OpenID (Authentication) & OAuth (Authorization)

OpenID = using login credentials from an OpenID provider (Google) to login to another application (Stack Overflow)

Definition

The OpenID protocol enables websites or applications (Consumers) to grant access their own applications by getting an authentication through another service or application (Provider), without requiring Users to maintain a separate account/profile with the Consumers.

Details

    OpenID Providers (Whose service we use to authenticate an user)

        google.com

        myopenid.com

        yahoo.com

    OpenID RelyingParty (Who uses OpenID as their authentication)

        mywebsite.com

Java Implementation

    JOpenID(http://code.google.com/p/jopenid/)        -    lightweight

    openid4java(http://code.google.com/p/openid4java/)    -    documented

References

http://www.ibm.com/developerworks/java/library/j-openid/index.html

http://pupeno.com/tag/openid/

REST Authentication with OpenID

http://stackoverflow.com/questions/1833184/how-to-use-openid-in-restful-api

http://stackoverflow.com/questions/3531524/restful-api-authentication-recommendation

---

OAuth = Allowing an application (TwitPic) to act on your behalf to and access information from an application that you use (Twitter)

Definition

The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers.

Details

    OAuth Provider     - Server Side (Who secures their service when exposed outside)

        Yahoo

        Google

        Twitter

    OAuth Consumer    - Client Side (Who authenticate their users with Provider to consume data from Provider)

        mywebsite.com

Java Implementation 

Clientside implementation

       Scribe(https://github.com/fernandezpablo85/scribe-java)               - lightweight

Both Serverside & Clientside implementation support

       SpringSecurity/Social(http://static.springsource.org/spring-security/oauth/) - supportive

References
http://oauth.net/documentation/getting-started/
http://oauth.net/core/1.0/
http://oauth.net/2/

REST Authorization with OAuth
http://developers.sun.com/identity/reference/techart/restwebservices.html
http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/
https://github.com/SpringSource/spring-security-oauth/wiki/tutorial    - Tutorial
http://java.dzone.com/articles/spring-mvc-and-scribe-simple        - Tutorial

Please comment if anything I understood is wrong, so that I can correct the post & myself. :)

Cobertura Setup in MultiModule Maven With Jenkins (Draft)

Why we need a code coverage analysis for functional testing?

Reason is simple, tests which are generated out of a requirement specification just tests the functionality and satisfy when it meets the acceptance criteria. But when you see the overall tests which are resulted for the application, you can see lot of dependencies which are never tested at all.

Coverage analysis gives you a very solid statistics saying that these are the tests performed in the system and these are the statements or branches which are executed and these are not at all touched. This will help in tremendously improving the overall testcases which are written for the whole system by covering the untouched by analyzing the coverage report.

 

Out of Scope		Scope		Things Used
Eclipse Project Creation		Maven configurations		Sample Project
Maven Initial Setup		Instrumenting Code		Cobertura
JUnit Selenium Tests		Jenkins configurations		Maven
Cobertura Competencies				JUnit
				Jenkins

---

STEP 1 : Create a simple multi-module maven web project to try it or use the one which you want to report coverage

Fig 1

• Take a help from the maven example here to create a multi-module maven web project

• Considered Fig 1 as a simple structure of such multi-module web project

• Cobertura module - specifically added to generate the coverage report

---

STEP 2 : Modify the pom files to do the instrumentation of the codes

 do-instrumentation
 
  
   
    org.codehaus.mojo
    cobertura-maven-plugin
    ${cobertura.plugin.version}
    
    
    
     
      instrument-code
      process-classes
      
       instrument
      
      
       true
      
     
    
   
  
 
 
  
   net.sourceforge.cobertura
   cobertura-runtime
   ${cobertura.version}
   provided
   pom
  
 

---

STEP 3 : Include the necessary dependencies

---

STEP 4 : Have a separate module for merging & generating the report out of cobertura ser files

---

STEP 5 : Build the whole project to get the instrumented jars & war

---

STEP 6 : Deploy the war and run whatever tests you want to run on the application

---

STEP 7 : Run the Cobertura sub module with the location of ser file and generate the reports

---

STEP 8 : Give all the above tasks from 4 - 6 to Jenkins

---

How to get the version of Oracle database using query?

Its very easy to get the version of Oracle database using a query. It works in most of the Oracle version.

We can execute the following query just as like any other queries and get the result.


SELECT * FROM v$version WHERE banner LIKE 'Oracle%';

Once you execute this query you will get a result set like this,

Hope this is useful!