文章标签 ‘Oauth’
2011十一月23

JAVA Oauth 认证服务器的搭建

1、软件下载

Oauth服务端: http://code.google.com/p/oauth/  通过SVN,下载源码。

                          或者下载站长整合好的示例源码:http://115.com/file/aqvpzqhz

客户端下载:http://code.google.com/p/oauth-signpost/  oauth-signpost

                         或者下载站长整合好的示例源码:http://115.com/file/bhy1d2ce

2、服务端源码下载后,把相关代码整合在一起(或直接下载站长整合好的代码),修改net.oauth.provider.core.SampleOAuthProvider  类,把从 provider.properties 读取的信息改为从数据库中读取,如APP_KEY、APP_SCERET、描述、回调地址。

3、net.oauth.example.provider.servlets下面的四个类,这里对应着oauth3个请求url,跟一个用于测试的链接,可以根据需求修改,如将调用Oauth的用户信息记录下来。

4、修改web.xml 增加三个请求url

<servlet>
		<servlet-name>request_token</servlet-name>
		<servlet-class>net.oauth.provider.servlets.RequestTokenServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>request_token</servlet-name>
		<url-pattern>/oauth/request_token</url-pattern>
	</servlet-mapping>

	<servlet>
		<servlet-name>access_token</servlet-name>
		<servlet-class>net.oauth.provider.servlets.AccessTokenServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>access_token</servlet-name>
		<url-pattern>/oauth/access_token</url-pattern>
	</servlet-mapping>

	<servlet>
		<servlet-name>authorize</servlet-name>
		<servlet-class>net.oauth.provider.servlets.AuthorizationServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>authorize</servlet-name>
		<url-pattern>/oauth/authorize</url-pattern>
	</servlet-mapping>

5、做个拦截器,只要通过某url访问的都需要进行Oauth认证:

web.xml

<filter>
	   <filter-name>OauthFilter</filter-name>
	   <filter-class>web.school.phone.OauthFilter</filter-class>
	</filter>
	<filter-mapping>
	   <filter-name>OauthFilter</filter-name>
	   <url-pattern>/phone/*</url-pattern>
	</filter-mapping>

 web.school.phone.OauthFilter

	package web.school.phone;
         import java.io.IOException;

	import javax.servlet.Filter;
	import javax.servlet.FilterChain;
	import javax.servlet.FilterConfig;
	import javax.servlet.ServletException;
	import javax.servlet.ServletRequest;
	import javax.servlet.ServletResponse;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;

	import net.oauth.OAuthAccessor;
	import net.oauth.OAuthMessage;
	import net.oauth.provider.core.SampleOAuthProvider;
	import net.oauth.server.OAuthServlet;

	public class OauthFilter implements Filter {

	  public void destroy() {
	  }

	  public void init(FilterConfig fConfig) throws ServletException {
	  }

	  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
	  throws IOException, ServletException {
	    HttpServletRequest req=(HttpServletRequest)request;
	    HttpServletResponse res=(HttpServletResponse)response;

	    try{
            OAuthMessage requestMessage = OAuthServlet.getMessage(req, null);
            OAuthAccessor accessor = SampleOAuthProvider.getAccessor(requestMessage);
            SampleOAuthProvider.VALIDATOR.validateMessage(requestMessage, accessor);

            System.out.println("[OauthFilter:passed]:"+req.getRequestURI());
            chain.doFilter(request, response);//验证通过则转向

        } catch (Exception e){
        	//验证不通过
            SampleOAuthProvider.handleException(e, req, res, false);
        }

	  }

}

6、执行客户端代码,提示输入验证码时,把控制台打印的URL放到浏览器里打开,输入授权码:

(服务端AuthorizationServlet 里面修改验证不通过要跳转的页面,页面上会打印一些参数)