JAVA Oauth 认证服务器的搭建

1、软件下载

Oauth服务端：http://code.google.com/p/oauth/ 通过SVN，下载源码。

或者下载站长整合好的示例源码：http://115.com/file/aqvpzqhz

客户端下载：http://code.google.com/p/oauth-signpost/ oauth-signpost

或者下载站长整合好的示例源码：http://115.com/file/bhy1d2ce

2、服务端源码下载后，把相关代码整合在一起（或直接下载站长整合好的代码），修改net.oauth.provider.core.SampleOAuthProvider 类，把从 provider.properties 读取的信息改为从数据库中读取，如APP_KEY、APP_SCERET、描述、回调地址。

3、net.oauth.example.provider.servlets下面的四个类，这里对应着oauth3个请求url，跟一个用于测试的链接，可以根据需求修改，如将调用Oauth的用户信息记录下来。

4、修改web.xml 增加三个请求url

01 <servlet>
02 <servlet-name>request_token</servlet-name>
03 <servlet-class>net.oauth.provider.servlets.RequestTokenServlet</servlet-class>
04 </servlet>
05 <servlet-mapping>
06 <servlet-name>request_token</servlet-name>
07 <url-pattern>/oauth/request_token</url-pattern>
08 </servlet-mapping>
09
10 <servlet>
11 <servlet-name>access_token</servlet-name>
12 <servlet-class>net.oauth.provider.servlets.AccessTokenServlet</servlet-class>
13 </servlet>
14 <servlet-mapping>
15 <servlet-name>access_token</servlet-name>
16 <url-pattern>/oauth/access_token</url-pattern>
17 </servlet-mapping>
18
19 <servlet>
20 <servlet-name>authorize</servlet-name>
21 <servlet-class>net.oauth.provider.servlets.AuthorizationServlet</servlet-class>
22 </servlet>
23 <servlet-mapping>
24 <servlet-name>authorize</servlet-name>
25 <url-pattern>/oauth/authorize</url-pattern>
26 </servlet-mapping>

5、做个拦截器，只要通过某url访问的都需要进行Oauth认证：

web.xml

1 <filter>
2 <filter-name>OauthFilter</filter-name>
3 <filter-class>web.school.phone.OauthFilter</filter-class>
4 </filter>
5 <filter-mapping>
6 <filter-name>OauthFilter</filter-name>
7 <url-pattern>/phone/*</url-pattern>
8 </filter-mapping>

web.school.phone.OauthFilter

01 packageweb.school.phone;
02 importjava.io.IOException;
03
04 importjavax.servlet.Filter;
05 importjavax.servlet.FilterChain;
06 importjavax.servlet.FilterConfig;
07 importjavax.servlet.ServletException;
08 importjavax.servlet.ServletRequest;
09 importjavax.servlet.ServletResponse;
10 importjavax.servlet.http.HttpServletRequest;
11 importjavax.servlet.http.HttpServletResponse;
12
13 importnet.oauth.OAuthAccessor;
14 importnet.oauth.OAuthMessage;
15 importnet.oauth.provider.core.SampleOAuthProvider;
16 importnet.oauth.server.OAuthServlet;
17
18 publicclassOauthFilterimplementsFilter {
19
20 publicvoiddestroy() {
21 }
22
23 publicvoidinit(FilterConfig fConfig)throwsServletException {
24 }
25
26 publicvoiddoFilter(ServletRequest request, ServletResponse response, FilterChain chain)
27 throwsIOException, ServletException {
28 HttpServletRequest req=(HttpServletRequest)request;
29 HttpServletResponse res=(HttpServletResponse)response;
30
31 try{
32 OAuthMessage requestMessage = OAuthServlet.getMessage(req,null);
33 OAuthAccessor accessor = SampleOAuthProvider.getAccessor(requestMessage);
34 SampleOAuthProvider.VALIDATOR.validateMessage(requestMessage, accessor);
35
36 System.out.println("[OauthFilter:passed]:"+req.getRequestURI());
37 chain.doFilter(request, response);//验证通过则转向
38
39 }catch(Exception e){
40 //验证不通过
41 SampleOAuthProvider.handleException(e, req, res,false);
42 }
43
44 }
45
46 }

6、执行客户端代码，提示输入验证码时，把控制台打印的URL放到浏览器里打开，输入授权码：

（服务端AuthorizationServlet 里面修改验证不通过要跳转的页面，页面上会打印一些参数）