• Stars
    star
    156
  • Rank 239,589 (Top 5 %)
  • Language
    Java
  • License
    Apache License 2.0
  • Created about 10 years ago
  • Updated 25 days ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The Box SDK for Java.

โ€œbox-dev-logoโ€

Box Java SDK

Project Status Platform License Build main Coverage

The Box Java SDK for interacting with the Box Content API.

Latest Release

Latest release can be found here.

Upgrades

You can read about how to migrate to the 4 version here.

Versions

We use a modified version of Semantic Versioning for all changes. See version strategy for details which is effective from 30 July 2022.

Supported Version

Only the current MAJOR version of SDK is supported. New features, functionality, bug fixes, and security updates will only be added to the current MAJOR version.

A current release is on the leading edge of our SDK development, and is intended for customers who are in active development and want the latest and greatest features. Instead of stating a release date for a new feature, we set a fixed minor or patch release cadence of maximum 2-3 months (while we may release more often). At the same time, there is no schedule for major or breaking release. Instead, we will communicate one quarter in advance the upcoming breaking change to allow customers to plan for the upgrade. We always recommend that all users run the latest available minor release for whatever major version is in use. We highly recommend upgrading to the latest SDK major release at the earliest convenient time and before the EOL date.

Version schedule

Version Supported Environments State First Release EOL/Terminated
4 Java 8 and up Supported 17 Jan 2023 TBD
3 Java 8 and up EOL 17 Jan 2022 17 Jan 2023
2 EOL 07 Jan 2016 17 Jan 2022
1 EOL 15 Apr 2015 07 Jan 2016

Getting Started

Getting Started Docs: https://developer.box.com/guides/tooling/sdks/java/ API Reference: https://developer.box.com/reference/

JVM

The SDK can be obtained by adding it as a maven dependency, cloning the source into your project, or by downloading one of the precompiled JARs from the releases page on GitHub.

If you are developing application for Android visit our Android guide

IF YOU USE THE JAR, you'll also need to include several dependencies:

  1. minimal-json v0.9.5 Maven: com.eclipsesource.minimal-json:minimal-json:0.9.5
  2. jose4j v0.9.4 Maven: org.bitbucket.b_c:jose4j:0.9.4
  3. bouncycastle bcprov-jdk18on v1.77 Maven: org.bouncycastle:bcprov-jdk18on:1.77
  4. bouncycastle bcpkix-jdk18on v1.77 Maven: org.bouncycastle:bcpkix-jdk18on:1.77
  5. Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 If you don't install this, you'll get an exception about key length or exception about parsing PKCS private key for Box Developer Edition. This is not a Box thing, this is a U.S. Government requirement concerning strong encryption. The listed jar is for Oracle JRE. There might be other similar JARs for different JRE versions like the one below for IBM JDK Java Cryptography Extension for IBM JDK
  6. okhttp v4.12.0 Maven: com.squareup.okhttp3:okhttp:4.12.0
  7. okio-jvm v3.2.0 Maven: com.squareup.okio:okio-jvm:3.2.0
  8. kotlin-stdlib v1.6.20 Maven: org.jetbrains.kotlin:kotlin-stdlib:1.6.20
  9. kotlin-stdlib-common v1.6.20 Maven: org.jetbrains.kotlin:kotlin-stdlib-common:1.6.20

An app has to be authorized by the admin of the enterprise before these tests. It's always good to begin with the Getting Started Section at Box's developer website.

Android

If you are developing application for Android visit our Android guide.

Box Java SDK and other frameworks

Box Java SDK utilizes the OkHttp client as its underlying component. This client is widely adopted by various frameworks, which can occasionally result in issues. We recommend considering library upgrades or excluding OkHttp from those frameworks or the software development kit (SDK) to determine if that resolves the problems. Typically, it is advisable to search for any reports or instances where others encountered similar issues when using the specific framework alongside an external OkHttp client.

Quick Test

Following things work only if the app has been configured and authorized as mentioned here

Here is a simple example of how to authenticate with the API using a developer token and then print the ID and name of each item in your root folder.

BoxAPIConnection api = new BoxAPIConnection("developer-token");
BoxFolder rootFolder = BoxFolder.getRootFolder(api);
for (BoxItem.Info itemInfo : rootFolder) {
    System.out.format("[%s] %s\n", itemInfo.getID(), itemInfo.getName());
}

For more details on how to get started, check out the overview guide. It has a short explanation of how the SDK works and how you can get started using it.

Sample Projects

Three sample projects can be found in src/example.

Main

This project will output your name and a list of the files and folders in your root directory.

To run the project, first provide a developer token in src/example/java/com/box/sdk/example/Main.java. You can obtain a developer token from your application's developer console.

public final class Main {
    private static final String DEVELOPER_TOKEN = "<YOUR_DEVELOPER_TOKEN>";

    // ...
}

Then just invoke gradle runExample to run the Main example!

Other projects

Below projects need app configurations stored in JSON format in config.json file at location src/example/config/.

This configuration file can be downloaded from your application's Configuration tab in the developer console

CreateAppUser

This project will output the user id of enterprise admin and will create a new App User for the enterprise.

To run the project, first provide the name of the app user in src/example/java/com/box/sdk/example/CreateAppUser.java.

public final class CreateAppUser {

    private static final String APP_USER_NAME = "";
    private static final String EXTERNAL_APP_USER_ID = "";

    // ...
}

Then just invoke gradle runCreateAppUser to run the CreateAppUser example!

Note: The JCE bundled with oracle JRE supports keys upto 128 bit length only. To use larger cryptographic keys, install JCE Unlimited Strength Jurisdiction Policy Files.

AccessAsAppUser

This project will retrieve the information of the given App User and will list the files/folders under root folder.

To run the project, first provide the Id of the app user in src/example/java/com/box/sdk/example/CreateAppUser.java.

public final class AccessAsAppUser {

    private static final String USER_ID = "";

    // ...
}

Then just invoke gradle runAccessAsAppUser to run the AccessAsAppUser example!

Note: The JCE bundled with oracle JRE supports keys upto 128 bit length only. To use larger cryptographic keys, install JCE Unlimited Strength Jurisdiction Policy Files.

BoxDeveloperEditionAPIConnectionAsEnterpriseUser

This example shows how to get tokens for an enterprise user, say admin of the enterprise and do actions on behalf of admin.

To run the project, follow below steps

  1. Turn on Enterprise in Application Access section in Developer Console for the app

  2. Turn on Generate User Access Tokens in Advanced Features section in Developer Console for the app

  3. Provide the Id of the admin user (or any enterprise user) in src/example/java/com/box/sdk/example/BoxDeveloperEditionAPIConnectionAsEnterpriseUser.java.

public final class BoxDeveloperEditionAPIConnectionAsEnterpriseUser {

   private static final String USER_ID = "";
   // ...
   Reader reader = new FileReader("src/example/config/config.json");
   BoxConfig boxConfig = BoxConfig.readFrom(reader);
   IAccessTokenCache accessTokenCache = new InMemoryLRUAccessTokenCache(10);

   BoxDeveloperEditionAPIConnection api = new BoxDeveloperEditionAPIConnection(
           USER_ID,
           DeveloperEditionEntityType.USER,
           boxConfig,
           accessTokenCache
   );
}

Compatibility

The Box Java SDK is compatible with Java 8 and up.

Building

The SDK uses Gradle for its build system. SDK comes with Gradle wrapper. Running ./gradlew build from the root of the repository will compile, lint, and test the SDK.

$ ./gradlew build

The SDK also includes integration tests which make real API calls, and therefore are run separately from unit tests. Integration tests should be run against a test account since they create and delete data. To run the integration tests, remove the .template extension from src/test/config/config.properties.template and fill in your test account's information. Then run:

$ ./gradlew integrationTest

Documentation

You can find guides and tutorials in the doc directory.

Javadocs are generated when gradle javadoc is run and can be found in build/doc/javadoc.

FIPS 140-2 Compliance

To generate a Json Web Signature used for retrieving tokens in the JWT authentication method, the Box Java SDK decrypts an encrypted private key. For this purpose, Box Java SDK uses libraries (org.bouncycastle:bcpkix-jdk18on:1.77 and org.bouncycastle:bcprov-jdk18on:1.77) that are NOT compatible with FIPS 140-2 validated cryptographic library (org.bouncycastle:bc-fips).

There are two ways of ensuring that decryption operation is FIPS-compiant.

  1. You can provide a custom implementation of the IPrivateKeyDecryptor interface, which performs the decryption operation using FIPS-certified library of your choice. The interface requires the implementation of just one method:
PrivateKey decryptPrivateKey(String encryptedPrivateKey, String passphrase);

After implementing the custom decryptor, you need to set your custom decryptor class in the Box Config. Below is an example of setting up a BoxDeveloperEditionAPIConnection with a config file and the custom decryptor.

Reader reader = new FileReader(JWT_CONFIG_PATH);
BoxConfig boxConfig = BoxConfig.readFrom(reader);
boxConfig.setPrivateKeyDecryptor(customDecryptor)
BoxDeveloperEditionAPIConnection api = BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(boxConfig);
  1. Alternative method is to override the Bouncy Castle libraries to the v.1.57 version, which are compatible with the FIPS 140-2 validated cryptographic library (org.bouncycastle:bc-fips).

NOTE: This solution is not recommended as Bouncy Castle v.1.57 has some moderate vulnerabilities reported against those versions, including:

  • CVE-2020-26939 - Observable Differences in Behavior to Error Inputs in Bouncy Castle
  • CVE-2020-15522 - Timing based private key exposure in Bouncy Castle

Furthermore,using Bouncy Castle v.1.57 may lead to Bouncycastle BadPaddingException for JWT auth.

Gradle example

implementation('com.box:box-java-sdk:x.y.z') {
   exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on'
   exclude group: 'org.bouncycastle', module: 'bcpkix-jdk15on'
}
runtimeOnly('org.bouncycastle:bcprov-jdk15on:1.57')
runtimeOnly('org.bouncycastle:bcpkix-jdk15on:1.57')

Maven example:

<dependencies>
   <dependency>
      <groupId>com.box</groupId>
      <artifactId>box-java-sdk</artifactId>
      <version>x.y.z</version>
      <scope>compile</scope>
      <exclusions>
        <exclusion>
          <groupId>org.bouncycastle</groupId>
          <artifactId>bcprov-jdk15on</artifactId>
        </exclusion>
         <exclusion>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcpkix-jdk15on</artifactId>
         </exclusion>
      </exclusions> 
   </dependency>
   <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcprov-jdk15on</artifactId>
      <version>1.57</version>
      <scope>runtime</scope>
   </dependency>
   <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcpkix-jdk15on</artifactId>
      <version>1.57</version>
      <scope>runtime</scope>
   </dependency>
</dependencies>

Bouncycastle BadPaddingException for JWT auth

As of October 2023, RSA keypairs generated on the Developer Console (refer to the Generate a keypair guide) are no longer compatible with Bouncy Castle version 1.57, which was utilized in the Box Java SDK up to v4.6.1. Attempting to use a JWT configuration downloaded from the Developer Console results in a javax.crypto.BadPaddingException: pad block corrupted error. Prossible solutions:

  1. Upgrade to the v4.7.0 of Box Java SDK, which uses newer version of the Bouncy Castle library. (recommended)
  2. Manually generate a keypair using OpenSSL version 1.0.x and add the Public Key to the Developer Console. The manually add keypair guide provides assistance in this process.

Copyright and License

Copyright 2019 Box, Inc. All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

More Repositories

1

spout

Read and write spreadsheet files (CSV, XLSX and ODS), in a fast and scalable way
PHP
4,219
star
2

t3js

DEPRECATED - A minimal component-based JavaScript framework
JavaScript
1,557
star
3

Anemometer

Box SQL Slow Query Monitor
JavaScript
1,369
star
4

kube-applier

kube-applier enables automated deployment and declarative configuration for your Kubernetes cluster.
Go
630
star
5

kube-iptables-tailer

A service for better network visibility for your Kubernetes clusters.
Go
538
star
6

box-ui-elements

React Components for Box's Design System and Pluggable Components
JavaScript
532
star
7

box-python-sdk

Box SDK for Python
Python
420
star
8

mojito

An automation platform that enables continuous localization.
Java
367
star
9

flaky

Plugin for nose or pytest that automatically reruns flaky tests.
Python
347
star
10

viewer.js

A viewer for documents converted with the Box View API
JavaScript
335
star
11

stalker

A jQuery plugin allowing elements to follow the user as they scroll a page.
JavaScript
227
star
12

boxcli

A command line interface for interacting with the Box API.
JavaScript
197
star
13

box-windows-sdk-v2

Windows SDK for v2 of the Box API. The SDK is built upon .NET Framework 4.5
C#
186
star
14

ClusterRunner

ClusterRunner makes it easy to parallelize test suites across your infrastructure in the fastest and most efficient way possible.
Python
180
star
15

box-node-sdk

A Javascript interface for interacting with the Box API. You can find the node package at
JavaScript
177
star
16

augmented_types

A PHP extension to enforce parameter and return type annotations
C++
166
star
17

bart

A collection of our critical PHP tools
PHP
163
star
18

memsniff

A tool for recording and displaying statistics on memcached traffic written in golang.
Go
143
star
19

genty

Genty, pronounced "gen-tee", stands for "generate tests". It promotes generative testing, where a single test can execute over a variety of input.
Python
119
star
20

box-ios-sdk

iOS SDK for the Box Content API
Swift
117
star
21

kube-exec-controller

An admission controller service and kubectl plugin to handle container drift in K8s clusters
Go
109
star
22

RainGauge

RainGauge
JavaScript
107
star
23

box-content-preview

JavaScript library for rendering files stored on Box
JavaScript
105
star
24

leche

DEPRECATED - Testing extensions for Mocha and Sinon
JavaScript
103
star
25

box-openapi

OpenAPI 3.0 Specification for the Box APIs
JavaScript
93
star
26

rotunicode

Python library for converting between a string of ASCII and Unicode chars maintaining readability
Python
77
star
27

brainy

A faster, safer templating library for PHP
PHP
66
star
28

mysqlutilities

Box's MySQL Utilities
Shell
65
star
29

samples

Code snippets and samples to demonstrate how to get the most out of the Box platform & API
JavaScript
64
star
30

box-android-sdk

Java
62
star
31

box-salesforce-sdk

This is the Salesforce SDK for integrating with the Box Platform.
Apex
57
star
32

box-android-apptoapp-sdk

This SDK supports Box OneCloud integrations on Android that handle file โ€˜roundtripsโ€™. That is, it enables file open-edit-save scenarios between the Box app and partner apps without the need for partner apps to authenticate a Box user independently.
Java
57
star
33

fast_assert

PHP
37
star
34

StatusWolf

Configurable operations dashboard designed to bring together the disparate datasources that operations teams need to manage and present them in a flexible and beautiful way.
PHP
36
star
35

shmock

SHorthand for MOCKing in PHPUnit
PHP
34
star
36

Makefile.test

A makefile used for running test executables
Python
32
star
37

error-reporting-with-kubernetes-events

A demonstration of how Box utilizes Kubernetes CustomResourceDefinitions and Events
Go
32
star
38

box-skills-kit-nodejs

Official toolkit library and boilerplate code for developing Box Skills.
JavaScript
27
star
39

box-python-sdk-gen

Repository for generated Box Python SDK
Python
26
star
40

shalam

DEPRECATED - A friendly tool for CSS spriting
JavaScript
25
star
41

developer.box.com

Box Developer Documentation - Content & Configuration
JavaScript
24
star
42

box-ios-browse-sdk

Objective-C
18
star
43

wavectl

Command Line Client For Wavefront
Python
18
star
44

box-ios-preview-sdk

Box iOS Preview SDK
Swift
17
star
45

clusterrunner-javascript-sdk

ClusterRunner JavaScript SDK that works in both node and browsers
HTML
16
star
46

box-typescript-sdk-gen

Repository for generated Box TS SDK
TypeScript
15
star
47

box-ui-elements-demo

Demo react app for UI Elements
JavaScript
14
star
48

sdks

SDKs, CLI and other tools for using Box Platform
14
star
49

box-android-preview-sdk

Box Android Preview SDK
Java
13
star
50

box-android-browse-sdk

Java
12
star
51

hdrCompressor

Tool for saving HDR file as RGBM, RGBD, RGBE or LogLuv TGA file.
C
12
star
52

box-annotations

JavaScript library for annotations on files rendered with Box Content Preview
TypeScript
11
star
53

etcdb

Etcd PEP 249 driver.
Python
10
star
54

box-content-preview-demo

Demo React App using the Preview UI Element
JavaScript
8
star
55

box-postman

The official Box Postman Collection
JavaScript
7
star
56

box-dotnet-sdk-gen

Repository for Box .NET autogenerated SDK
C#
6
star
57

verold.github.io

Verold developer docs and tutorials
JavaScript
5
star
58

uploaders

Write your own custom uploader to send 3D models/textures to Verold Studio.
4
star
59

box-ios-share-sdk

Objective-C
4
star
60

box-windows-metadata-sdk-v2

Box Metadata C# SDK Plugin
C#
4
star
61

homebrew-mojito

Homebrew tap for Box/mojito
Ruby
3
star
62

box-developer-changelog

Box Developer Changelog
JavaScript
3
star
63

box-languages

Languages used by other box projects
JavaScript
2
star
64

box-android-share-sdk

Java
2
star
65

puppet-clusterrunner

Installs ClusterRunner using Puppet
Puppet
2
star
66

box-java-sdk-samples

Sample apps for the Box Java SDK.
Java
2
star
67

cla

Landing page for CLA Agreements
1
star