DruID SDK for Java
On this site, you’ll find everything you need to integrate your page in the DRUID world. The aim of the site is to guide you through the whole process, with direct and simple information, plus practical examples ready to use.
SDK configuration
Once you know the integration process of a website in DRUID, you’ve completed the integration application form and we’ve created the configuration so that your application can integrate with DRUID, you’ll receive a XML configuration file (oauthconf.xml) that you’ll need to be able to execute in the library.
Single client configuration
Place this file inside WEB-INF/classes/config/ folder (inside src/main/java/config if you use a java project with maven layout). Because the file is different for each environment, you need to include respective version of this file for each environment inside war/ear:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
+ project |_ src + |_ main + |_ resources + |_ druid-sdk + |_ dev | + | |_ oauthconf.xml |_ test | + | |_ oauthconf.xml |_ prod + |_ oauthconf.xml ... |
Note that folder is mandatory and name can not be changed. Each folder inside this is the name of the for each environment (see Tomcat 6/7 configuration).
Multi client configuration
If you need a multi-country application, you will receive some oauthconf.xml files. Rename to oauthconf_{clientId}.xml, and place in each environment folder:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
+ project |_ src + |_ main + |_ resources + |_ druid-sdk + |_ dev | + | |_ oauthconf_{clientId1}.xml | |_ oauthconf_{clientId2}.xml | |_ ... |_ test | + | |_ oauthconf_{clientId1}.xml | |_ oauthconf_{clientId2}.xml | |_ ... |_ prod + |_ oauthconf_{clientId1}.xml |_ oauthconf_{clientId2}.xml | |_ ... ... |
Note that folder is mandatory and name can not be changed. Each folder inside this is the name of the for each environment (see Tomcat 6/7 configuration).
What do I have to modify in oauthconf.xml?
Basically, nothing. The library works with the configuration file just as we send it to you. A configuration file will be provided for each of the environments where the library is executed, which should be saved in a folder that indicates the environment.
DRUID provides to the developer with 3 environments:
- Sandbox environment (register.ci.dru-id.com, auth.ci.dru-id.com, graph.ci.dru-id.com,..): This is a copy of the production environment devoted to carrying out integrations: It will help you run trials from your development and staging environment.
- Test environment (register.test.dru-id.com, auth.test.dru-id.com, graph.test.dru-id.com,…): If your website is going to be housed in Savvis, you’ll need to integrate your test environment against this environment. If your application is not housed in Savvis, it won’t be necessary to integrate against this environment, you’ll be able to do it against Savvis in this case.
- Production environment (register.dru-id.com and auth.dru-id.com, graph.dru-id.com,..): The environment where you should note your production environment (although it might seem obvious, there are people who forget this “minor” detail ;-) ).
SpiritID provides to the developer with 2 environments:
- Test environment (register-test.pernod-ricard.espana.com, auth-test.pernod-ricard.espana.com, graph-test.pernod-ricard.espana.com,…): If your website is going to be housed in Savvis, you’ll need to integrate your test environment against this environment. If your application is not housed in Savvis, it won’t be necessary to integrate against this environment, you’ll be able to do it against Savvis in this case.
- Production environment (register.pernod-ricard.espana.com, auth.pernod-ricard.espana.com, graph.pernod-ricard.espana.com, …): The environment where you should note your production environment (although it might seem obvious, there are people who forget this “minor” detail ;-) ).
Configuration file
Application configuration
Let’s see what you need to put in your code for user library.
Maven configuration
-
Edit you ~/.m2/settings.xml and add this snippet of code:
|
1 2 3 4 5 6 7 |
... <server> <id>genetsis-nexus</id> <username>integrations</username> <password>1nt3gr4t10ns</password> </server> ... |
- Add our nexus to your project:
|
1 2 3 4 5 6 7 |
... <repository> <id>genetsis-nexus</id> <name>Genetsis nexus repository for DRUID lib integration</name> <url>https://nexus.dru-id.com/repository/maven-public</url> </repository> ... |
- Add dependency to your project: (version could increase)
|
1 2 3 4 5 6 7 8 9 10 |
... <dependency> <groupId>com.genetsis</groupId> <artifactId>druid-sdk-all</artifactId> <version>20.05.2-covid19-de-escalate</version> <type>pom</type> </dependency> ... |
NOTE: if you get some errors building your project because some dependecies are not found, please contact us to solve problem ASAP!
Application configuration
- Edit your web.xml file and add this filter:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
<filter> <filter-name>Oauth2AuthzFilter</filter-name> <filter-class>com.genetsis.druid.sdk.security.Oauth2AuthzFilter</filter-class> <init-param> <param-name>excludes</param-name> <param-value> ^(/api/lib/js.*)|(/api/lib/css.*)|(.*\.(js|css|eot|gif|jpg|png|svg|swf|ico|xml|mp3|ttf|woff2?|eot|pdf|map))|(/api/query.*)|(.*\.jsp)|(/dwr/call.*)|(.*/(pubsub|struts|sections|link_creator|callback)/?.*)$ </param-value> </init-param> <init-param> <param-name>loadUserData</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>Oauth2AuthzFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> |
We recommend to put filter mappings before other filter mappings (at least before your MVC framework) to have DRUID user loaded (if logged) when you will need it. You can configure various parameters for this filter:
- excludes: [Optional] [Default: ‘.*’]. let you configure with a java Regex what resources you don’t what to filter initialize and load DRUID logged user (for example static resources). Do a fine grained configuration of this field if you want a good performance for your application.
- loadUserData: [Optional] [Default: ‘false’]. When user is logged, you can set this parameter to false if you don’t need any complementary data for the logged user. Don’t worry because id for the logged user will be accesible.
- requestParamName: [Optional]. Request or session parameter or attribute, where you will put clientID you want to use when your application is multi-client. Also you should have one or more oauthconf.xml, one for each client.
- defaultClientId: [Optional]. Default clientId to use if is not found in any scope,or is empty.
- securityContextScope: [Optional] [Default: ‘session’]. Scope where you want to store AuthContext. Possible values are ‘application’ or ‘session’. Different values to these will fallback in ‘session’.
- rethrowExceptions: [Optional] [Default: ‘true’]. Rethrow any exception occured in filter to your application. If you set to ‘false’ you have to control if Auth Context is not null and other things, but your application will never get 5xx errors produced by filter exceptions.
- Edit your web.xml and load spring context:
|
1 2 3 4 |
contextConfigLocation classpath*:application-context-druid-sdk.xml <!-- other applications contexts you need --> |
- (Optional) create a Spring service that implements :
Maybe you could need to create a correlation table with your own user internal ids and User Id (user_id).
If you are in this situation, you only need to implement our interface. This class could contain any data that you need (any data you have stored in your database). If you configured filter with loadUserData=true, we will fill user with all necessary data from DRUID. If you need this feature in your application, you only have to implement and extend these intefaces and class, then define a bean in your spring context (don’t worry for name or id of this bean, we will get this bean by class ;-)) e.g (bean definition in xml):
|
1 |
e.g (bean definition with annotations):
|
1 2 3 4 5 6 |
@org.springframework.stereotype.Service public class MyDruIDPrincipalProvider extends com.genetsis.druid.sdk.security.DruidPrincipalProvider { public DruidPrincipal loadUserByUserId(String userId) { //your stuff } } |
Tomcat 6/7 configuration
You need to define which spring profile is active (could be defined in catalina.properties, or passed as JVM parameter with -D, or as env var):
|
1 |
spring.profiles.active= |
eg: spring.profiles.active=prod
Library usage in your application
Get a reference of Auth context. You only need to ensure that you have loaded (from HttpSession) AuthzContext in your application, where you need it:
|
1 |
AuthzContext context = (AuthzContext) session.get(AuthzContext.CONTEXT_NAME); |
Using your favorite MVC framework, create an endpoint for receiving callback actions:
Once your application sent user to DRUID login page, when login process is finished, DRUID makes a call to your callback endpoint, passing a code as GET parameter. You should authorize user with this code, making a call to this lib method (variable names could be different with your actual code):
|
1 2 |
// get an access token with the authorization code druidSDK.authorizeUser(code, URI.create(redirectUri)); |
Create a logout: When you implement logout in your application, you don’t need to redirect to auth server. You only need to make a call to sdk logoutUser method:
|
1 2 3 4 5 6 7 |
druidSdk.logoutUser(); if (druidSdk.getDruIDThings().isDoLogout()) { //invalidate your session, local cookies and other stuff } else { //there is an error } |
Single Sign On
If your site is not under DRUID instalation domain or subdomain (eg: dru-id.com) you will not have single sign on with other sites, due to security restrictions in web browsers with cookies and domains.
If this is your case, you have to import a js file in all your pages:
|
1 |
<script type="text/javascript" src="https://login.dru-id.com/login/sso"></script> |