1、软件下载
Oauth服务端: http://code.google.com/p/oauth/ 通过SVN,下载源码。
或者下载站长整合好的示例源码:http://115.com/file/aqvpzqhz
客户端下载:http://code.google.com/p/oauth-signpost/ oauth-signpost
或者下载站长整合好的示例源码:http://115.com/file/bhy1d2ce
2、服务端源码下载后,把相关代码整合在一起(或直接下载站长整合好的代码),修改net.oauth.provider.core.SampleOAuthProvider 类,把从 provider.properties 读取的信息改为从数据库中读取,如APP_KEY、APP_SCERET、描述、回调地址。
3、net.oauth.example.provider.servlets下面的四个类,这里对应着oauth3个请求url,跟一个用于测试的链接,可以根据需求修改,如将调用Oauth的用户信息记录下来。
4、修改web.xml 增加三个请求url
02 | < servlet-name >request_token</ servlet-name > |
03 | < servlet-class >net.oauth.provider.servlets.RequestTokenServlet</ servlet-class > |
06 | < servlet-name >request_token</ servlet-name > |
07 | < url-pattern >/oauth/request_token</ url-pattern > |
11 | < servlet-name >access_token</ servlet-name > |
12 | < servlet-class >net.oauth.provider.servlets.AccessTokenServlet</ servlet-class > |
15 | < servlet-name >access_token</ servlet-name > |
16 | < url-pattern >/oauth/access_token</ url-pattern > |
20 | < servlet-name >authorize</ servlet-name > |
21 | < servlet-class >net.oauth.provider.servlets.AuthorizationServlet</ servlet-class > |
24 | < servlet-name >authorize</ servlet-name > |
25 | < url-pattern >/oauth/authorize</ url-pattern > |
5、做个拦截器,只要通过某url访问的都需要进行Oauth认证:
web.xml
2 | < filter-name >OauthFilter</ filter-name > |
3 | < filter-class >web.school.phone.OauthFilter</ filter-class > |
6 | < filter-name >OauthFilter</ filter-name > |
7 | < url-pattern >/phone/*</ url-pattern > |
web.school.phone.OauthFilter
01 | package web.school.phone; |
02 | import java.io.IOException; |
04 | import javax.servlet.Filter; |
05 | import javax.servlet.FilterChain; |
06 | import javax.servlet.FilterConfig; |
07 | import javax.servlet.ServletException; |
08 | import javax.servlet.ServletRequest; |
09 | import javax.servlet.ServletResponse; |
10 | import javax.servlet.http.HttpServletRequest; |
11 | import javax.servlet.http.HttpServletResponse; |
13 | import net.oauth.OAuthAccessor; |
14 | import net.oauth.OAuthMessage; |
15 | import net.oauth.provider.core.SampleOAuthProvider; |
16 | import net.oauth.server.OAuthServlet; |
18 | public class OauthFilter implements Filter { |
20 | public void destroy() { |
23 | public void init(FilterConfig fConfig) throws ServletException { |
26 | public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) |
27 | throws IOException, ServletException { |
28 | HttpServletRequest req=(HttpServletRequest)request; |
29 | HttpServletResponse res=(HttpServletResponse)response; |
32 | OAuthMessage requestMessage = OAuthServlet.getMessage(req, null ); |
33 | OAuthAccessor accessor = SampleOAuthProvider.getAccessor(requestMessage); |
34 | SampleOAuthProvider.VALIDATOR.validateMessage(requestMessage, accessor); |
36 | System.out.println( "[OauthFilter:passed]:" +req.getRequestURI()); |
37 | chain.doFilter(request, response); |
39 | } catch (Exception e){ |
41 | SampleOAuthProvider.handleException(e, req, res, false ); |
6、执行客户端代码,提示输入验证码时,把控制台打印的URL放到浏览器里打开,输入授权码:
(服务端AuthorizationServlet 里面修改验证不通过要跳转的页面,页面上会打印一些参数)