Announcement Announcement Module
Collapse
No announcement yet.
Support for external ConnectionRepository ? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Support for external ConnectionRepository ?

    I already started implementing a connection repository to get all data from a webservice.

    Since I am integrating spring social to a GWT app, I would like to develop an android app as well. So, for me to use an external database, I would have to access thought my webservice.

    My question is: Did anyone already started a project or does spring has already something like that?

    if no one did, I can upload the project later.

  • #2
    I know of no such effort already underway, so if this is something you think will be valuable, then go for it.

    I do have a few questions, though:

    - What kind of service are you thinking of? SOAP-based or REST? Or something else?
    - I'd be interested in understanding what benefit a remote repository would provide. Why wouldn't you just use a repository that lives close to where the connection is made? For example, in the case of Android, why wouldn't you store the connection locally on the phone?
    - Even if you have a good reason to store it remotely, then how are you going to secure that connection between your app and the service? It seems to me that you'd need some form of token or credentials locally to be able to access the connection details kept remotely.

    I don't mean to tear down your idea, but am just wondering what benefits this provides. To me, it seems to bring about an unnecessary amount of complexity. But I'm willing to be convinced otherwise.

    Comment


    • #3
      No, I would not store the connection data object remotely, I would store just the connection details, like provider id = twitter, providerUserId = abc, refreshToken = 18833, ...

      Basically the app I am building, I have one user, that has many remote users (twitter, facebook ... accounts), so, in the android app, I would need to allow the same functionality as the web app.

      *I just started messing around with spring social, I basically added the samples that I found, and made it work with my already build app spring security auth system.

      For what I analyzed, easily I can extend ConnectionRepository, and create a restfull webservice client, and a restfull webservice to provide the data for this RestfullConnectionRepository.

      Comment


      • #4
        Originally posted by lucas1223 View Post
        No, I would not store the connection data object remotely, I would store just the connection details, like provider id = twitter, providerUserId = abc, refreshToken = 18833, ...
        Yeah, that's what I also meant by connection data...the stuff that connection repository stores.

        Basically the app I am building, I have one user, that has many remote users (twitter, facebook ... accounts), so, in the android app, I would need to allow the same functionality as the web app.
        I'm still unclear as to why you couldn't just store the connection data on the Android for the Android portion of the app and on the server for some web portion of the app. In fact, that's the desired intent is that each client would have its own connection (e.g., it's own access token).

        For what I analyzed, easily I can extend ConnectionRepository, and create a restfull webservice client, and a restfull webservice to provide the data for this RestfullConnectionRepository.
        Again, I'm concerned about the complexity when it would make sense to simply store the connection details on the Android app itself. I'm also concerned with how that REST service would be secured.

        Comment


        • #5
          I understood your point, but

          still lets suppose I have a user called lucas on my system that was created when I sign in with my lucas1223 twitter account.

          So, I have a local user with one social account. (this would allow one local user to have multiple social accounts associated)

          Lets say I try your approach. I go to my android device, go to the app and do a sign in by twitter lucas1223 account, the android app would require the user to create an local account in my system. Basically, I would still have to verify if that providerId and providerUserId exists on my system, otherwise, I could have duplicate users.

          In a way or another I would have to kind of control the access thought a restfull webservice, even if I dont store all the data there: that could be a good idea, to not store remotely connection data.

          But still, I really dont see the risk of exposing a restfull webservice, if I obviously secure it thought spring, and require access by only some kind of own technical user, thought https, and with encrypted data, I would believe it would be safe. Only the android app and the web app would have access to the data.

          Question:How would you do your app that have different clients if a social account is simply a link to the user system account ? I really dont see how can I control who accesses what, and who does what, if I cant store those in my own system.

          *thanks for the replies

          Comment

          Working...
          X