scope is a mechanism in OAuth 2.0 to limit an application's access to a user's account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted.


Text BoxAssert to be empty if OAuth2 is disabled.
Refresh TokenThis is populated by the button "Login via OAuth 2.0". Since we save Refresh Token (not an access token which is short lived), this should be done only once, during initial pipeline deployment. For more information click here.

Fail is empty and OAuth2 is enabled.

...

  1. Once the user clicks the button, UI runs showPageToUser to get url and headers from plugin using post-function. Example of return from plugin:

    Code Block
    url = https://www.facebook.com/v3.3/dialog/oauth?
      client_id=3MVG96_7YM2sI9wT6c13RTPp6RDeRBPFc0F5sYfIrKBZPdTK2Yr7jiTwq8u3ykXyBHtlf3lnNMWSN1rqfjA_y
      &redirect_uri=104.34.33.55:25423http://localhost:27435
    headers = {} # empty

    On the side note: The url syntax is established by an RFC: https://tools.ietf.org/html/rfc6749#section-4.1.1

    IMPORTANT: During this call plugin will also start a callback server (for more information click here)

  2. UI shows the page.
  3. Once the page is closed, ui does another call to plugin.
    During this call plugin waits for a callback to be complete. Than exchanges received authCode to pair accessToken, refreshToken and return it back to UI.
  4. UI populates the widget field refreshToken with the value. 

...

NameDescriptionDefaultWidgetValidations
Keystore FilePath to a keystore file
Text BoxCheck if file exists
Keystore Type

According to Oracle docs. There are 3 supported keystore types.

Possible values:

  • Java KeyStore (JKS)
  • Java Cryptography Extension KeyStore (JCEKS)
  • PKCS #12
JKSRadio Group
Keystore PasswordLeave empty if keystore is not password protected
PasswordTry to load keystore with given password
Keystore Key AlgorithmSunX509 is default in Java.SunX509Text Box
TrustStore FilePath to a truststore file. If empty use default Java truststores.
Text BoxCheck if file exists
TrustStore Type

According to Oracle docs. There are 3 supported truststore types.

Possible values:

  • Java KeyStore (JKS)
  • Java Cryptography Extension KeyStore (JCEKS)
  • PKCS #12
JKSRadio Group
TrustStore PasswordLeave empty if keystore is not password protected
PasswordTry to load truststore with given password
Truststore Trust Algorithm
SunX509Text Box
Transport ProtocolsUser can add multiple protocols. Which will be offered by client during handshake.TLSv1.2ArrayValidate if names are correct
Cipher Suites

User can add multiple cipher suites. They will be offered by client during handshake.

If empty use default cipher suites.

This is textBox with comma separated list of ciphers. Since sometimes there can be 20, 30 or more ciphers it is not usable for user to add every one of them manually into an array.


Text Box

Validate if supported by current java implementation

...