oauth服务器搭建 java_JAVA Oauth 认证服务器的搭建

http://blog.csdn.net/binyao02123202/article/details/12204411

1、软件下载

2、服务端源码下载后，把相关代码整合在一起(或直接下载站长整合好的代码)，修改net.oauth.provider.core.SampleOAuthProvider  类，把从 provider.properties 读取的信息改为从数据库中读取，如APP_KEY、APP_SCERET、描述、回调地址。

3、net.oauth.example.provider.servlets下面的四个类，这里对应着oauth3个请求url，跟一个用于测试的链接，可以根据需求修改，如将调用

4、修改web.xml 增加三个请求url

01

02

request_token

03

net.oauth.provider.servlets.RequestTokenServlet

04

05

06

request_token

07

/oauth/request_token

08

09

10

11

access_token

12

net.oauth.provider.servlets.AccessTokenServlet

13

14

15

access_token

16

/oauth/access_token

17

18

19

20

authorize

21

net.oauth.provider.servlets.AuthorizationServlet

22

23

24

authorize

25

/oauth/authorize

26

5、做个拦截器，只要通过某url访问的都需要进行Oauth认证：

web.xml

1

2

OauthFilter

3

web.school.phone.OauthFilter

4

5

6

OauthFilter

7

/phone/*

8

web.school.phone.OauthFilter

01

package web.school.phone;

02

import java.io.IOException;

03

04

import javax.servlet.Filter;

05

import javax.servlet.FilterChain;

06

import javax.servlet.FilterConfig;

07

import javax.servlet.ServletException;

08

import javax.servlet.ServletRequest;

09

import javax.servlet.ServletResponse;

10

import javax.servlet.http.HttpServletRequest;

11

import javax.servlet.http.HttpServletResponse;

12

13

import net.oauth.OAuthAccessor;

14

import net.oauth.OAuthMessage;

15

import net.oauth.provider.core.SampleOAuthProvider;

16

import net.oauth.server.OAuthServlet;

17

18

public class OauthFilterimplements Filter {

19

20

public void destroy() {

21

}

22

23

public void init(FilterConfig fConfig)throws ServletException {

24

}

25

26

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

27

throws IOException, ServletException {

28

HttpServletRequest req=(HttpServletRequest)request;

29

HttpServletResponse res=(HttpServletResponse)response;

30

31

try{

32

OAuthMessage requestMessage = OAuthServlet.getMessage(req,null);

33

OAuthAccessor accessor = SampleOAuthProvider.getAccessor(requestMessage);

34

SampleOAuthProvider.VALIDATOR.validateMessage(requestMessage, accessor);

35

36

System.out.println("[OauthFilter:passed]:"+req.getRequestURI());

37

chain.doFilter(request, response);//验证通过则转向

38

39

}catch (Exception e){

40

//验证不通过

41

SampleOAuthProvider.handleException(e, req, res,false);

42

}

43

44

}

45

46

}

6、执行客户端代码，提示输入验证码时，把控制台打印的URL放到浏览器里打开，输入授权码：

(服务端AuthorizationServlet 里面修改验证不通过要跳转的页面，页面上会打印一些参数)