REST中的Oauth实现

时间:2013-09-25 12:36:59

标签: java rest authentication oauth

您好我已经实现了RESTful Web服务的一个基本示例,我正在尝试在eclipse的src文件夹中实现Oauth客户端和Server(Provider)。 这是我的OauthClient.java

    import javax.annotation.security.RolesAllowed;
    import javax.ws.rs.GET;
    import javax.ws.rs.Produces;
    import javax.ws.rs.Path;
    import com.sun.jersey.api.client.*;
    import com.sun.jersey.oauth.client.OAuthClientFilter;

   import com.sun.jersey.oauth.signature.OAuthParameters;
   import com.sun.jersey.oauth.signature.OAuthSecrets;

   import javax.ws.rs.core.*;


  @Path("/OauthClient")
  @RolesAllowed({"admin"})   
  public class OauthClient 
   {
@GET
@Path("/oauth_client")
@Produces(MediaType.TEXT_PLAIN)

public String oauthClient()
{

    // establish the parameters that will be used to sign the request
    OAuthParameters params = new            OAuthParameters().consumerKey("hoge").signatureMethod("HMAC-SHA1").timestamp().nonce().version("1.1").token("sho1get");
    // establish the secrets that will be used to sign the request
    OAuthSecrets secrets = new OAuthSecrets().consumerSecret("testtest").tokenSecret("testtest");


    Client client = Client.create();
    // OAuth test server resource
    WebResource resource = client.resource("http://localhost:8080/RestfulWS/rest/OauthServer/oauth_provider");

    // if parameters and secrets remain static, filter can be added to each web resource
    OAuthClientFilter filter = new OAuthClientFilter(client.getProviders(), params, secrets);
    // filter added at the web resource level
    resource.addFilter(filter);


    System.out.println("==== Client =====");

    // make the request (signing it in the process)
    return resource.get(String.class);
}


    }

和OauthServer.java是

   import javax.annotation.security.RolesAllowed;
   import javax.ws.rs.GET;
   import javax.ws.rs.Path;
   import javax.ws.rs.Produces;
   import javax.ws.rs.core.Context;
   import javax.ws.rs.core.MediaType;

   //import com.sun.jersey.api.client.UniformInterfaceException;
   import com.sun.jersey.api.core.HttpContext;
   import com.sun.jersey.oauth.server.OAuthServerRequest;
   import com.sun.jersey.oauth.signature.OAuthParameters;
   import com.sun.jersey.oauth.signature.OAuthSecrets;
   import com.sun.jersey.oauth.signature.OAuthSignature;
   import com.sun.jersey.oauth.signature.OAuthSignatureException;


      @Path("/OauthServer")
      @RolesAllowed({"admin"}) 
       public class OauthServer {


@GET
@Path("/oauth_provider")
@Produces(MediaType.TEXT_PLAIN)
public String oauthProvider(@Context HttpContext context) 
{   

    // wrap an existing request with server request
    OAuthServerRequest request = new OAuthServerRequest(context.getRequest());

    // baseline OAuth parameters for access to resource
    OAuthParameters params = new OAuthParameters().readRequest(request);
    // OAuth secrets to access resource
    OAuthSecrets secrets = new OAuthSecrets().consumerSecret("hoge").tokenSecret("testtest");

    //   String timestamp = params.getTimestamp();
     try {
            /* The error occurs here. */
            if (OAuthSignature.verify(request, params, secrets)) {
                return "OK";
            }
        } catch (OAuthSignatureException e) {
//          log.warning(e.getMessage());
    //          } catch (UniformInterfaceException e) {
    ////                log.warning(e.getMessage());
    //          } catch (Exception e) {
    //              log.warning(e.getMessage());
        }

        return "ERROR";
}


    }

如何运行这个以实现Oauth身份验证,我们是否必须编写一些JSP?请提出建议。

0 个答案:

没有答案