The current OAuth client uses a custom wrapper around the HttpClient. What I'd like to propose is to use the standard HttpClient but implement an AuthScheme which would automatically sign the request in the same way that basic and digest authentication works.
Code #1 is an example of the AuthScheme with a direct authentication. To do the delegated authentication a subclass of Credentials could be defined which would store the access token and secret. Code #2 shows an example of registering the the AuthScheme and using a consumerKey and consumerSecret for authentication. Code #1 import java.net.URI; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; import java.util.Map.Entry; import net.oauth.OAuthAccessor; import net.oauth.OAuthConsumer; import net.oauth.OAuthMessage; import net.oauth.OAuthServiceProvider; import org.apache.http.Header; import org.apache.http.HttpRequest; import org.apache.http.NameValuePair; import org.apache.http.RequestLine; import org.apache.http.auth.AuthenticationException; import org.apache.http.auth.Credentials; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.client.utils.URLEncodedUtils; import org.apache.http.impl.auth.RFC2617Scheme; import org.apache.http.impl.client.RequestWrapper; import org.apache.http.message.BasicHeader; public class OAuthScheme extends RFC2617Scheme { public Header authenticate(Credentials credentials, HttpRequest request) throws AuthenticationException { try { RequestLine requestLine = request.getRequestLine(); String uri; String method; if (request instanceof RequestWrapper) { HttpUriRequest uriRequest = (HttpUriRequest)((RequestWrapper) request).getOriginal(); uri = uriRequest.getURI().toString(); method = uriRequest.getMethod(); } else if (request instanceof HttpUriRequest) { HttpUriRequest uriRequest = (HttpUriRequest)request; uri = uriRequest.getURI().toString(); method = uriRequest.getMethod(); } else { uri = requestLine.getUri(); method = requestLine.getMethod(); } List<NameValuePair> parameters = URLEncodedUtils.parse(new URI (uri), null); Map<String, String> parameterMap = new HashMap<String, String> (); for (NameValuePair parameter : parameters) { parameterMap.put(parameter.getName(), parameter.getValue()); } String url = uri; int queryIndex = url.indexOf('?'); if (queryIndex != -1) { url = url.substring(0, queryIndex); } Set<Entry<String, String>> parameterEntries = parameterMap.entrySet(); OAuthMessage message = new OAuthMessage(method, url, parameterEntries); String consumerKey = credentials.getUserPrincipal().getName(); String consumerSecret = credentials.getPassword(); OAuthAccessor accessor = new OAuthAccessor(new OAuthConsumer("", consumerKey, consumerSecret, new OAuthServiceProvider("", "", ""))); message.addRequiredParameters(accessor); String realm = getParameter("realm"); String authorization = message.getAuthorizationHeader(realm); return new BasicHeader("Authorization", authorization); } catch (Throwable t) { t.printStackTrace(); throw new AuthenticationException("Unable to create OAuth header", t); } } public String getSchemeName() { return "oauth"; } public boolean isComplete() { return false; } public boolean isConnectionBased() { return false; } } -------------- Code #2 HttpContext context = new BasicHttpContext(); context.setAttribute(ClientContext.AUTH_SCHEME_PREF, Arrays.asList ("oauth")); DefaultHttpClient httpclient = new DefaultHttpClient(); httpclient.getAuthSchemes().register("oauth", new OAuthSchemeFactory()); httpclient.getCredentialsProvider().setCredentials( new AuthScope("localhost", 8080), new UsernamePasswordCredentials ("ec1e0b2b-0f3e-401d-844d-0a649eca19d0", "559a4162-8167-4eca-9010-603ad707ecbf")); HttpGet users = new HttpGet("http://localhost:8080/bcgov-bpf/ws/ users/"); HttpResponse response = httpclient.execute(users, context); HttpEntity entity = response.getEntity(); IOUtils.copy(entity.getContent(), System.out); --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---