JAVA Oauth 认证服务器的搭建

http://blog.csdn.net/binyao02123202/article/details/12204411

1、软件下载

Oauth服务端： http://code.google.com/p/oauth/ 通过SVN，下载源码。

或者下载站长整合好的示例源码：http://115.com/file/aqvpzqhz

客户端下载：http://code.google.com/p/oauth-signpost/ oauth-signpost

或者下载站长整合好的示例源码：http://115.com/file/bhy1d2ce

2、服务端源码下载后，把相关代码整合在一起（或直接下载站长整合好的代码），修改net.oauth.provider.core.SampleOAuthProvider 类，把从 provider.properties 读取的信息改为从数据库中读取，如APP_KEY、APP_SCERET、描述、回调地址。

3、net.oauth.example.provider.servlets下面的四个类，这里对应着oauth3个请求url，跟一个用于测试的链接，可以根据需求修改，如将调用Oauth的用户信息记录下来。

4、修改web.xml 增加三个请求url

01

<servlet>

02

        <servlet-name>request_token</servlet-name>

03

        <servlet-class>net.oauth.provider.servlets.RequestTokenServlet</servlet-class>

04

    </servlet>

05

    <servlet-mapping>

06

        <servlet-name>request_token</servlet-name>

07

        <url-pattern>/oauth/request_token</url-pattern>

08

    </servlet-mapping>

09

10

    <servlet>

11

        <servlet-name>access_token</servlet-name>

12

        <servlet-class>net.oauth.provider.servlets.AccessTokenServlet</servlet-class>

13

    </servlet>

14

    <servlet-mapping>

15

        <servlet-name>access_token</servlet-name>

16

        <url-pattern>/oauth/access_token</url-pattern>

17

    </servlet-mapping>

18

19

    <servlet>

20

        <servlet-name>authorize</servlet-name>

21

        <servlet-class>net.oauth.provider.servlets.AuthorizationServlet</servlet-class>

22

    </servlet>

23

    <servlet-mapping>

24

        <servlet-name>authorize</servlet-name>

25

        <url-pattern>/oauth/authorize</url-pattern>

26

    </servlet-mapping>

5、做个拦截器，只要通过某url访问的都需要进行Oauth认证：

web.xml

1

<filter>

2

       <filter-name>OauthFilter</filter-name>

3

       <filter-class>web.school.phone.OauthFilter</filter-class>

4

    </filter>

5

    <filter-mapping>

6

       <filter-name>OauthFilter</filter-name>

7

       <url-pattern>/phone/*</url-pattern>

8

    </filter-mapping>

web.school.phone.OauthFilter

01

    package web.school.phone;

02

         import java.io.IOException;

03

04

    import javax.servlet.Filter;

05

    import javax.servlet.FilterChain;

06

    import javax.servlet.FilterConfig;

07

    import javax.servlet.ServletException;

08

    import javax.servlet.ServletRequest;

09

    import javax.servlet.ServletResponse;

10

    import javax.servlet.http.HttpServletRequest;

11

    import javax.servlet.http.HttpServletResponse;

12

13

    import net.oauth.OAuthAccessor;

14

    import net.oauth.OAuthMessage;

15

    import net.oauth.provider.core.SampleOAuthProvider;

16

    import net.oauth.server.OAuthServlet;

17

18

    public class OauthFilter implements Filter
 {

19

20

      public void destroy()
 {

21

      }

22

23

      public void init(FilterConfig
 fConfig) throws ServletException
 {

24

      }

25

26

      public void doFilter(ServletRequest
 request, ServletResponse response, FilterChain chain)

27

      throws IOException,
 ServletException {

28

        HttpServletRequest
 req=(HttpServletRequest)request;

29

        HttpServletResponse
 res=(HttpServletResponse)response;

30

31

        try{

32

            OAuthMessage
 requestMessage = OAuthServlet.getMessage(req, null);

33

            OAuthAccessor
 accessor = SampleOAuthProvider.getAccessor(requestMessage);

34

            SampleOAuthProvider.VALIDATOR.validateMessage(requestMessage,
 accessor);

35

36

            System.out.println("[OauthFilter:passed]:"+req.getRequestURI());

37

            chain.doFilter(request,
 response);//验证通过则转向

38

39

        } catch (Exception
 e){

40

            //验证不通过

41

            SampleOAuthProvider.handleException(e,
 req, res, false);

42

        }

43

44

      }

45

46

}

6、执行客户端代码，提示输入验证码时，把控制台打印的URL放到浏览器里打开，输入授权码：

（服务端AuthorizationServlet 里面修改验证不通过要跳转的页面，页面上会打印一些参数）