1、软件下载
Oauth服务端: http://code.google.com/p/oauth/ 通过SVN,下载源码。
或者下载站长整合好的示例源码:http://115.com/file/aqvpzqhz
客户端下载:http://code.google.com/p/oauth-signpost/ oauth-signpost
或者下载站长整合好的示例源码:http://115.com/file/bhy1d2ce
2、服务端源码下载后,把相关代码整合在一起(或直接下载站长整合好的代码),修改net.oauth.provider.core.SampleOAuthProvider 类,把从 provider.properties 读取的信息改为从数据库中读取,如APP_KEY、APP_SCERET、描述、回调地址。
3、net.oauth.example.provider.servlets下面的四个类,这里对应着oauth3个请求url,跟一个用于测试的链接,可以根据需求修改,如将调用Oauth的用户信息记录下来。
4、修改web.xml 增加三个请求url
02 |
< servlet-name >request_token</ servlet-name > |
03 |
< servlet-class >net.oauth.provider.servlets.RequestTokenServlet</ servlet-class > |
06 |
< servlet-name >request_token</ servlet-name > |
07 |
< url-pattern >/oauth/request_token</ url-pattern > |
11 |
< servlet-name >access_token</ servlet-name > |
12 |
< servlet-class >net.oauth.provider.servlets.AccessTokenServlet</ servlet-class > |
15 |
< servlet-name >access_token</ servlet-name > |
16 |
< url-pattern >/oauth/access_token</ url-pattern > |
20 |
< servlet-name >authorize</ servlet-name > |
21 |
< servlet-class >net.oauth.provider.servlets.AuthorizationServlet</ servlet-class > |
24 |
< servlet-name >authorize</ servlet-name > |
25 |
< url-pattern >/oauth/authorize</ url-pattern > |
5、做个拦截器,只要通过某url访问的都需要进行Oauth认证:
web.xml
2 |
< filter-name >OauthFilter</ filter-name > |
3 |
< filter-class >web.school.phone.OauthFilter</ filter-class > |
6 |
< filter-name >OauthFilter</ filter-name > |
7 |
< url-pattern >/phone/*</ url-pattern > |
web.school.phone.OauthFilter
01 |
package web.school.phone; |
02 |
import java.io.IOException; |
04 |
import javax.servlet.Filter; |
05 |
import javax.servlet.FilterChain; |
06 |
import javax.servlet.FilterConfig; |
07 |
import javax.servlet.ServletException; |
08 |
import javax.servlet.ServletRequest; |
09 |
import javax.servlet.ServletResponse; |
10 |
import javax.servlet.http.HttpServletRequest; |
11 |
import javax.servlet.http.HttpServletResponse; |
13 |
import net.oauth.OAuthAccessor; |
14 |
import net.oauth.OAuthMessage; |
15 |
import net.oauth.provider.core.SampleOAuthProvider; |
16 |
import net.oauth.server.OAuthServlet; |
18 |
public class OauthFilter implements Filter { |
20 |
public void destroy() { |
23 |
public void init(FilterConfig fConfig) throws ServletException { |
26 |
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) |
27 |
throws IOException, ServletException { |
28 |
HttpServletRequest req=(HttpServletRequest)request; |
29 |
HttpServletResponse res=(HttpServletResponse)response; |
32 |
OAuthMessage requestMessage = OAuthServlet.getMessage(req, null ); |
33 |
OAuthAccessor accessor = SampleOAuthProvider.getAccessor(requestMessage); |
34 |
SampleOAuthProvider.VALIDATOR.validateMessage(requestMessage, accessor); |
36 |
System.out.println( "[OauthFilter:passed]:" +req.getRequestURI()); |
37 |
chain.doFilter(request, response); |
39 |
} catch (Exception e){ |
41 |
SampleOAuthProvider.handleException(e, req, res, false ); |
6、执行客户端代码,提示输入验证码时,把控制台打印的URL放到浏览器里打开,输入授权码:
(服务端AuthorizationServlet 里面修改验证不通过要跳转的页面,页面上会打印一些参数)