BetterRev Discussion Points

Martijn Verburg martijnverburg at gmail.com
Wed Mar 18 09:38:54 UTC 2015 

Hi Ed,

For OAuth1/2 you can try:

* https://github.com/google/google-oauth-java-client
* https://github.com/fernandezpablo85/scribe-java
* Other libs listed at: http://oauth.net/code/

-----

On the Akka stuff, it was feedback from James Ward (Typesafe) he noted that
we had an incorrect mixture of Actors and Events and we weren't using the
chain of supervision. So I'm not against using Akka in principle, but
there's some serious refactoring that needs to go on in order to use Akka
in the way it was intended.

A starting point would be to have Actors modelling each state change in our
state diagram and having events flow through those Actors.  Naming and
package structure here will help fooActor, barEvent etc.  First steps
should be:

1.) Put in the hook to start Akka as a Singleton entity on the start of the
web app. There should be either a magic annotation or XML configuration to
do this in JavaEE 7 (I've seen the XML config in earlier Java EE versions).
See Globals.java for the old hook, I'd rename that class as well to just
Betterrev and we can use that as the bootstrap class for the app.

2.) Rename our existing workflow classes into Actors (which should extend
an Akka Actor) in an actor package and Events in the existing events package

3.) Then look at the state diagram and model the Actors into the
appropriate supervision hierarchy.

Let me know if anyone wants to seriously tackle any of these steps and I'll
start sorting the issue tracker / assignments out.

Cheers,
Martijn

On 18 March 2015 at 00:25, Edward Yue Shung Wong <edward.ys.wong at gmail.com>
wrote:

> *TL;DR - Need help on Oauth 1.0a via Bitbucket & discuss server processing
> model*
>
> Hiya everyone,
>
> Many thanks to everyone that attended the Hack the Tower session on
> Saturday. We made some decent progress into the BetterRev app. (cheers
> Enrico!)
>
> The last we left it, I believe we were stuck on using Oauth to authenticate
> users against Bitbucket. We need to do this so we can both verify who the
> user is and get access to their Bitbucket information. Naively I'd say we
> would be doing this from the AngularJS app but I believe Enrico found an
> article which pointed to security flaws of such an approach... (I can't
> find the link)
>
> If you have experience with Oauth 1.0a, please speak to us :)
>
> Going back to the server processing model, the last we left it everything
> was still using Akka. Martijn was told we were "dong it wrong" and the
> difficulty in testing the code was an issue. I'm happy to try again with
> Akka or go with a different solution.
>
> Thanks,
>
> Edward
>

More information about the adoption-discuss mailing list