I assume you used Maven to build a .war from
http://oauth.googlecode.com/svn/code/java/example/oauth-provider
Perhaps you didn't deploy the .war to /OAuthProviderEKM. To check,
direct your browser to http://localhost:8080/OAuthProviderEKM/
If the .war was deployed correctly, you'll see a page say
Hello!
To answer your question ... the OAuth Temporary Credentials, which means the
Request Token and Secret, are usually randomly generated by the Server in
the same way like the Token Credentials (Access Token and Secret) and sent
to the client.
The Client needs the oauth_token_secret only once: