我正在研究oauth 1 Sparklr and Tonr示例应用,我试图创建一个两条腿的电话。 Hipoteticly你唯一应该做的就是改变消费者详细信息服务(我省略igoogle消费者信息以简化):
<oauth:consumer-details-service id="consumerDetails">
<oauth:consumer name="Tonr.com" key="tonr-consumer-key" secret="SHHHHH!!!!!!!!!!"
resourceName="Your Photos" resourceDescription="Your photos that you have uploaded to sparklr.com."/>
</oauth:consumer-details-service>
为:
<oauth:consumer-details-service id="consumerDetails">
<oauth:consumer name="Tonr.com" key="tonr-consumer-key" secret="SHHHHH!!!!!!!!!!"
resourceName="Your Photos" resourceDescription="Your photos that you have uploaded to sparklr.com."
requiredToObtainAuthenticatedToken="false" authorities="ROLE_CONSUMER"/>
</oauth:consumer-details-service>
添加 requiredToObtainAuthenticatedToken 和权限,这将导致消费者受信任,因此会跳过所有验证过程。
但是我仍然可以从Sparklr应用程序获得登录和确认屏幕。官方文档的当前状态非常不稳定,因为该项目被Spring吸收,因此它充满了断开的链接和模糊的指令。据我所知,客户端代码不需要进行任何更改,因此我基本上没有想法。我发现人们实际上声称Spring-Oauth客户不支持双腿访问(我发现很难相信)
我发现这样做的唯一方法是创建我自己的ConsumerSupport:
private OAuthConsumerSupport createConsumerSupport() {
CoreOAuthConsumerSupport consumerSupport = new CoreOAuthConsumerSupport();
consumerSupport.setStreamHandlerFactory(new DefaultOAuthURLStreamHandlerFactory());
consumerSupport.setProtectedResourceDetailsService(new ProtectedResourceDetailsService() {
public ProtectedResourceDetails loadProtectedResourceDetailsById(
String id) throws IllegalArgumentException {
SignatureSecret secret = new SharedConsumerSecret(
CONSUMER_SECRET);
BaseProtectedResourceDetails result = new BaseProtectedResourceDetails();
result.setConsumerKey(CONSUMER_KEY);
result.setSharedSecret(secret);
result.setSignatureMethod(SIGNATURE_METHOD);
result.setUse10a(true);
result.setRequestTokenURL(SERVER_URL_OAUTH_REQUEST);
result.setAccessTokenURL(SERVER_URL_OAUTH_ACCESS);
return result;
}
});
return consumerSupport;
}
然后阅读受保护资源:
consumerSupport.readProtectedResource(url, accessToken, "GET");
有人真的设法在没有样板代码的情况下完成这项工作吗?