2011年11月23日 | Wizzer | 9 条评论 1、软件下载 Oauth服务端: http://code.google.com/p/oauth/ 通过SVN,下载源码。 或者下载站长整合好的示例源码:http://115.com/file/aqvpzqhz 客户端下载:http://code.google.com/p/oauth-signpost/ oauth-signpost 或者下载站长整合好的示例源码:http://115.com/file/bhy1d2ce 2、服务端源码下载后,把相关代码整合在一起(或直接下载站长整合好的代码),修改net.oauth.provider.core.SampleOAuthProvider 类,把从 provider.properties 读取的信息改为从数据库中读取,如APP_KEY、APP_SCERET、描述、回调地址。 3、net.oauth.example.provider.servlets下面的四个类,这里对应着oauth3个请求url,跟一个用于测试的链接,可以根据需求修改,如将调用Oauth的用户信息记录下来。 4、修改web.xml 增加三个请求url <servlet> <servlet-name>request_token</servlet-name> <servlet-class>net.oauth.provider.servlets.RequestTokenServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>request_token</servlet-name> <url-pattern>/oauth/request_token</url-pattern> </servlet-mapping> <servlet> <servlet-name>access_token</servlet-name> <servlet-class>net.oauth.provider.servlets.AccessTokenServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>access_token</servlet-name> <url-pattern>/oauth/access_token</url-pattern> </servlet-mapping> <servlet> <servlet-name>authorize</servlet-name> <servlet-class>net.oauth.provider.servlets.AuthorizationServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>authorize</servlet-name> <url-pattern>/oauth/authorize</url-pattern> </servlet-mapping> 5、做个拦截器,只要通过某url访问的都需要进行Oauth认证: web.xml <filter> <filter-name>OauthFilter</filter-name> <filter-class>web.school.phone.OauthFilter</filter-class> </filter> <filter-mapping> <filter-name>OauthFilter</filter-name> <url-pattern>/phone/*</url-pattern> </filter-mapping> web.school.phone.OauthFilter package web.school.phone; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import net.oauth.OAuthAccessor; import net.oauth.OAuthMessage; import net.oauth.provider.core.SampleOAuthProvider; import net.oauth.server.OAuthServlet; public class OauthFilter implements Filter { public void destroy() { } public void init(FilterConfig fConfig) throws ServletException { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req=(HttpServletRequest)request; HttpServletResponse res=(HttpServletResponse)response; try{ OAuthMessage requestMessage = OAuthServlet.getMessage(req, null); OAuthAccessor accessor = SampleOAuthProvider.getAccessor(requestMessage); SampleOAuthProvider.VALIDATOR.validateMessage(requestMessage, accessor); System.out.println("[OauthFilter:passed]:"+req.getRequestURI()); chain.doFilter(request, response);//验证通过则转向 } catch (Exception e){ //验证不通过 SampleOAuthProvider.handleException(e, req, res, false); } } } 6、执行客户端代码,提示输入验证码时,把控制台打印的URL放到浏览器里打开,输入授权码: (服务端AuthorizationServlet 里面修改验证不通过要跳转的页面,页面上会打印一些参数) 3,609 total views, 2 views today
你好,我最近在搭oauth服务端,有个问题想请教: SampleOAuthProvider.VALIDATOR.validateMessage(requestMessage, accessor); 这句代码是分别要验证以下信息: validateVersion(message); validateTimestampAndNonce(message); validateSignature(message, accessor); 但是我怎么感觉此处应该验证access_token呢? 回复