OAuth 401未经授权

Question

所以学习仍然，但我从下面的代码中获得了一个未经授权的错误401。我知道OAuth标头工作，因为它在邮递员工作，所以我假设P​​OST请求/ Auth标头有问题？有什么想法吗？

//set timestamp
            Long timestamp = System.currentTimeMillis()/1000;
            //set nonce ***** call from main system*************************************************************
            String aString = randomAlphaNumeric(11);
            // other stuff
            RestTemplate restTemplate = new RestTemplate();
            restTemplate.getMessageConverters().add(new StringHttpMessageConverter());
            HttpHeaders headers = new HttpHeaders();
            String url = "aURL";
            headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
           // String auth = Base64.getEncoder().encodeToString(credentials.getBytes());
            List<NameValuePair> oauthHeaders = new ArrayList<>(9);
            oauthHeaders.add(new BasicNameValuePair("oauth_consumer_key", "aKey"));
            oauthHeaders.add(new BasicNameValuePair("oauth_nonce", aString));
            oauthHeaders.add(new BasicNameValuePair("oauth_timestamp", String.valueOf(timestamp)));
            oauthHeaders.add(new BasicNameValuePair("oauth_signature_method", "HMAC-SHA1"));
            oauthHeaders.add(new BasicNameValuePair("oauth_version", "1.0"));
            //generate signature
            //encode
            String encodedURL = encode(oauthHeaders.toString());
            System.out.println("encoded URL:" +encodedURL);
            //form base string
            String baseString = "POST&"+encode(url).toString()+encodedURL;
            System.out.println("Base String:  "+baseString);
            //form signature
            byte[] byteHMAC = null;
            try {

                Mac mac = Mac.getInstance("HmacSHA1");
                SecretKeySpec spec;
                if (null == secretKey) {
                    String signingKey = encode(secretKey) + '&';
                    spec = new SecretKeySpec(signingKey.getBytes(), "HmacSHA1");
                } else {
                    String signingKey = encode(secretKey) + '&' + encode(secretKey);
                    spec = new SecretKeySpec(signingKey.getBytes(), "HmacSHA1");
                }
                mac.init(spec);
                byteHMAC = mac.doFinal(baseString.getBytes());
            } catch (Exception e) {
                e.printStackTrace();
            }
            String signature = new BASE64Encoder().encode(byteHMAC);
            System.out.println("oauth signature:    "+signature);


            //set signature to params
            oauthHeaders.add(new BasicNameValuePair("oauth_signature", signature));
            String test = "OAuth "+oauthHeaders.toString();
            headers.set("Authorization", test);
            MultiValueMap<String, String> map = new LinkedMultiValueMap<String, String>();
            map.add("Name",name.toString());
            map.add("Region",region.toString());


            HttpEntity<MultiValueMap<String, String>> requestEntity= new HttpEntity<MultiValueMap<String, String>>(headers, map);
            System.out.println(requestEntity);
            ResponseEntity<String> response= restTemplate.exchange(url ,HttpMethod.POST, requestEntity, String.class);
            System.out.println(response.toString());
            HttpStatus status = response.getStatusCode();
            status.toString();
            if(status.equals("200")){
                Notification.show("Employer" + name +" added successfully");
            }
            else{
                Notification.show("Unsuccessful, error: "+status);
            }


        }

出于显而易见的原因删除了URL和使用者密钥/签名。

以下系统输出打印也可能有所帮助：

编码的参数：  ％5Boauth_consumer_key％3aKey％2C％20oauth_nonce％3DWZU8H1B5JA6％2C％20oauth_timestamp％3D1511621759％2C％20oauth_signature_method％3DHMAC-SHA1％2C％20oauth_version％3D1.0％5D

基本字符串：POST＆amp; https％3A％2F％2Fapi.test.payrun.io％2FEmployer％5Boauth_consumer_key％3aKey％2C％20oauth_nonce％3DWZU8H1B5JA6％2C％20oauth_timestamp％3D1511621759％2C％20oauth_signature_method％3DHMAC-SHA1％2C％ 20oauth_version％3D1.0％5D

oauth签名：DlRJGSzgRIItzz + LzMbgnIfbOqU =

Answer 1

oauth_signature的值是错误的。您使用asignature作为oauth_signature的值，但您必须为请求计算正确的值并将其设置为oauth_signature。如果oauth_signature的值错误，服务器将拒绝您的请求。有关详细信息，请参阅3.4. Signature（OAuth 1.0协议）中的＆＃34; RFC 5849＆＃34; 。

Answer 2

对于想要完成此项工作的任何人，请参阅下面的完整OAuth Generator示例：）：

{{1}}