This repository contains a proof-of-concept for indirect communication between a Java applet and Facebook using PHP as a proxy.
The architecture is as follows:
-
The user visits the application on Facebook, and
index.php
is displayed -
If the user is logged in to Facebook,
index.php
displays the applet- Otherwise the user is told to login to Facebook first
-
index.php
passes the current user's authentication token to the applet -
The applet loads and calls
fbproxy.php
on the server, passing it the Facebook authentication token that was passed to it, and requesting the user's profile details from Facebook -
The details are retrieved by
fbproxy.php
and returned to the applet in JSON format, where they are displayed -
Next, the applet calls
fbproxy.php
on the server, again passing it the Facebook authentication token passed to it, but this time requesting the user's list of friends on Facebook -
The list is retrieved by
fbproxy.php
and returned to the applet in JSON format, where it is displayed -
Finally, the applet calls
fbproxy.php
on the server, requesting the user's profile photo. Now, fbproxy.php could just return the URL of the user's profile photo on Facebook, but, of course, the applet cannot call Facebook due to the sandbox -- it can only call back the server. To work around this,fbproxy.php
downloads the image from Facebook and stores it on the server. It then sends the image data to the applet where it is displayed -
Each time the user selects a friend from his/her friends list in the applet, the applet calls
fbproxy.php
on the serer, requesting the friend's photo. Once again, the phoot is downloaded to the server and returned to the applet where it is displayed.
These instructions assume your web server root is at /var/www/
.
-
SSH into your server and switch to root
-
Change to
/var/www
and clone the repository:git clone git://github.com/jsuwo/facebook-applet-server.git
-
Rename the directory to
facebook
:mv facebook-applet-server facebook
-
Ensure permissions are set properly:
chown -R root:root facebook # Make root the owner of all files/directories (should be anyway) chmod 755 facebook # Give the 'facebook' directory 755 permissions cd facebook # Change to the 'facebook' directory find -type f | xargs chmod 644 # Give all files 644 permissions find -type d | xargs chmod 755 # Give all directories 755 permissions
-
Make the
photos
directory writeable to all so that the PHP script can download profile photos from Facebook and save them there:chmod 777 photos
-
Edit the file
includes/config.php.inc
and fill in your Facebook app details. Specifically, you will need to specify theappId
andsecret
for your app, which can be obtained from https://developers.facebook.com/apps
$facebook = new Facebook(array( 'appId' => 'YOUR APP ID HERE', 'secret' => 'YOUR APP SECRET HERE', 'cookie' => true ));
Additionally, you will need to specify the URL for your app on Facebook in the `app_url`
variable. This is listed under the heading *Canvas Page* in your app summary at
https://developers.facebook.com/apps
````php
$app_url = 'YOUR CANVAS URL HERE';
For example, if your app is named testqwe
, then you would enter
$app_url = 'https://apps.facebook.com/testqwe/';
Notice that this is the URL of your app on Facebook -- not the URL of your server.
-
Edit the file
java/launch.jnlp
and change the codebase attribute to reflect the hostname of your server. Be sure to useHTTPS
. Don't forget the/facebook/java
at the end of the URL. For example, if your hostname isexample.com
, then the entire line should read:<jnlp codebase="https://example.com/facebook/java" href="launch.jnlp" spec="1.0+">
Notice that
https
is being used, and the path/facebook/java
has been specified after the hostname. -
Edit your application configuration on Facebook and change the following settings:
- Canvas URL:
http://YOUR_HOSTNAME/facebook/
- Secure Canvas URL:
https://YOUR_HOSTNAME/facebook/
- Canvas URL:
-
Save your changes and visit your app's page. The applet should run and all should work.
-
If you're using a self-signed SSL certificate, you need to make sure that either the server's certificate or the certificate of the root authority is imported into your browser's / operating system's list of trusted certificates,
-
It is immensely useful to see what Facebook is returning to your PHP script.
You can print out the contents of a variable in PHP using the following:print_r($my_var);
-
It is also extremely useful to test the PHP script to see what it is returning to your applet. You can do so by simply visiting the
fbproxy.php
script in your browser. For example, if I wanted to see what therefresh_profile
task returns, I can just go to:http://hostname/facebook/fbproxy.php?do=refresh_profile&access_token=MY_ACCESS_TOKEN
Similarly, to get my friend list, I can go to:
http://hostname/facebook/fbproxy.php?do=refresh_friends&access_token=MY_ACCESS_TOKEN
Of course, in order to properly authenticate, you will need to find out your Facebook access token. You can do this by writing a quick PHP script to print out your token. Create a script
print_token.php
and place it in the same directory asfbtoken.php
:<?php require_once 'includes/config.php.inc'; echo $facebook->getAccessToken(); ?>
-
My system kept caching my old applet code (even though I disabled this in the Java control panel) and wouldn't display new changes to the applet in my browser until I killed my Java process (i.e. simply closing the tab and reopening the page on a new tab was not sufficient). YMMV here.
-
I put an error console in the applet that should display any exceptions that occur in the applet. Still, if nothing is showing up and your Java console doesn't show anything, then check out the web server's error log:
cat /var/log/apache/error.log
You can poll for changes in the error log by issuing the following command. Then go and run your script and see if anything appears in the log. Press
Ctrl+C
to stop polling.tail -f /var/log/apache/error.log
The source code for the applet is located in the java/src
directory. If you
are going to edit it, I highly recommend doing so in NetBeans since, otherwise,
you won't be able to use a GUI editor to design FacebookApplet.java
.
The main classes are:
-
ca.uwo.csd.cs2212.FacebookApplet
- Main applet class
-
ca.uwo.csd.cs2212.facebook.FacebookClient
-
Used to communicate with the Facebook proxy script (i.e. the PHP script on the server). This script uses the following libraries:
-
Apache HttpComponents (http://hc.apache.org/) for all HTTP communication. See http://hc.apache.org/httpcomponents-client-ga/tutorial/html/ for a tutorial.
-
simple-json (http://code.google.com/p/json-simple/) for parsing JSON server responses. See http://code.google.com/p/json-simple/wiki/DecodingExamples for examples of decoding JSON responses using the library.
-
-
-
The rest of the classes are fairly minor. All have been commented at least to some extent, so you can see their purpose in the source code.
-
Check out the Graph API documentation at https://developers.facebook.com/docs/reference/api/.
-
If you want to do more than just grabbing data from Facebook (e.g. posting a message to a wall), then you will need to request extended permissions. See the documentation at https://developers.facebook.com/docs/authentication/permissions/#user_friends_perms.