2013年9月28日土曜日

Oracle ADF Mobile! Hello!

First we have to setup our JDeveloper (11.1.2.3.0) for the ADF mobile development.
1.Entry:That is the adfmf-feature.xml file.
This file is to configure the features of your application.
The adfmf-feature.xml file enables you to configure the actual mobile application features that are referenced by the element in the corresponding adfmf-application.xml file.So basically, what is says is, that adfmf-feature.xml is the configuration file of all the features your application might have.
All those features are stored in the adfmf-application.xml file.
That file is located in the descriptors section in JDeveloper.
2.What is that DataControl about?
That dataControl handles the operations on your device
Once we understand how it works. one step at a time. it is fairly easy to remember.
This is the beginning!

OAM The requested URL /favicon.ico was not found

Error: The requested URL /favicon.ico was not found.
Possible Solution:
this is not a request made for something you didn't know you were pointing to on a Web page.Instead, it's a request for the favicon.ico file that Internet Explorer (and many other browsers) expect you to have on your site.
The favicon.ico file is a small graphic that is associated with a page or Web site, and allows the Web developer to customize the site in the Web browser,both in the tab bar that is displayed in many browsers as well as in the bookmarks when a site is saved.
So, you can try following step:
Step1:Create a favicon
http://www.favicon.cc/?
http://www.degraeve.com/favicon/
http://www.favicongenerator.com/
Step2:Upload icon to specified location.

2013年9月25日水曜日

2 legged OAuth & 3 legged OAuth

English
In short, they describe two different usage scenarios of OAuth involving two respectively three parties.
3-legged OAuth describes the scenario for which OAuth was originally developed: a resource owner wants to give a client access to a server without sharing his credentials (i.e. username/password). A typical example is a user (resource owner) who wants to give a third-party application (client) access to his Twitter account (server).
On a conceptual level it works in the following way:
  • Client has signed up to the server and got his client credentials (also known as “consumer key and secret”) ahead of time
  • User wants to give the client access to his protected resources on the server
  • Client retrieves the temporary credentials (also known as “request token”) from the server
  • Client redirects the resource owner to the server
  • Resource owner grants the client access to his protected resources on the server
  • Server redirects the user back to the client
  • Client uses the temporary credentials to retrieve the token credentials (also known as “access token”) from the server
  • Client uses the token credentials to access the protected resources on the server
2-legged OAuth, on the other hand, describes a typical client-server scenario, without any user involvement. An example for such a scenario could be a local Twitter client application accessing your Twitter account.
On a conceptual level 2-legged OAuth simply consists of the first and last steps of 3-legged OAuth:
  • Client has signed up to the server and got his client credentials (also known as “consumer key and secret”)
  • Client uses his client credentials (and empty token credentials) to access the protected resources on the server
Chinese
3-legged oauth
resource owner, client, server.
resource owner 给client访问权限去访问resource owner在server上的resource,但是resource owner和client不共享credentials(用户名和密码)。
1. client在server上注册,获得client credentials(包括consumer key和consumer secret)
2. client从server获得temporay credentials(即request token)
3. client将user-agent定向到server
4. user授权client访问server上的resource
5. server将user-agent定向到client
6. client用temporary credentials(request token)从server换取token credentials(即 access token)
7. client使用access token访问server上的protected resource

2-legged oauth
没有user参与的 server/client形式
1. client在server上注册,获得client credentials(包括consumer key和consumer secret)
2. client使用client credential(和空的token credential)访问server上的protected resource

三条腿的OAuth(3-Legged OAuth),这也是OAuth的标准版本。这里所谓的“三条腿”,指的是授权过程中涉及前面提到的三种角色,也就是:客户端,服务提供方,用户。不过有 些情况下,不需要用户的参与,此时就产生了一个变体,被称作两条腿的OAuth(2-Legged OAuth),一般来说,访问私有数据的应用需要三条腿的OAuth,访问公共数据的应用需要两条腿的OAuth。
两条腿的OAuth和三条腿的OAuth相比,因为没有用户的参与,所以在流程中就不会涉及用户授权的环节,也就不需要使用Token,而主要是通 过Consumer Key和Consumer Secret来完成签名的,此时的Consumer Key和Consumer Secret基本等价于账号和密码的作用。

Japanese
Auth Coreはフロー上の登場人物がConsumerとSPとEnd Userの三者であることから3-legged OAuthと呼ばれているのに対し、ConsumerがEnd Userとは紐づかないSPのリソースにアクセスする2者間通信の仕組みを通称2-legged OAuthと呼んでいます。

Refrence:
http://maeshima.hateblo.jp/category/oauth
http://www.tuicool.com/articles/6JnmMn
http://cakebaker.42dh.com/2011/01/10/2-legged-vs-3-legged-oauth/
https://drupal.org/node/1839550
http://www.kaiyuanba.cn/html/1/131/227/7672.htm
http://baike.baidu.com/view/6619164.htm
http://techblog.yahoo.co.jp/web/auth/oauth_1/

2013年9月23日月曜日

Android:How to load files from assets folder?

1.how to use android_asset
file://android_asset/ is a way that allows android apps access assets by a network-based URI. But assets represent neither local nor online files, they are packed into your apk.Put any files in assets folder in a android project and they will be packed into the apk file by the builder.

2.Sample Code:
mVideoView.setVideoPath("file:///android_asset/videos.mp4");
    mVideoView.requestFocus();
    mVideoView.start();
     
String uriPath = "file:///android_asset/videos.mp4";
    Uri uri = Uri.parse(uriPath);
    mVideoView.setVideoURI(uri);
    mVideoView.requestFocus();
    mVideoView.start();
     
String uriPath = "android.resource://yourapplicationpackage/raw/videofilenamewithoutextension";
Uri uri = Uri.parse(uriPath);
video.setVideoURI(uri);
     
mVideoView.setVideoPath("/mnt/sdcard/android_asset/videos.mp4");
     
this.setContentView(R.layout.videoview);      
mVideoView = (VideoView) this.findViewById(R.id.surface_view);      
SurfaceHolder holder = mVideoView.getHolder();
holder.setType(SurfaceHolder.SURFACE_TYPE_PUSH_BUFFERS);
MediaPlayer player = new MediaPlayer();
player.setDisplay(holder);      
AssetFileDescriptor afd;
try {
    afd = getAssets().openFd("v.mp4");      
    player.setDataSource(afd.getFileDescriptor(),afd.getStartOffset(), afd.getLength());
    player.prepareAsync();
    player.setOnPreparedListener(new OnPreparedListener() {

     @Override
     public void onPrepared(MediaPlayer mp) {
        mp.start();
     }
  });
} catch (Exception e) { e.printStackTrace();}

3.WebView.loadUrl sample code
WebSettings setting=mWebView.getSettings();
setting.setPluginState(PluginState.ON);
setting.setJavaScriptEnabled(true);
        String url="file:///android_asset/test.swf";
mWebView.loadUrl(url);

4.Video Resource
Android Application Development:Using the Asset Folder for Typeface
http://v.youku.com/v_show/id_XMzk5NTI4OTA4.html
http://www.youtube.com/watch?v=kOJGmVXuuFA1.how

2013年9月14日土曜日

Oracle API Gateway OAuth2.0 Authentication:How to obtain an access token

Overview

The API Gateway can use the OAuth 2.0 protocol for authentication and authorization. The API Gateway can act as an OAuth 2.0 Authorization Server and supports several OAuth 2.0 flows that cover common Web server, JavaScript, device, installed application, and server-to-server scenarios.

Authorization Code (or Web Server) Flow

The Authorization Code flow is as follows:
 OAuth 2.0 Web Server Flow

Obtaining an Access Token

The detailed steps for obtaining an access token are as follows:
1. Redirect the user to the authorization endpoint with the following parameters:



Parameter Description
response_type Required. Must be set to code.
client_id Required. The Client ID generated when the application was registered in the Oracle API Manager.
redirect_uri Optional. Where the authorization code will be sent. This value must match one of the values provided in the Oracle API Manager.
scope Optional. A space delimited list of scopes, which indicate the access to the Resource Owner's data being requested by the application.
state Optional. Any state the consumer wants reflected back to it after approval during the callback.

The following is an example URL:
https://apigateway/oauth/authorize?client_id=SampleConfidentialApp&
response_type=code&&redirect_uri=http%3A%2F%2Flocalhost%3A8090%2Fauth%2Fredirect.
html&scope=https%3A%2F%2Flocalhost%3A8090%2Fauth%2Fuserinfo.email

OAuth 2.0 Authorization Code Grant Flow - Grant Access

2. The response to the above request is sent to the redirect_uri
For example:

https://localhost/oauth_callback&code=9srN6sqmjrvG5bWvNB42PCGju0TFVV


3. After the Web server receives the authorization code, it may exchange the authorization code for an access token and a refresh token. This request is an HTTPS POST, and includes the following parameters:               
Parameter Description
grant_type Required. Must be set to authorization_code.
code Required. The authorization code received in the redirect above.
redirect_uri Required. The redirect URL registered for the application during application registration.
client_id* Optional. The client_id obtained during application registration.
client_secret* Optional. The client_secret obtained during application registration.
format Optional. Expected return format. The default is json. Possible values are:
  • urlencoded
  • json
  • xml

4. After the request is verified, the API Gateway sends a response to the client. The following parameters are in the response body:
Parameter Description
access_token The token that can be sent to the Resource Server to access the protected resources of the Resource Owner (user).
refresh_token A token that may be used to obtain a new access token.
expires The remaining lifetime on the access token.
type Indicates the type of token returned. At this time, this field always has a value of Bearer.


The following is an example response:
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: application/json
Pragma: no-cache{
    "access_token": “O91G451HZ0V83opz6udiSEjchPynd2Ss9......",
    "token_type": "Bearer",
    "expires_in": "3600",
}

5. After the Web server has obtained an access token, it can gain access to protected resources on the Resource Server by placing it in an Authorization: Bearer HTTP header:

GET /oauth/protected HTTP/1.1
Authorization: Bearer O91G451HZ0V83opz6udiSEjchPynd2Ss9
Host: apigateway.com

For example, the curl command to call a protected resource with an access token is as follows:


curl -H "Authorization: Bearer O91G451HZ0V83opz6udiSEjchPynd2Ss9" https://apigateway.com/oauth
/protected

Note:
To run the sample(Sample Client,INSTALL_DIR/samples/scripts/oauth/authorization_code.py), perform the folllowing steps:
[oracle@cdcXXXX scripts]$ sh run.sh oauth/implicit_grant.py Go to the URL here: https://127.0.0.1:8089/api/oauth/authorize?cliend_id=SampleConfifentialApp& response_type=token&scope=https://localhost:8090/auth/userinfo.email&redirect _uri=https://localhost/oauth_callback&state=-1992846334
Enter Access Token code in dialog
********************ACCESS TOKEN RESPONSE8************************************ Access token received from authorization server a0b09580-1866-4dbc-a472-d89192 a9a95d ****************************************************************************** Now we can try access the protected resource using the access token Executing get request on the protected url Response from protected resource request is:500 Problem accessing the protected resource.Response code returned is:500
Root cause:  
The authorization server encountered an unexpected condition that prevented it from fulfilling the request.(This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.)
For details, please refer to http://tools.ietf.org/html/rfc6749   
4.1.2.1.Error Response

2013年9月11日水曜日

Authorization code grant Vs Implicit grant

You can refer to RFC 6749 - The OAuth 2.0 Authorization Framework
4.1 The authorization code grant
The authorization code grant type is used to obtain both access tokens and refresh tokens and is optimized for confidential clients.Since this is a redirection-based flow, the client must be capable of interacting with the resource owner's user-agent (typically a web browser) and capable of receiving incoming requests (via redirection) from the authorization server.



图4.1 
The client requests an access token from the authorization server's token endpoint by including the authorization code received in the previous step. When making the request, the client authenticates with the authorization server. The client includes the redirection URI used to obtain the authorization code for verification.









4.2 The implicit grant type
The implicit grant type is used to obtain access tokens (it does not support the issuance of refresh tokens) and is optimized for public clients known to operate a particular redirection URI. These clients are typically implemented in a browser using a scripting language such as JavaScript.
Since this is a redirection-based flow, the client must be capable of interacting with the resource owner's user-agent (typically a web browser) and capable of receiving incoming requests (via redirection) from the authorization server.
Unlike the authorization code grant type, in which the client makes separate requests for authorization and for an access token, the client receives the access token as the result of the authorization request.


图4.2 
The implicit grant type does not include client authentication, and relies on the presence of the resource owner and the registration of the redirection URI. Because the access token is encoded into the redirection URI, it may be exposed to the resource owner and other applications residing on the same device.

主要的区别是:
1. The authorization code grant是定义用来取access token 和 refresh token,The implicit grant type只定义了获取access token。
2. The authorization code grant两个请求,分别用来进行认证和获取access token。The implicit grant type是一次请求直接获取access token。
3. The implicit grant type不提供客户端认证检查,而The authorization code grant在4.1步骤4有一个客户端检查的步骤。(图4.1)
4. The authorization code grant方法返回的uri中的认证和access token部分是传给请求方服务器。而The implicit grant type中的access token部分(fragment,通常以hash uri)在客户端本地处理,回调服务器不包含hash的部分(access token)。(图4.2)



Authorization Code Grant Flow
ひとつめは,Authorization Code(認可コード)を使用する方法です。認可コードは,アクセストークンやリフレッシュトークンを得るために一時的に使用します。この方法は,Webサーバー上で動作するアプリの使用が想定されています。
OAuthでは,4種類のRole(ロール)が登場します。リソースオーナーは,アプリへアクセス許可を与える存在です。通常はアプリの利用者です。クライアントは,アプリを表します。認可サーバーは,認証・認可処理,認可コードやアクセストークン,リフレッシュトークンを発行します。リソースサーバーは,ユーザーデータ(リソース)を持っているサーバーです。
また,もうひとつ重要なのが,ユーザーエージェントです。通常,ユーザーエージェントはWebブラウザーのことです。リソースオーナーは,ユーザーエージェントを通してクライアントやサーバーとやりとりします。
フローの手順は次の通りです。アプリ利用者がWebサイトにアクセスした後から始まります。
①認証・認可画面(Webページ)へ移動します。通常,Webページにサインイン ボタンなどを表示し,アプリ利用者のクリックで移動します。移動先のLive Connect認可サーバーのエンドポイントは,以下のURLです。
URLのクエリーには,Client ID(クライアントID),スコープ,リダイレクト先のURLなどを指定します。
②リソースオーナーは,Windows Liveサービスへのサインインと,アプリが要求する内容を許可します。
③①で指定したリダイレクト先へ移動します。このとき,認可サーバーは,URLのクエリーに認可コードを付けてリダイレクトします。
Webアプリは,ユーザーエージェントを介して認可コードを受け取ります。
④クライアントは,認可サーバーにアクセストークンを要求します。次のURLにアクセスします。
URLのクエリーには,クライアントID,リダイレクトURL,Client Secret(クライアントシークレット),認可コードなどを指定します。
⑤認可サーバーは,アクセストークンを発行します。
以上が,認可のフローです。リフレッシュトークンは,リソースオーナーに認可された場合,アクセストークンと一緒に発行され,クライアントが受け取ります。
⑥クライアントは,リソースサーバーにリソースのアクセスを要求します。Live Connectでは,REST APIを利用します。

Implicit Grant Flow
もうひとつのアクセストークンを取得する方法は,Webブラウザー上で動くアプリ向けの方法です。JavaScript APIはこの方法を使っています。デスクトップアプリでも使えます。
この場合のクライアントは,JavaScriptなどで実装されたWebブラウザー上で動作するアプリです。Webサーバーには,クライアントのリソース(HTML文書やスクリプト)があります。
フローの手順は次の通りです。
①認証・認可画面(Webページ)へ移動します。
②リソースオーナーは,Windows Liveサービスへのサインインと,アプリが要求する内容を許可します。
③①で指定したURLへリダイレクトします。このとき,認可サーバーは,URLのフラグメントにアクセストークンを付けてリダイレクトします。
④ユーザーエージェントは,Webサーバー上のクライアントリソースのURLへリダイレクトします。このとき,URLの#以降のフラグメント部分にあるアクセストークンは,Webサーバーには送信されません。
⑤クライアントリソースは,JavaScriptなどのスクリプトを含むHTML文書を返します。
⑥ユーザーエージェントは,スクリプトを実行し,URLのフラグメントからアクセストークンを抽出します。
以上が,認可フローです。リソースへのアクセスは図では省略しています。リソースのアクセスは,ユーザーエージェントがアクセストークンを使ってリソースサーバーへ要求します。

ひとつめの認可コードを使う場合と比べると,アクセストークンをユーザーエージェントが持っている点が大きく異なります。また,この方法の場合,認可サーバーはリフレッシュトークンを発行しません。

以上が,OAuthで定義されている4種類のフローのうちの2種類でした。Live Connectでは,これ以外にJavaScript APIとサインインコントロールを使用したフローを用意しています。

2013年9月6日金曜日

Linux:VNC client:Copy Paste between Linux and Windows

Question: 
How to Copy Paste between Linux and windows applications using VNC Viewer?

Answer:
Make sure that ~/.vnc/xstartup on the server side contains the following line somewhere:
---------------------------
vncconfig -iconic &
or
vncconfig &
-----------------------------------
to ensure it's started automatically. If you already have a running VNC session
without an active instance of vncconfig, just open a terminal on your VNC desktop and start it manually.

Note:
Remember that if you press Ctrl+C to copy before you open the VNC connection, it will not work.

For detail:
http://lookupnotes.blogspot.jp/2012/10/copy-paste-vncviewer.html
http://superuser.com/questions/376877/copy-paste-clipboard-like-functionality-from-a-vnc-desktop

2013年9月2日月曜日

Android: import cannot be resolved

Recently I kept hitting an issue of Eclipse not recognising my imports (even though they were there). I was always getting the message:
import ClassName cannot be resolved.

You can try following:
1.‘Clean’ Your Eclipse Project:
 Go to Project > Clean in Eclipse
Refresh your project folder (right click on your project > refresh)
Re-build your project

2.Check your Android SDK version.
project-->Properties-->Android-->Project Build Target
Select target Name

3.default.properties
Modify project build target and android.library.reference.1


Hope those tips help!

Mobile and Social Related Demo & Architecture resource

google-api-javascript-client
https://code.google.com/p/google-api-javascript-client/

Using OAuth 2.0 with Google API in Phonegap / ChildBrowser
http://www.itsalif.info/content/oauth-google-api-gapi-phonegap-childbrowser-jquery

The Architecture of a Social Business
http://dachisgroup.com/2012/03/the-architecture-of-a-social-business/

Facebook Google Login OAuth
http://www.youtube.com/watch?v=Q8s8AyL71Uk

Google OAuth Demo: Step #1 Initial Preparations
http://www.youtube.com/watch?v=_uLB_vn0et0

Google OAuth Demo: Step #2 Getting the Client ID
http://www.youtube.com/watch?v=RHOjSJoXad0

Google OAuth Demo: Step #3 SMTP setup so as to invite UID/PWD users to use OAUth.
http://www.youtube.com/watch?v=qCRCJgAiJmU

OpenID Demo
http://www.youtube.com/watch?v=ihT9CloUyfA

Demo of a mobile app using OpenID and OAuth
http://www.youtube.com/watch?v=mRXH7hUbqbY

Social Architecture (a manifesto)
http://www.managementexchange.com/hack/social-architecture-manifesto
http://www.youtube.com/watch?v=HCmzZYETZ40

Google I/O 2010 - OpenID-based SSO & OAuth for Google Apps
http://www.youtube.com/watch?v=0L_dEOjhADQ

Android OAUTH Example
http://www.youtube.com/watch?v=25o0b2aEw0E

OpenAM OAuth 2.0 Authentication
http://www.youtube.com/watch?v=u3kqjbtB0l4

Social Media in Architecture
http://www.youtube.com/watch?v=4NwDeeu8QTM

Mobile App - Web Diversity; Internet, Mobile and Social Media Consultants.
http://www.youtube.com/watch?v=m-zYRczVYsQ

Learn how to build HTML5 jquery Mobile apps for ipad iphone android
http://www.youtube.com/watch?v=29wiTVbk8yk

Creating a Facebook login for your App
http://www.youtube.com/watch?v=EcYDm3QH0oM

Social Investment: New Possibilities for Business and Philanthropy
http://www.youtube.com/watch?v=Vaie2e0PYhI

The Architecture of Social Investment
http://www.youtube.com/watch?v=SDJE2JDcaaY

What Future for Social Investment?
http://www.youtube.com/watch?v=9ckNZXy5I_Q

Social Investment: New Possibilities for Business and Philanthropy
http://www.youtube.com/watch?v=Vaie2e0PYhI

What Future for Social Investment?
http://www.youtube.com/watch?v=9ckNZXy5I_Q

Google I/O 2010 - OpenID-based SSO & OAuth for Google Apps
http://www.youtube.com/watch?v=0L_dEOjhADQ

Android OAUTH Example
http://www.youtube.com/watch?v=25o0b2aEw0E

OpenAM OAuth 2.0 Authentication
http://www.youtube.com/watch?v=u3kqjbtB0l4

Social Media in Architecture
http://www.youtube.com/watch?v=4NwDeeu8QTM