Oracle Entitlements Server with Java SM

1.  Create New Application (go to Authorization management > Application > click new Application)
2.   Create New Security Module (go to System Configuration > Security Module > click New)
3.  Create New Resource Type (go to Newly Created Application > Resource Types > Click new)
4.  Create New Resource (go to Newly Created Application > Default Policy Domain > Resources Catalog > Resources > Create New)
5.  Create New Permit Authorization Policy (go to Newly Created Application > Default Policy Domain > Application Policies > Create New)
6.  Create New Deny Authorization Policy (go to Newly Created Application > Default Policy Domain > Application Policies > Create New)
7.  Edit the following file
$OES_CLIENT_HOME/oessm/SMConfigTool/smconfig.java.controlled.prp
8.  Run the config.sh
9.  This will create a directory in $OES_CLIENT_HOME/oes_sm_instances/< SM_NAME_AS _IN_PRP_FILE >
10.   Create a sample application to validate the authorization request. Code  Snippet is as follows-
11.   Run the program to check that it is authorizing the user initiating the resource request.

Sample source:
******************************************************************
public class HelloWBworld2 {

    /**
     * @param args
     */
    public static void main(String[] args) {
        // TODO Auto-generated method stub
         WLSUserImpl p = new WLSUserImpl("weblogic_wc");
          System.out.println("HelloWBworld :: principal :: "+p);
          Subject user = new Subject();
          System.out.println("HelloWBworld :: Subject :: "+user);
//           user.getPrincipals().add(p);
          System.out.println("HelloWBworld :: Subject after add :: "+user);
          // Resource being accessed AppName/ResourceType/ResouceName
          String resourceString = "HelloWBWorld/MyWBResourceType/MyWBResource";
          System.out.println("HelloWBworld :: resourceString :: " +resourceString);
          // Action initiated by the user
          String action = "write";
          System.out.println("HelloWBworld :: action :: "+action);
          // Environmental/Context attributes
          while (true)
          {
              System.out.println("HelloWBworld :: while start ");
              try {
                 // get Authorization response from OES
                 PrepareResponse response =　PepRequestFactoryImpl.getPepRequestFactory()
                             .newPepRequest(
                                     user,
                                    action,
                                    resourceString,
                                    null).decide();
                System.out.println( "Request: {" + user + " " + action + " " + resourceString +  "} \nResult: " + response.allowed());
              } catch (PepException e) {
                 System.out.println( "***** Caught exception:  " + e.getMessage());
                 e.printStackTrace();
                 System.exit(1);
              }
        }
    }
}****************************************************************
http://docs.oracle.com/cd/E37115_01/dev.1112/e27154/handle_auth_calls.htm

How to download OES Client Software

Oracle Entitlement Server (OES) is a fine grained autorization software from Oracle. For OES there is server side component (installation steps omit ) and client side component called as Security Module.

1. OES consists of :
a) OES 11g Administration Console : Authorization Policy Manager (APM) : This is server side components installed as part of Identity & Access Management software.

b) OES 11g Client (SM) : OES Security Module is a client side component (this acts as Policy Enforcement Point and can also acts as Policy Decision point) that queries and enforces policies. OES Client (SM) is installed as separate software.
OES – Oracle Entitlement Server
PDP – Policy Decision Point
PEP – Policy Enforcement Point
JRF – Java Required Files
SM – Security Module

OES server component is part of Oracle Identity & Access Management (IDAM) software where as OES Security Module (client side component) is available as separate installer. You can download OES client (Security Module) from eDelivery
– > Oracle Fusion Middleware -> Oracle Fusion Middleware Identity Management XXXX -> Oracle Entitlement Server Security Module

About Oracle Entitlements Server Security Module 11g (11.1.2.2.0) , You can refer to following URL:

http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/oid-11gr2-2104316.html

Oracle Entitlements Server

Oracle Entitlements Server (OES) - Creating OES Schema (Step 1)
http://www.youtube.com/watch?v=HhfIvcpewA0

Oracle Entitlements Server (OES) - Installing Weblogic (Step 2)
http://www.youtube.com/watch?v=CKc7OPbed2A

Oracle Entitlements Server (OES) - Installing Administration Console (Step 3)
http://www.youtube.com/watch?v=Tx7Ecwl0lUw

Oracle Entitlements Server (OES) - Configuring OES Admin (Step4)
Blog: http://accessmanagement.wordpress.com/
http://www.youtube.com/watch?v=iolIrjRTqB8
※select Domain Source: Oracle Entitlements Server for Admin Server - 11.1.1.0[Oracle_IDM1]

Oracle Entitlements Server (OES) - Post Configuration Steps (Step5)
http://www.youtube.com/watch?v=pv1fPFO8u48

Oracle Entitlements Server (OES) - SM Installation Steps (Step 6)
http://www.youtube.com/watch?v=A4COQxyFTWk

Installing Oracle API Gateway Analytics

1. Navigate to the bin directory of OAG Analytics:
Linux:
cd /opt/OAG/OAG-11.1.2.1.0/oaganalytics/posix/bin
Windows:INSTALL_DIR\oaganalytics\Win32\bin

2. To configure the settings for OAG Analytics, execute the configureserver
command:
./configureserver

3.Download wkhtmltopdf-0.9.9 Windows Installer
https://code.google.com/p/wkhtmltopdf/downloads/detail?name=wkhtmltopdf-0.9.9-installer.exe

4.Install wkhtmltopdf into the following directory in your API Gateway Analytics installation:
Windows INSTALL_DIR\oaganalytics\Win32\lib\wkhtmltopdf
UNIX/Linux INSTALL_DIR/oaganalytics/posix/lib/wkhtmltopdf

Android emulator setting memo

Solution1:
1.Add Android SDK path to system environment variables path.
2.cmd --> start emulator
For example: emulator -avd avd
3.cmd
>>adb shell
>>sqlite3 /data/data/com.android.providers.settings/databases/settings.db "INSERT INTO system VALUES(99,'http_proxy',' 10.33.176.166 :8080')"
>>sqlite3 /data/data/com.android.providers.settings/databases/settings.db "SELECT * FROM system"
4.Restart android emulator

Soultion2:
1. settings->Wireless controls->Mobile networks->Access Point Names
2. Set Parament
- Proxy : your proxy address
- Port : your proxy port
- Username : your username if needed, or <Not set>  Password : your password if needed, or <Not set>
3. set DNS
>>adb shell
>>getprop
>>setprop net.dns1 192.168.1.1
or
>>setprop net.dns1 192.158.0.1

Getting started with PhoneGap

Getting started with PhoneGap in Eclipse for Android

http://www.adobe.com/devnet/html5/articles/getting-started-with-phonegap-in-eclipse-for-android.html

Getting started with PhoneGap in Xcode for iOS

http://www.adobe.com/devnet/html5/articles/getting-started-with-phonegap-in-xcode-for-ios.html

Downloading and installing PhoneGap

PhoneGap download page (http://phonegap.com/download) 

Oracle Mobile and Social Access Service

Overview
Oracle Mobile and Social Access Service is a fully integrated, server-based solution designed to secure mobile access to applications leveraging the enterprise's existing back-end identity management infrastructure. Oracle's Mobile and Social solution also provides client software development kits (SDKs) used by developers to weave security into native mobile applications for tight integration with identity management.

Oracle's Mobile and Social solution secures mobile access to corporate resources by leveraging the services of Oracle Access Management in terms of single sign-on between browser-based and native mobile applications, strong and multi-factor authentication, device fingerprinting and device context based fine-grained authorization. In addition, the Mobile and Social solution also enables enterprises to securely leverage social identity for personalization and federated sign-on.

Key features include:
Authenticating and Authorizing Mobile Users
Mobile Single Sign-on
Device Fingerprinting and Registration
Device Blacklist/Whitelist
Device-context Based Fine-grained Authorization
Log On Using Social Identity from Facebook, Google, Twitter, LinkedIn or Yahoo
REST-based directory interface for User Profile Services
Mobile and Social Client SDKs

http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oamms-1696162.html

ORACLE MOBILE AND SOCIAL ACCESS MANAGEMENT
http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oamms11gr2ds-1697252.pdf

White Paper
http://www.oracle.com/technetwork/middleware/id-mgmt/overview/mobileandsocialaccessmanagementwp-1703656.pdf

Oracle ADF Mobile! Hello!

First we have to setup our JDeveloper (11.1.2.3.0) for the ADF mobile development.
1.Entry:That is the adfmf-feature.xml file.
This file is to configure the features of your application.
The adfmf-feature.xml file enables you to configure the actual mobile application features that are referenced by the element in the corresponding adfmf-application.xml file.So basically, what is says is, that adfmf-feature.xml is the configuration file of all the features your application might have.
All those features are stored in the adfmf-application.xml file.
That file is located in the descriptors section in JDeveloper.
2.What is that DataControl about?
That dataControl handles the operations on your device
Once we understand how it works. one step at a time. it is fairly easy to remember.
This is the beginning!

OAM The requested URL /favicon.ico was not found

Error: The requested URL /favicon.ico was not found.
Possible Solution:
this is not a request made for something you didn't know you were pointing to on a Web page.Instead, it's a request for the favicon.ico file that Internet Explorer (and many other browsers) expect you to have on your site.
The favicon.ico file is a small graphic that is associated with a page or Web site, and allows the Web developer to customize the site in the Web browser,both in the tab bar that is displayed in many browsers as well as in the bookmarks when a site is saved.
So, you can try following step:
Step1:Create a favicon
http://www.favicon.cc/?
http://www.degraeve.com/favicon/
http://www.favicongenerator.com/
Step2:Upload icon to specified location.

2 legged OAuth & 3 legged OAuth

English

In short, they describe two different usage scenarios of OAuth involving two respectively three parties.

3-legged OAuth describes the scenario for which OAuth was originally developed: a resource owner wants to give a client access to a server without sharing his credentials (i.e. username/password). A typical example is a user (resource owner) who wants to give a third-party application (client) access to his Twitter account (server).

On a conceptual level it works in the following way:

• Client has signed up to the server and got his client credentials (also known as “consumer key and secret”) ahead of time
• User wants to give the client access to his protected resources on the server
• Client retrieves the temporary credentials (also known as “request token”) from the server
• Client redirects the resource owner to the server
• Resource owner grants the client access to his protected resources on the server
• Server redirects the user back to the client
• Client uses the temporary credentials to retrieve the token credentials (also known as “access token”) from the server
• Client uses the token credentials to access the protected resources on the server

2-legged OAuth, on the other hand, describes a typical client-server scenario, without any user involvement. An example for such a scenario could be a local Twitter client application accessing your Twitter account.

On a conceptual level 2-legged OAuth simply consists of the first and last steps of 3-legged OAuth:

• Client has signed up to the server and got his client credentials (also known as “consumer key and secret”)
• Client uses his client credentials (and empty token credentials) to access the protected resources on the server

Chinese

3-legged oauth

resource owner, client, server.

resource owner 给client访问权限去访问resource owner在server上的resource，但是resource owner和client不共享credentials（用户名和密码）。

1. client在server上注册，获得client credentials（包括consumer key和consumer secret）

2. client从server获得temporay credentials（即request token）

3. client将user-agent定向到server

4. user授权client访问server上的resource

5. server将user-agent定向到client

6. client用temporary credentials(request token)从server换取token credentials（即 access token）

7. client使用access token访问server上的protected resource

2-legged oauth

没有user参与的 server/client形式

1. client在server上注册，获得client credentials（包括consumer key和consumer secret）

2. client使用client credential（和空的token credential）访问server上的protected resource

三条腿的OAuth（3-Legged OAuth），这也是OAuth的标准版本。这里所谓的“三条腿”，指的是授权过程中涉及前面提到的三种角色，也就是：客户端，服务提供方，用户。不过有 些情况下，不需要用户的参与，此时就产生了一个变体，被称作两条腿的OAuth（2-Legged OAuth），一般来说，访问私有数据的应用需要三条腿的OAuth，访问公共数据的应用需要两条腿的OAuth。
两条腿的OAuth和三条腿的OAuth相比，因为没有用户的参与，所以在流程中就不会涉及用户授权的环节，也就不需要使用Token，而主要是通 过Consumer Key和Consumer Secret来完成签名的，此时的Consumer Key和Consumer Secret基本等价于账号和密码的作用。

Japanese

Auth Coreはフロー上の登場人物がConsumerとSPとEnd Userの三者であることから3-legged OAuthと呼ばれているのに対し、ConsumerがEnd Userとは紐づかないSPのリソースにアクセスする２者間通信の仕組みを通称2-legged OAuthと呼んでいます。

Refrence:
http://maeshima.hateblo.jp/category/oauth
http://www.tuicool.com/articles/6JnmMn
http://cakebaker.42dh.com/2011/01/10/2-legged-vs-3-legged-oauth/
https://drupal.org/node/1839550
http://www.kaiyuanba.cn/html/1/131/227/7672.htm
http://baike.baidu.com/view/6619164.htm
http://techblog.yahoo.co.jp/web/auth/oauth_1/

Android:How to load files from assets folder?

1.how to use android_asset
file://android_asset/ is a way that allows android apps access assets by a network-based URI. But assets represent neither local nor online files, they are packed into your apk.Put any files in assets folder in a android project and they will be packed into the apk file by the builder.

2.Sample Code:
mVideoView.setVideoPath("file:///android_asset/videos.mp4");
    mVideoView.requestFocus();
    mVideoView.start();
     
String uriPath = "file:///android_asset/videos.mp4";
    Uri uri = Uri.parse(uriPath);
    mVideoView.setVideoURI(uri);
    mVideoView.requestFocus();
    mVideoView.start();
     
String uriPath = "android.resource://yourapplicationpackage/raw/videofilenamewithoutextension";
Uri uri = Uri.parse(uriPath);
video.setVideoURI(uri);
     
mVideoView.setVideoPath("/mnt/sdcard/android_asset/videos.mp4");
     
this.setContentView(R.layout.videoview);      
mVideoView = (VideoView) this.findViewById(R.id.surface_view);      
SurfaceHolder holder = mVideoView.getHolder();
holder.setType(SurfaceHolder.SURFACE_TYPE_PUSH_BUFFERS);
MediaPlayer player = new MediaPlayer();
player.setDisplay(holder);      
AssetFileDescriptor afd;
try {
    afd = getAssets().openFd("v.mp4");      
    player.setDataSource(afd.getFileDescriptor(),afd.getStartOffset(), afd.getLength());
    player.prepareAsync();
    player.setOnPreparedListener(new OnPreparedListener() {

     @Override
     public void onPrepared(MediaPlayer mp) {
        mp.start();
     }
  });
} catch (Exception e) { e.printStackTrace();}

3.WebView.loadUrl sample code
WebSettings setting=mWebView.getSettings();
setting.setPluginState(PluginState.ON);
setting.setJavaScriptEnabled(true);
        String url="file:///android_asset/test.swf";
mWebView.loadUrl(url);

4.Video Resource
Android Application Development:Using the Asset Folder for Typeface
http://v.youku.com/v_show/id_XMzk5NTI4OTA4.html
http://www.youtube.com/watch?v=kOJGmVXuuFA1.how

Oracle API Gateway OAuth2.0 Authentication：How to obtain an access token

Overview

The API Gateway can use the OAuth 2.0 protocol for authentication and authorization. The API Gateway can act as an OAuth 2.0 Authorization Server and supports several OAuth 2.0 flows that cover common Web server, JavaScript, device, installed application, and server-to-server scenarios.

Authorization Code (or Web Server) Flow

The Authorization Code flow is as follows:

 

Obtaining an Access Token

The detailed steps for obtaining an access token are as follows:
1. Redirect the user to the authorization endpoint with the following parameters:

Parameter	Description
response_type	Required. Must be set to code.
client_id	Required. The Client ID generated when the application was registered in the Oracle API Manager.
redirect_uri	Optional. Where the authorization code will be sent. This value must match one of the values provided in the Oracle API Manager.
scope	Optional. A space delimited list of scopes, which indicate the access to the Resource Owner's data being requested by the application.
state	Optional. Any state the consumer wants reflected back to it after approval during the callback.

The following is an example URL:

https://apigateway/oauth/authorize?client_id=SampleConfidentialApp&
response_type=code&&redirect_uri=http%3A%2F%2Flocalhost%3A8090%2Fauth%2Fredirect.

html&scope=https%3A%2F%2Flocalhost%3A8090%2Fauth%2Fuserinfo.email

2. The response to the above request is sent to the redirect_uri. 
For example:

https://localhost/oauth_callback&code=9srN6sqmjrvG5bWvNB42PCGju0TFVV

3. After the Web server receives the authorization code, it may exchange the authorization code for an access token and a refresh token. This request is an HTTPS POST, and includes the following parameters:               

Parameter	Description
grant_type	Required. Must be set to authorization_code.
code	Required. The authorization code received in the redirect above.
redirect_uri	Required. The redirect URL registered for the application during application registration.
client_id*	Optional. The client_id obtained during application registration.
client_secret*	Optional. The client_secret obtained during application registration.
format	Optional. Expected return format. The default is json. Possible values are: urlencoded json xml

4. After the request is verified, the API Gateway sends a response to the client. The following parameters are in the response body:

Parameter	Description
access_token	The token that can be sent to the Resource Server to access the protected resources of the Resource Owner (user).
refresh_token	A token that may be used to obtain a new access token.
expires	The remaining lifetime on the access token.
type	Indicates the type of token returned. At this time, this field always has a value of Bearer.

The following is an example response:

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: application/json
Pragma: no-cache{
    "access_token": “O91G451HZ0V83opz6udiSEjchPynd2Ss9......",
    "token_type": "Bearer",
    "expires_in": "3600",
}

5. After the Web server has obtained an access token, it can gain access to protected resources on the Resource Server by placing it in an Authorization: Bearer HTTP header:

GET /oauth/protected HTTP/1.1
Authorization: Bearer O91G451HZ0V83opz6udiSEjchPynd2Ss9
Host: apigateway.com

For example, the curl command to call a protected resource with an access token is as follows:

curl -H "Authorization: Bearer O91G451HZ0V83opz6udiSEjchPynd2Ss9" https://apigateway.com/oauth

/protected

Note:
To run the sample(Sample Client，INSTALL_DIR/samples/scripts/oauth/authorization_code.py), perform the folllowing steps:
[oracle@cdcXXXX scripts]$ sh run.sh oauth/implicit_grant.py Go to the URL here: https://127.0.0.1:8089/api/oauth/authorize?cliend_id=SampleConfifentialApp& response_type=token&scope=https://localhost:8090/auth/userinfo.email&redirect _uri=https://localhost/oauth_callback&state=-1992846334
Enter Access Token code in dialog
********************ACCESS TOKEN RESPONSE8************************************ Access token received from authorization server a0b09580-1866-4dbc-a472-d89192 a9a95d ****************************************************************************** Now we can try access the protected resource using the access token Executing get request on the protected url Response from protected resource request is:500 Problem accessing the protected resource.Response code returned is:500
Root cause:  
The authorization server encountered an unexpected condition that prevented it from fulfilling the request.(This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.)
For details, please refer to http://tools.ietf.org/html/rfc6749   
4.1.2.1.Error Response

HTML5 CSS3 Generator Tools

1.CSS3.me

http://www.css3.me/

2.CSS3 Gradient Generator

http://gradients.glrzad.com/

3.CSS3 Maker
http://www.css3maker.com/

4.CSS3 Button Generator

http://css3buttongenerator.com/

5.Border-Image Generator

http://border-image.com

Authorization code grant Vs Implicit grant

You can refer to RFC 6749 - The OAuth 2.0 Authorization Framework
4.1 The authorization code grant
The authorization code grant type is used to obtain both access tokens and refresh tokens and is optimized for confidential clients.Since this is a redirection-based flow, the client must be capable of interacting with the resource owner's user-agent (typically a web browser) and capable of receiving incoming requests (via redirection) from the authorization server.

图4.1 
The client requests an access token from the authorization server's token endpoint by including the authorization code received in the previous step. When making the request, the client authenticates with the authorization server. The client includes the redirection URI used to obtain the authorization code for verification.









4.2 The implicit grant type
The implicit grant type is used to obtain access tokens (it does not support the issuance of refresh tokens) and is optimized for public clients known to operate a particular redirection URI. These clients are typically implemented in a browser using a scripting language such as JavaScript.
Since this is a redirection-based flow, the client must be capable of interacting with the resource owner's user-agent (typically a web browser) and capable of receiving incoming requests (via redirection) from the authorization server.
Unlike the authorization code grant type, in which the client makes separate requests for authorization and for an access token, the client receives the access token as the result of the authorization request.

图4.2 
The implicit grant type does not include client authentication, and relies on the presence of the resource owner and the registration of the redirection URI. Because the access token is encoded into the redirection URI, it may be exposed to the resource owner and other applications residing on the same device.

主要的区别是：
1. The authorization code grant是定义用来取access token 和 refresh token，The implicit grant type只定义了获取access token。
2. The authorization code grant是两个请求，分别用来进行认证和获取access token。The implicit grant type是一次请求直接获取access token。
3. The implicit grant type不提供客户端认证检查，而The authorization code grant在4.1步骤4有一个客户端检查的步骤。(图4.1)
4. The authorization code grant方法返回的uri中的认证和access token部分是传给请求方服务器。而The implicit grant type中的access token部分(fragment,通常以hash uri)在客户端本地处理，回调服务器不包含hash的部分(access token)。(图4.2)

Authorization Code Grant Flow

ひとつめは，Authorization Code（認可コード）を使用する方法です。認可コードは，アクセストークンやリフレッシュトークンを得るために一時的に使用します。この方法は，Webサーバー上で動作するアプリの使用が想定されています。

OAuthでは，4種類のRole（ロール）が登場します。リソースオーナーは，アプリへアクセス許可を与える存在です。通常はアプリの利用者です。クライアントは，アプリを表します。認可サーバーは，認証・認可処理，認可コードやアクセストークン，リフレッシュトークンを発行します。リソースサーバーは，ユーザーデータ（リソース）を持っているサーバーです。

また，もうひとつ重要なのが，ユーザーエージェントです。通常，ユーザーエージェントはWebブラウザーのことです。リソースオーナーは，ユーザーエージェントを通してクライアントやサーバーとやりとりします。

フローの手順は次の通りです。アプリ利用者がWebサイトにアクセスした後から始まります。

①認証・認可画面（Webページ）へ移動します。通常，Webページにサインイン ボタンなどを表示し，アプリ利用者のクリックで移動します。移動先のLive Connect認可サーバーのエンドポイントは，以下のURLです。

https://oauth.live.com/authorize?client_id=CLIENT_ID&scope=SCOPES&response_type=code&redirect_uri=REDIRECT_URL

URLのクエリーには，Client ID（クライアントID），スコープ，リダイレクト先のURLなどを指定します。

②リソースオーナーは，Windows Liveサービスへのサインインと，アプリが要求する内容を許可します。

③①で指定したリダイレクト先へ移動します。このとき，認可サーバーは，URLのクエリーに認可コードを付けてリダイレクトします。

http://example.jp/callback.php?code=[AuthorizationCode]

Webアプリは，ユーザーエージェントを介して認可コードを受け取ります。

④クライアントは，認可サーバーにアクセストークンを要求します。次のURLにアクセスします。

https://oauth.live.com/token?client_id=CLIENT_ID&redirect_uri=REDIRECT_URL&client_secret=CLIENT_SECRET&code=AUTHORIZATION_CODE&grant_type=authorization_code

URLのクエリーには，クライアントID，リダイレクトURL，Client Secret（クライアントシークレット），認可コードなどを指定します。

⑤認可サーバーは，アクセストークンを発行します。

以上が，認可のフローです。リフレッシュトークンは，リソースオーナーに認可された場合，アクセストークンと一緒に発行され，クライアントが受け取ります。

⑥クライアントは，リソースサーバーにリソースのアクセスを要求します。Live Connectでは，REST APIを利用します。

Implicit Grant Flow

もうひとつのアクセストークンを取得する方法は，Webブラウザー上で動くアプリ向けの方法です。JavaScript APIはこの方法を使っています。デスクトップアプリでも使えます。

この場合のクライアントは，JavaScriptなどで実装されたWebブラウザー上で動作するアプリです。Webサーバーには，クライアントのリソース（HTML文書やスクリプト）があります。

フローの手順は次の通りです。

①認証・認可画面（Webページ）へ移動します。

https://oauth.live.com/authorize?client_id=CLIENT_ID&scope=SCOPES&response_type=token&redirect_uri=REDIRECT_URL

②リソースオーナーは，Windows Liveサービスへのサインインと，アプリが要求する内容を許可します。

③①で指定したURLへリダイレクトします。このとき，認可サーバーは，URLのフラグメントにアクセストークンを付けてリダイレクトします。

http://example.jp/callback.html#access_token=[AccessToken]

④ユーザーエージェントは，Webサーバー上のクライアントリソースのURLへリダイレクトします。このとき，URLの#以降のフラグメント部分にあるアクセストークンは，Webサーバーには送信されません。

⑤クライアントリソースは，JavaScriptなどのスクリプトを含むHTML文書を返します。

⑥ユーザーエージェントは，スクリプトを実行し，URLのフラグメントからアクセストークンを抽出します。

以上が，認可フローです。リソースへのアクセスは図では省略しています。リソースのアクセスは，ユーザーエージェントがアクセストークンを使ってリソースサーバーへ要求します。

ひとつめの認可コードを使う場合と比べると，アクセストークンをユーザーエージェントが持っている点が大きく異なります。また，この方法の場合，認可サーバーはリフレッシュトークンを発行しません。

以上が，OAuthで定義されている4種類のフローのうちの2種類でした。Live Connectでは，これ以外にJavaScript APIとサインインコントロールを使用したフローを用意しています。

For details:
http://dev.jiepang.com/oauth

http://gihyo.jp/dev/serial/01/wl-sdk/0045?page=2
http://www.zhihu.com/question/20647855
http://tools.ietf.org/html/rfc6749#section-4.2.1

Linux:VNC client:Copy Paste between Linux and Windows

Question: 
How to Copy Paste between Linux and windows applications using VNC Viewer?

Answer:
Make sure that ~/.vnc/xstartup on the server side contains the following line somewhere:
---------------------------
vncconfig -iconic &
or
vncconfig &
-----------------------------------
to ensure it's started automatically. If you already have a running VNC session
without an active instance of vncconfig, just open a terminal on your VNC desktop and start it manually.

Note:
Remember that if you press Ctrl+C to copy before you open the VNC connection, it will not work.

For detail:
http://lookupnotes.blogspot.jp/2012/10/copy-paste-vncviewer.html
http://superuser.com/questions/376877/copy-paste-clipboard-like-functionality-from-a-vnc-desktop

Android: import cannot be resolved

Recently I kept hitting an issue of Eclipse not recognising my imports (even though they were there). I was always getting the message:
import ClassName cannot be resolved.

You can try following:
1.‘Clean’ Your Eclipse Project:
 Go to Project > Clean in Eclipse
Refresh your project folder (right click on your project > refresh)
Re-build your project

2.Check your Android SDK version.
project-->Properties-->Android-->Project Build Target
Select target Name

3.default.properties
Modify project build target and android.library.reference.1

Hope those tips help!

Mobile and Social Related Demo & Architecture resource

google-api-javascript-client
https://code.google.com/p/google-api-javascript-client/

Using OAuth 2.0 with Google API in Phonegap / ChildBrowser
http://www.itsalif.info/content/oauth-google-api-gapi-phonegap-childbrowser-jquery

The Architecture of a Social Business
http://dachisgroup.com/2012/03/the-architecture-of-a-social-business/

Facebook Google Login OAuth
http://www.youtube.com/watch?v=Q8s8AyL71Uk

Google OAuth Demo: Step #1 Initial Preparations
http://www.youtube.com/watch?v=_uLB_vn0et0

Google OAuth Demo: Step #2 Getting the Client ID
http://www.youtube.com/watch?v=RHOjSJoXad0

Google OAuth Demo: Step #3 SMTP setup so as to invite UID/PWD users to use OAUth.
http://www.youtube.com/watch?v=qCRCJgAiJmU

OpenID Demo
http://www.youtube.com/watch?v=ihT9CloUyfA

Demo of a mobile app using OpenID and OAuth
http://www.youtube.com/watch?v=mRXH7hUbqbY

Social Architecture (a manifesto)
http://www.managementexchange.com/hack/social-architecture-manifesto
http://www.youtube.com/watch?v=HCmzZYETZ40

Google I/O 2010 - OpenID-based SSO & OAuth for Google Apps
http://www.youtube.com/watch?v=0L_dEOjhADQ

Android OAUTH Example
http://www.youtube.com/watch?v=25o0b2aEw0E

OpenAM OAuth 2.0 Authentication
http://www.youtube.com/watch?v=u3kqjbtB0l4

Social Media in Architecture
http://www.youtube.com/watch?v=4NwDeeu8QTM

Mobile App - Web Diversity; Internet, Mobile and Social Media Consultants.
http://www.youtube.com/watch?v=m-zYRczVYsQ

Learn how to build HTML5 jquery Mobile apps for ipad iphone android
http://www.youtube.com/watch?v=29wiTVbk8yk

Creating a Facebook login for your App
http://www.youtube.com/watch?v=EcYDm3QH0oM

Social Investment: New Possibilities for Business and Philanthropy
http://www.youtube.com/watch?v=Vaie2e0PYhI

The Architecture of Social Investment
http://www.youtube.com/watch?v=SDJE2JDcaaY

What Future for Social Investment?
http://www.youtube.com/watch?v=9ckNZXy5I_Q

Social Investment: New Possibilities for Business and Philanthropy
http://www.youtube.com/watch?v=Vaie2e0PYhI

What Future for Social Investment?
http://www.youtube.com/watch?v=9ckNZXy5I_Q

Google I/O 2010 - OpenID-based SSO & OAuth for Google Apps
http://www.youtube.com/watch?v=0L_dEOjhADQ

Android OAUTH Example
http://www.youtube.com/watch?v=25o0b2aEw0E

OpenAM OAuth 2.0 Authentication
http://www.youtube.com/watch?v=u3kqjbtB0l4

Social Media in Architecture
http://www.youtube.com/watch?v=4NwDeeu8QTM

ORA-00059: maximum number of DB_FILES exceeded

This parameter is in the CONTROL FILE,but you do not need to recreate control file. See below:

$sqlplus /nolog
conn / as sysdba

SQL> show parameter db_files;
NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
db_files                             integer     200

SQL> alter system set db_files=250 scope=spfile;
System altered.

SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.

Total System Global Area  268435456 bytes
Fixed Size                  1218892 bytes
Variable Size              75499188 bytes
Database Buffers          188743680 bytes
Redo Buffers                2973696 bytes
Database mounted.
Database opened.

SQL>show parameter db_files
NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
db_files                             integer     250
SQL> exit

OAuth and OpenID Userful Video Resource

OAuth
http://www.youtube.com/watch?v=PqNjmMvpeT4

OAuth Presentation
http://www.youtube.com/watch?v=S8zmDIlGsV8

Securing Rest-ful Web Services with OAuth2
http://www.youtube.com/watch?v=8uBcpsIEz2I

Cloud Foundry Blog
http://blog.cloudfoundry.org/2012/10/09/oauth-rest

Authentication OAuth 2.0
You're building an API and the question comes up, how to let client applications authenticate against it? Giving username/password to 3rd party client applications is a security anti-pattern. You don't want to do that. API keys are better, but confusing for the average user. So we're going to look at solving that with OAuth 2.0.
http://www.youtube.com/watch?v=khnmMv4_RCE

Google I/O 2012 - OAuth 2.0 for Identity and Data Access
http://www.youtube.com/watch?v=YLHyeSuBspI
This session will cover the latest advances in how OAuth can be used for data access, but will also dive into how you can lower the barrier to entry for your application by allowing users to login using their Google accounts. You will learn, through an example written in Python, how to use OAuth 2.0 to incorporate user identity into your web application. Best practices for desktop applications, mobile applications and server-to-server use cases will also be discussed.

OAuth and OpenID for Data Access and Identity in web apps
http://www.youtube.com/watch?v=U9Dfr_VIpic

OAuth 2.0 Tutorial 3 Implicit Grant Type Using Layer 7 OAuth Toolkit
http://www.youtube.com/watch?v=OfgVewoEbX0&list=PL032A5954701D543C

Facebook Google Login OAuth
http://www.youtube.com/watch?v=Q8s8AyL71Uk

Google OAuth Demo: Step #1 Initial Preparations
http://www.youtube.com/watch?v=_uLB_vn0et0

Authentication with OAuth and Connected Apps
http://www.youtube.com/watch?v=SBeO-Jkx3LA

OAuth 2.0 - Part 4
http://www.youtube.com/watch?v=0PvQcLzVGF0

OAuth 2.0 in Depth.mp4
http://www.youtube.com/watch?v=hEewiXlynyc

Oracle API Gateway Installation and Configuration

Overview:

Oracle API Gateway is a comprehensive platform for managing, delivering, and securing Web APIs. It provides integration, acceleration, governance, and security for API and SOA-based systems. Oracle API Gateway is available on Windows, Linux, and Solaris (for more details, see the Oracle API Gateway Installation and Configuration Guide).

Purpose: 

This document will cover the installation part of the Oracle API Gateway 11gR2PS1.Use the below hyperlink to download the Oracle API Gateway Download.  

Installation:

• Extract the zipped file to the appropriate location.
• Run the executable file "OAG-11.1.2.1.0-linux-x64-installer.run"
• Follow the instructions as per the below screen shots.

Click Next to continue.(Omit)

URL: https://<hostname>:8090/

username: admin

Password: changeme

Below are the few screen shots of API gateway home page and Policy store consoles.

 

Starting the Policy Studio
If you did not select to launch the Policy Studio after installation, perform the following steps:
    1.Open a command prompt.
    2.Change to your Policy Studio installation directory
      (for example, INSTALL_DIR\oagpolicystudio).
    3.Start policystudio.

For details, you can refer to following url:
http://docs.oracle.com/cd/E39820_01/doc.11121/gateway_install_docs/content/install_gateway.html