Sunday, September 17, 2017

Jackson and JAXB annotations


what is this article about?

When using REST apis that expose JSON objects, the popular solution is to decorate your Java objects with annotations (like \@JsonProperty) and have the underlying framework serialize your objects to JSON. But what happens when your java objects were created from xsd-s? This article shows one way to handle this with minimal changes.

what are Jackson and JAXB annotations?

Jackson annotations are annotations that control how a java object get serialized into JSON. An example of this that is widely used is \@JsonProperty. More about Jackson annotations at http://www.baeldung.com/jackson-annotations

JAXB annotations are annotations that control how a java object gets serialized into XML (mostly). However, these can be used to serialize into JSON also. More about JAXB annotations at http://www.techferry.com/articles/jaxb-annotations.html

where do they come from?

JAXB annotations usually come from xjc which is used to create java classes from xsd specifications. Jackson annotations are usually added manually to java classes.

how are they used?

When you need to serialize a java object into JSON (usually for the result of a REST api), a Jackson ObjectMapper is used (usually by the framework). This objectmapper may be configured to use Jackson annotations or JAXB annotations or both. When the objectmapper.readValueAsString() is used to convert an object to json, it will use the runtime annotations within the object to serialize field-names and format values appropriately. If both annotations are configured, then the order in which they are specified determines which one is used.


 AnnotationIntrospector annotationInspector = new AnnotationIntrospectorPair(

new JacksonAnnotationIntrospector(), 
                                                new JaxbAnnotationIntrospector(
                                                      objMapper.getTypeFactory())
 objMapper.setAnnotationIntrospector(annotationInspector);

how to use JAXB annotations in Consumers?

When consuming the rest apis as a client, you can use javax.ws.rs.client.Client. More about how to use this is https://dennis-xlc.gitbooks.io/restful-java-with-jax-rs-2-0-2rd-edition/en/part1/chapter8/client_and_web_target.html .

The Client can be configured to use a JacksonJaxbJsonProvider. This is achieved by getting a client from a ClientBuilder which is configured to use the JacksonJaxbJsonProvider. Then whenever the WebTarget uses any java objects for input/output, it will serialize these with both Jackson and Jaxb annotations. 

how to use JAXB annotations in Producers?

Jersey applications by default use JAXB and Jackson annotations. See https://github.com/jasonray/jersey-starterkit/wiki/serializing-a-pojo-to-xml-or-json-using-jaxb for more information.





Posted by at No comments:

Wednesday, November 25, 2015

Anatomy of an application that uses Google OAUTH2

Ever wondered how the login to Google and Facebook buttons work on many web-applications? In a nutshell, these web-applications rely on Google/Facebook to handle the user identification piece and then Google/Facebook shares some information about the user with the web-application. This relieves the web-application from having to devise a login mechanism and store passwords, and also relieves the user from having to remember multiple usernames and passwords. So, WIN-WIN.

Suppose you are setting up a web-application that would like to use google's login. Your web-app runs at http://www.example.com/tracker (or http://localhost:3000/) . So, how do you integrate with Google's login?

Turns out, it can be done in 4 steps:

1. register your application with Google. After all, Google needs to know who is using it's login service. This step creates a client-id (which is used to identify your application) and a client-secret (something that is used by your application in communicating with Google).

2. The user gets a code from Google. This is done by clicking a button or link on your web application that makes a request to Google. This request has your client-id and an endpoint that should be called after successful login. The endpoint is something like http://localhost:3000/google_auth, and will be called after successful login.

3. The web-application exchanges the  code for an authorization token. The authorization token is recognized by Google services. The web-application's client-secret is used to verify that it is your application which is involved in this transaction.

4. The authorization token is used to query the Google's Oauth2 webservice to get the user profile.

Registration

In order to use Google's services, you need to register your application. This involves creating a project in Google Developer Console and setting up credentials for the application(project). At the end of this step, you will have a client-id (a public id that is used to identify your application), a client-secret (which is known only to your application and is used to exchange code for tokens), and a set of well known endpoints in your application that google knows it's OK to redirect users back to after successful authentication.

Steps 2..4

A sequence of what needs to happen in steps 2..4 to get the user's identity is as follows.






Posted by at No comments:
Subscribe to: Posts (Atom)