The current OAuth client uses a custom wrapper around the HttpClient.
What I'd like to propose is to use the standard HttpClient but
implement an AuthScheme which would automatically sign the request in
the same way that basic and digest authentication works.
Code #1 is an example of the AuthScheme with a direct authentication.
To do the delegated authentication a subclass of Credentials could be
defined which would store the access token and secret.
Code #2 shows an example of registering the the AuthScheme and using a
consumerKey and consumerSecret for authentication.
Code #1
import java.net.URI;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Map.Entry;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthMessage;
import net.oauth.OAuthServiceProvider;
import org.apache.http.Header;
import org.apache.http.HttpRequest;
import org.apache.http.NameValuePair;
import org.apache.http.RequestLine;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.Credentials;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.auth.RFC2617Scheme;
import org.apache.http.impl.client.RequestWrapper;
import org.apache.http.message.BasicHeader;
public class OAuthScheme extends RFC2617Scheme {
public Header authenticate(Credentials credentials, HttpRequest
request)
throws AuthenticationException {
try {
RequestLine requestLine = request.getRequestLine();
String uri;
String method;
if (request instanceof RequestWrapper) {
HttpUriRequest uriRequest = (HttpUriRequest)((RequestWrapper)
request).getOriginal();
uri = uriRequest.getURI().toString();
method = uriRequest.getMethod();
} else if (request instanceof HttpUriRequest) {
HttpUriRequest uriRequest = (HttpUriRequest)request;
uri = uriRequest.getURI().toString();
method = uriRequest.getMethod();
} else {
uri = requestLine.getUri();
method = requestLine.getMethod();
}
List<NameValuePair> parameters = URLEncodedUtils.parse(new URI
(uri), null);
Map<String, String> parameterMap = new HashMap<String, String>
();
for (NameValuePair parameter : parameters) {
parameterMap.put(parameter.getName(), parameter.getValue());
}
String url = uri;
int queryIndex = url.indexOf('?');
if (queryIndex != -1) {
url = url.substring(0, queryIndex);
}
Set<Entry<String, String>> parameterEntries =
parameterMap.entrySet();
OAuthMessage message = new OAuthMessage(method, url,
parameterEntries);
String consumerKey = credentials.getUserPrincipal().getName();
String consumerSecret = credentials.getPassword();
OAuthAccessor accessor = new OAuthAccessor(new OAuthConsumer("",
consumerKey, consumerSecret, new OAuthServiceProvider("", "",
"")));
message.addRequiredParameters(accessor);
String realm = getParameter("realm");
String authorization = message.getAuthorizationHeader(realm);
return new BasicHeader("Authorization", authorization);
} catch (Throwable t) {
t.printStackTrace();
throw new AuthenticationException("Unable to create OAuth
header", t);
}
}
public String getSchemeName() {
return "oauth";
}
public boolean isComplete() {
return false;
}
public boolean isConnectionBased() {
return false;
}
}
--------------
Code #2
HttpContext context = new BasicHttpContext();
context.setAttribute(ClientContext.AUTH_SCHEME_PREF, Arrays.asList
("oauth"));
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getAuthSchemes().register("oauth", new
OAuthSchemeFactory());
httpclient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", 8080),
new UsernamePasswordCredentials
("ec1e0b2b-0f3e-401d-844d-0a649eca19d0",
"559a4162-8167-4eca-9010-603ad707ecbf"));
HttpGet users = new HttpGet("http://localhost:8080/bcgov-bpf/ws/
users/");
HttpResponse response = httpclient.execute(users, context);
HttpEntity entity = response.getEntity();
IOUtils.copy(entity.getContent(), System.out);
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
