OAuth(3)Sample Provider Implementation in JAVA
The servelts for request_token, access_token, authorize and resources:
AccessTokenHttpRequestHandler.java:
package com.sillycat.easyoauthprovider.servlets;
import java.io.IOException;
import java.io.OutputStream;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.OAuthValidator;
import net.oauth.server.OAuthServlet;
import org.springframework.web.HttpRequestHandler;
import com.sillycat.easyoauthprovider.plugins.oauth.OAuthProvider;
public class AccessTokenHttpRequestHandler implements HttpRequestHandler {
private OAuthProvider oauthProvider;
private OAuthValidator oauthValidator;
public void setOauthProvider(OAuthProvider oauthProvider) {
this.oauthProvider = oauthProvider;
}
public void setOauthValidator(OAuthValidator oauthValidator) {
this.oauthValidator = oauthValidator;
}
public void handleRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
public void processRequest(HttpServletRequest request,
HttpServletResponse response) throws IOException, ServletException {
try {
OAuthMessage requestMessage = OAuthServlet
.getMessage(request, null);
OAuthAccessor accessor = oauthProvider.getAccessor(requestMessage);
oauthValidator.validateMessage(requestMessage, accessor);
// make sure token is authorized
if (!Boolean.TRUE.equals(accessor.getProperty("authorized"))) {
OAuthProblemException problem = new OAuthProblemException(
"permission_denied");
throw problem;
}
// generate access token and secret
oauthProvider.generateAccessToken(accessor);
response.setContentType("text/plain");
OutputStream out = response.getOutputStream();
OAuth.formEncode(OAuth.newList("oauth_token", accessor.accessToken,
"oauth_token_secret", accessor.tokenSecret), out);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
AuthorizationHttpRequestHandler.java:
package com.sillycat.easyoauthprovider.servlets;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthMessage;
import net.oauth.server.OAuthServlet;
import org.springframework.web.HttpRequestHandler;
import com.sillycat.easyoauthprovider.model.User;
import com.sillycat.easyoauthprovider.plugins.oauth.OAuthProvider;
public class AuthorizationHttpRequestHandler implements HttpRequestHandler {
private OAuthProvider oauthProvider;
public void setOauthProvider(OAuthProvider oauthProvider) {
this.oauthProvider = oauthProvider;
}
public void handleRequest(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
if ("GET".equals(request.getMethod())) {
try {
OAuthMessage requestMessage = OAuthServlet.getMessage(request,null);
OAuthAccessor accessor = oauthProvider.getAccessor(requestMessage);
if (Boolean.TRUE.equals(accessor.getProperty("authorized"))) {
// already authorized send the user back
returnToConsumer(request, response, accessor);
} else {
sendToAuthorizePage(request, response, accessor);
}
} catch (Exception e) {
e.printStackTrace();
}
} else if ("POST".equals(request.getMethod())) {
try {
OAuthMessage requestMessage = OAuthServlet.getMessage(request,null);
OAuthAccessor accessor = oauthProvider.getAccessor(requestMessage);
String userId = request.getParameter("userId");
String userPwd = request.getParameter("userPwd");
if (userId == null || userPwd == null) {
sendToAuthorizePage(request, response, accessor);
}
//if the userId is not equal to password
if(!userId.equalsIgnoreCase(userPwd)){
sendToAuthorizePage(request, response, accessor);
}
User user = new User();
user.setUserName(userId);
user.setUserPassword(userPwd);
user.setEmailAddress(userId + "@gmail.com");
// set userId in ACCESSOR and mark it as authorized
oauthProvider.markAsAuthorized(accessor, user);
returnToConsumer(request, response, accessor);
} catch (Exception e) {
e.printStackTrace();
}
}
}
private void sendToAuthorizePage(HttpServletRequest request,
HttpServletResponse response, OAuthAccessor accessor)
throws IOException, ServletException {
String callback = request.getParameter("oauth_callback");
if (callback == null || callback.length() <= 0) {
callback = "none";
}
String consumer_description = (String) accessor.consumer.getProperty("description");
request.setAttribute("CONS_DESC", consumer_description);
request.setAttribute("CALLBACK", callback);
request.setAttribute("TOKEN", accessor.requestToken);
request.getRequestDispatcher //
("/authorize.jsp").forward(request, response);
}
private void returnToConsumer(HttpServletRequest request,
HttpServletResponse response, OAuthAccessor accessor)
throws IOException, ServletException {
// send the user back to site's callBackUrl
String callback = request.getParameter("oauth_callback");
if ("none".equals(callback) && accessor.consumer.callbackURL != null
&& accessor.consumer.callbackURL.length() > 0) {
// first check if we have something in our properties file
callback = accessor.consumer.callbackURL;
}
if ("none".equals(callback)) {
// no call back it must be a client
response.setContentType("text/plain");
PrintWriter out = response.getWriter();
out.println("You have successfully authorized '"
+ accessor.consumer.getProperty("description")
+ "'. Please close this browser window and click continue"
+ " in the client.");
out.close();
} else {
// if callback is not passed in, use the callback from config
if (callback == null || callback.length() <= 0)
callback = accessor.consumer.callbackURL;
String token = accessor.requestToken;
if (token != null) {
callback = OAuth.addParameters(callback, "oauth_token", token, OAuth.OAUTH_VERIFIER, "true");
}
response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
response.setHeader("Location", callback);
}
}
}
RequestTokenHttpRequestHandler.java:
package com.sillycat.easyoauthprovider.servlets;
import java.io.IOException;
import java.io.OutputStream;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthMessage;
import net.oauth.OAuthValidator;
import net.oauth.server.OAuthServlet;
import org.springframework.web.HttpRequestHandler;
import com.sillycat.easyoauthprovider.plugins.oauth.OAuthProvider;
public class RequestTokenHttpRequestHandler implements HttpRequestHandler {
private OAuthProvider oauthProvider;
private OAuthValidator oauthValidator;
public void setOauthProvider(OAuthProvider oauthProvider) {
this.oauthProvider = oauthProvider;
}
public void setOauthValidator(OAuthValidator oauthValidator) {
this.oauthValidator = oauthValidator;
}
public void handleRequest(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
processRequest(request, response);
}
public void processRequest(HttpServletRequest request,
HttpServletResponse response) throws IOException, ServletException {
try {
OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
OAuthConsumer consumer = oauthProvider.getConsumer(requestMessage);
OAuthAccessor accessor = new OAuthAccessor(consumer);
oauthValidator.validateMessage(requestMessage, accessor);
{
// Support the 'Variable ACCESSOR Secret' extension
// described in http://oauth.pbwiki.com/AccessorSecret
String secret = requestMessage.getParameter("oauth_accessor_secret");
if (secret != null) {
accessor.setProperty(OAuthConsumer.ACCESSOR_SECRET, secret);
}
}
// generate request_token and secret
oauthProvider.generateRequestToken(accessor);
response.setContentType("text/plain");
OutputStream out = response.getOutputStream();
OAuth.formEncode(OAuth.newList("oauth_token",accessor.requestToken, "oauth_token_secret",accessor.tokenSecret), out);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
UserHttpRequestHandler.java:
package com.sillycat.easyoauthprovider.servlets;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthMessage;
import net.oauth.OAuthValidator;
import net.oauth.server.OAuthServlet;
import org.springframework.web.HttpRequestHandler;
import com.sillycat.easyoauthprovider.model.User;
import com.sillycat.easyoauthprovider.plugins.oauth.OAuthProvider;
public class UserHttpRequestHandler implements HttpRequestHandler {
private OAuthProvider oauthProvider;
private OAuthValidator oauthValidator;
public void setOauthProvider(OAuthProvider oauthProvider) {
this.oauthProvider = oauthProvider;
}
public void setOauthValidator(OAuthValidator oauthValidator) {
this.oauthValidator = oauthValidator;
}
public void handleRequest(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
try {
OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
OAuthAccessor accessor = oauthProvider.getAccessor(requestMessage);
oauthValidator.validateMessage(requestMessage,accessor);
User user = (User) accessor.getProperty("user");
response.setContentType("text/plain");
PrintWriter out = response.getWriter();
out.println(user.getUserName());
out.println(user.getUserPassword());
out.println(user.getEmailAddress());
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
references:
OAuth(3)Sample Provider Implementation in JAVA
猜你喜欢
转载自sillycat.iteye.com/blog/1265922
今日推荐
周排行