Agorava Core 0.7.0 released

Posted by Antoine Sabot-Durand on Nov 20, 2013 | Comments

After 3 month of development, Agorava version 0.7.0 hit Maven Central today. It is from far the biggest evolution of the framework since its creation. Let’s see what’s new in this release

API & SPI stabilization

Probably the most important point for Agorava future : the framework has now a clean API (API and implementation were a bit mixed and moving a lot prior to that)

Introduction of new concepts

This version brings new concepts and tools that ease and rationalize OAuth interaction

OAuthLifeCycleService : a single entry point to manage "OAuth Dance"

OAuth initialization steps (the famous OAuth Dance) are now gathered in a single service bean : OAuthLifeCycleService. The startDanceFor() and endDance() methods ease the OAuth 1.0a and 2.0 initialization life cycle.

Repositories to store OAuthSessions

This version introduces UserSessionRepository which allows to handle and contain a collection of OAuthSession (connection to OAuth provider). A main repository bean GlobalRepository stored in CDI @ApplicationScoped contains all UserSessionRepository and is a convenient way to retrieve all OAuthSession on the server side for batch processing for instance.

UserSessionRepositoryResolver and SessionResolver

Depending on your use case UserSessionRepository (and their contained OAuthSession) can be store in different way. Thanks to UserSessionRepositoryResolver and SessionResolver you can define different way of storing and resolving repositories and session. Agora provide the following built-in resolver than can be activated in configuration file. These built-in resolver are :

  • session : the UserSessionRepository is stored in Http Session (@SessionScoped) it was the Agorava behavior before version 0.7.x

  • request : the UserSessionRepository is provided for the current Http Request (@RequestScoped) but you have to propagate the repoid url parameter with UserSessionRepository.getId() value to retrieve the repo at each request

  • cookie : the UserSessionRepository is provided for the current Http Request (@RequestScoped), a cookie is used on user browser to keep the track of her UserSessionRepository. You can specify the lifetime of the cookie int he config

  • application : the UserSessionRepository is provided for all the application time (@ApplicationScoped). Not suitable for a multi-user scenario but rather for desktop scenario or a web app providing a shared access to a unique Social Network

Reducing framework dependencies

This Agorava release reduced it’s dependencies to the minimum. The only dependecies are now :

  • Jackson library for JSon mapping

  • Deltaspike for CDI helpers.

Ready for other JSR 330 implementation

Agorava core is now ready to have a new implementation for another JSR 330 compliant framework like Dagger, Guice or Spring.

Want to give a try ?

check our Getting Started guide and give us your feedback.

Want to contribute ?

We really need contribution on core, doc, existing modules or new modules. So don’t hesitate to join us :

Agorava 0.7.0 Release notes


  • [AGOVA-48] - Remove Weld Core dependency management from Weld-1.x profile

  • [AGOVA-60] - Test don’t pass for OWB

  • [AGOVA-61] - SessionProducer get activated when producerscope in not definied

  • [AGOVA-62] - Passivation error for GlobalRepositoryImpl on GF / Weld 2.0.4

  • [AGOVA-63] - When using Weld 2.X on Wildfly 8 or Glassfish 4, looking for OAuthSession fails


  • [AGOVA-38] - Integrate Rest and OAuth engine in core

  • [AGOVA-49] - Remove BOM from parent

  • [AGOVA-54] - Adding support of Raw JSON / XML response

  • [AGOVA-55] - Upgrade Jackson to 2.X

  • [AGOVA-56] - Get rid of Guava

  • [AGOVA-57] - Get rid of Commons Codec

  • [AGOVA-58] - Gather testing profile in parent POM

  • [AGOVA-59] - Use RequestTuner to specialize request instead of creating specific OAuthService

Feature Request

  • [AGOVA-40] - OAuthSession production should be ready for all application type (not only Web with HttpSession)

  • [AGOVA-52] - Support to programmatically control callback URL pr auth request

  • [AGOVA-53] - OAuthComplete Event is unstable as a User facing API


  • [AGOVA-7] - Create API and common IMPL for JSR 330 compliant framework