JAVA Oauth 认证服务器的搭建

最新推荐文章于 2025-10-22 11:59:23 发布

转载最新推荐文章于 2025-10-22 11:59:23 发布 · 2.4k 阅读

Web应用专栏收录该内容

49 篇文章

订阅专栏

本文详细介绍了如何在服务端和客户端集成并使用OAuth服务，包括下载源码、配置数据库读取信息、调整web.xml文件以添加请求路径、实现拦截器进行认证，以及通过客户端代码完成授权流程。

http://blog.youkuaiyun.com/binyao02123202/article/details/12204411

1、软件下载

Oauth服务端： http://code.google.com/p/oauth/ 通过SVN，下载源码。

或者下载站长整合好的示例源码：http://115.com/file/aqvpzqhz

客户端下载：http://code.google.com/p/oauth-signpost/ oauth-signpost

或者下载站长整合好的示例源码：http://115.com/file/bhy1d2ce

2、服务端源码下载后，把相关代码整合在一起（或直接下载站长整合好的代码），修改net.oauth.provider.core.SampleOAuthProvider 类，把从 provider.properties 读取的信息改为从数据库中读取，如APP_KEY、APP_SCERET、描述、回调地址。

3、net.oauth.example.provider.servlets下面的四个类，这里对应着oauth3个请求url，跟一个用于测试的链接，可以根据需求修改，如将调用Oauth的用户信息记录下来。

4、修改web.xml 增加三个请求url

 
<servlet>
 
        <servlet-name>request_token</servlet-name>
 
        <servlet-class>net.oauth.provider.servlets.RequestTokenServlet</servlet-class>
 
    </servlet>
 
    <servlet-mapping>
 
        <servlet-name>request_token</servlet-name>
 
        <url-pattern>/oauth/request_token</url-pattern>
 
    </servlet-mapping>
 
 
 
    <servlet>
 
        <servlet-name>access_token</servlet-name>
 
        <servlet-class>net.oauth.provider.servlets.AccessTokenServlet</servlet-class>
 
    </servlet>
 
    <servlet-mapping>
 
        <servlet-name>access_token</servlet-name>
 
        <url-pattern>/oauth/access_token</url-pattern>
 
    </servlet-mapping>
 
 
 
    <servlet>
 
        <servlet-name>authorize</servlet-name>
 
        <servlet-class>net.oauth.provider.servlets.AuthorizationServlet</servlet-class>
 
    </servlet>
 
    <servlet-mapping>
 
        <servlet-name>authorize</servlet-name>
 
        <url-pattern>/oauth/authorize</url-pattern>
 
    </servlet-mapping>

5、做个拦截器，只要通过某url访问的都需要进行Oauth认证：

web.xml

 
<filter>
 
       <filter-name>OauthFilter</filter-name>
 
       <filter-class>web.school.phone.OauthFilter</filter-class>
 
    </filter>
 
    <filter-mapping>
 
       <filter-name>OauthFilter</filter-name>
 
       <url-pattern>/phone/*</url-pattern>
 
    </filter-mapping>

web.school.phone.OauthFilter

 
    package web.school.phone;
 
         import java.io.IOException;
 
 
 
    import javax.servlet.Filter;
 
    import javax.servlet.FilterChain;
 
    import javax.servlet.FilterConfig;
 
    import javax.servlet.ServletException;
 
    import javax.servlet.ServletRequest;
 
    import javax.servlet.ServletResponse;
 
    import javax.servlet.http.HttpServletRequest;
 
    import javax.servlet.http.HttpServletResponse;
 
 
 
    import net.oauth.OAuthAccessor;
 
    import net.oauth.OAuthMessage;
 
    import net.oauth.provider.core.SampleOAuthProvider;
 
    import net.oauth.server.OAuthServlet;
 
 
 
    public class OauthFilter implements Filter {
 
 
 
      public void destroy() {
 
      }
 
 
 
      public void init(FilterConfig fConfig) throws ServletException {
 
      }
 
 
 
      public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 
      throws IOException, ServletException {
 
        HttpServletRequest req=(HttpServletRequest)request;
 
        HttpServletResponse res=(HttpServletResponse)response;
 
 
 
        try{
 
            OAuthMessage requestMessage = OAuthServlet.getMessage(req, null);
 
            OAuthAccessor accessor = SampleOAuthProvider.getAccessor(requestMessage);
 
            SampleOAuthProvider.VALIDATOR.validateMessage(requestMessage, accessor);
 
 
 
            System.out.println("[OauthFilter:passed]:"+req.getRequestURI());
 
            chain.doFilter(request, response);//验证通过则转向
 
 
 
        } catch (Exception e){
 
            //验证不通过
 
            SampleOAuthProvider.handleException(e, req, res, false);
 
        }
 
 
 
      }
 
 
 
}