JAVA Oauth 认证服务器的搭建

1、软件下载

Oauth服务端: http://code.google.com/p/oauth/  通过SVN,下载源码。

                          或者下载站长整合好的示例源码:http://115.com/file/aqvpzqhz

客户端下载:http://code.google.com/p/oauth-signpost/  oauth-signpost

                         或者下载站长整合好的示例源码:http://115.com/file/bhy1d2ce

2、服务端源码下载后,把相关代码整合在一起(或直接下载站长整合好的代码),修改net.oauth.provider.core.SampleOAuthProvider  类,把从 provider.properties 读取的信息改为从数据库中读取,如APP_KEY、APP_SCERET、描述、回调地址。

3、net.oauth.example.provider.servlets下面的四个类,这里对应着oauth3个请求url,跟一个用于测试的链接,可以根据需求修改,如将调用Oauth的用户信息记录下来。

4、修改web.xml 增加三个请求url

01 <servlet>
02         <servlet-name>request_token</servlet-name>
03         <servlet-class>net.oauth.provider.servlets.RequestTokenServlet</servlet-class>
04     </servlet>
05     <servlet-mapping>
06         <servlet-name>request_token</servlet-name>
07         <url-pattern>/oauth/request_token</url-pattern>
08     </servlet-mapping>
09  
10     <servlet>
11         <servlet-name>access_token</servlet-name>
12         <servlet-class>net.oauth.provider.servlets.AccessTokenServlet</servlet-class>
13     </servlet>
14     <servlet-mapping>
15         <servlet-name>access_token</servlet-name>
16         <url-pattern>/oauth/access_token</url-pattern>
17     </servlet-mapping>
18  
19     <servlet>
20         <servlet-name>authorize</servlet-name>
21         <servlet-class>net.oauth.provider.servlets.AuthorizationServlet</servlet-class>
22     </servlet>
23     <servlet-mapping>
24         <servlet-name>authorize</servlet-name>
25         <url-pattern>/oauth/authorize</url-pattern>
26     </servlet-mapping>

5、做个拦截器,只要通过某url访问的都需要进行Oauth认证:

web.xml

1 <filter>
2        <filter-name>OauthFilter</filter-name>
3        <filter-class>web.school.phone.OauthFilter</filter-class>
4     </filter>
5     <filter-mapping>
6        <filter-name>OauthFilter</filter-name>
7        <url-pattern>/phone/*</url-pattern>
8     </filter-mapping>

 web.school.phone.OauthFilter

01     package web.school.phone;
02          import java.io.IOException;
03  
04     import javax.servlet.Filter;
05     import javax.servlet.FilterChain;
06     import javax.servlet.FilterConfig;
07     import javax.servlet.ServletException;
08     import javax.servlet.ServletRequest;
09     import javax.servlet.ServletResponse;
10     import javax.servlet.http.HttpServletRequest;
11     import javax.servlet.http.HttpServletResponse;
12  
13     import net.oauth.OAuthAccessor;
14     import net.oauth.OAuthMessage;
15     import net.oauth.provider.core.SampleOAuthProvider;
16     import net.oauth.server.OAuthServlet;
17  
18     public class OauthFilter implements Filter {
19  
20       public void destroy() {
21       }
22  
23       public void init(FilterConfig fConfig) throws ServletException {
24       }
25  
26       public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
27       throws IOException, ServletException {
28         HttpServletRequest req=(HttpServletRequest)request;
29         HttpServletResponse res=(HttpServletResponse)response;
30  
31         try{
32             OAuthMessage requestMessage = OAuthServlet.getMessage(req, null);
33             OAuthAccessor accessor = SampleOAuthProvider.getAccessor(requestMessage);
34             SampleOAuthProvider.VALIDATOR.validateMessage(requestMessage, accessor);
35  
36             System.out.println("[OauthFilter:passed]:"+req.getRequestURI());
37             chain.doFilter(request, response);//验证通过则转向
38  
39         catch (Exception e){
40             //验证不通过
41             SampleOAuthProvider.handleException(e, req, res, false);
42         }
43  
44       }
45  
46 }

6、执行客户端代码,提示输入验证码时,把控制台打印的URL放到浏览器里打开,输入授权码:

(服务端AuthorizationServlet 里面修改验证不通过要跳转的页面,页面上会打印一些参数)

你可能感兴趣的:(JAVA Oauth 认证服务器的搭建)