I'd suggest also implementing processChallenge() to deal with
WWW-Authenticate: challenges from a server and making it available to
clients in a reasonable way.
I don't understand the use of UsernamePasswordCredentials in
setCredentials example though :).
Paul Austin wrote:
> The current OAuth client uses a custom wrapper around the HttpClient.
> What I'd like to propose is to use the standard HttpClient but
> implement an AuthScheme which would automatically sign the request in
> the same way that basic and digest authentication works.
>
> Code #1 is an example of the AuthScheme with a direct authentication.
> To do the delegated authentication a subclass of Credentials could be
> defined which would store the access token and secret.
>
> Code #2 shows an example of registering the the AuthScheme and using a
> consumerKey and consumerSecret for authentication.
>
> Code #1
>
> import java.net.URI;
> import java.util.HashMap;
> import java.util.List;
> import java.util.Map;
> import java.util.Set;
> import java.util.Map.Entry;
>
> import net.oauth.OAuthAccessor;
> import net.oauth.OAuthConsumer;
> import net.oauth.OAuthMessage;
> import net.oauth.OAuthServiceProvider;
>
> import org.apache.http.Header;
> import org.apache.http.HttpRequest;
> import org.apache.http.NameValuePair;
> import org.apache.http.RequestLine;
> import org.apache.http.auth.AuthenticationException;
> import org.apache.http.auth.Credentials;
> import org.apache.http.client.methods.HttpUriRequest;
> import org.apache.http.client.utils.URLEncodedUtils;
> import org.apache.http.impl.auth.RFC2617Scheme;
> import org.apache.http.impl.client.RequestWrapper;
> import org.apache.http.message.BasicHeader;
>
> public class OAuthScheme extends RFC2617Scheme {
>
> public Header authenticate(Credentials credentials, HttpRequest
> request)
> throws AuthenticationException {
> try {
> RequestLine requestLine = request.getRequestLine();
> String uri;
> String method;
> if (request instanceof RequestWrapper) {
> HttpUriRequest uriRequest = (HttpUriRequest)((RequestWrapper)
> request).getOriginal();
> uri = uriRequest.getURI().toString();
> method = uriRequest.getMethod();
> } else if (request instanceof HttpUriRequest) {
> HttpUriRequest uriRequest = (HttpUriRequest)request;
> uri = uriRequest.getURI().toString();
> method = uriRequest.getMethod();
> } else {
> uri = requestLine.getUri();
> method = requestLine.getMethod();
> }
>
> List<NameValuePair> parameters = URLEncodedUtils.parse(new URI
> (uri), null);
> Map<String, String> parameterMap = new HashMap<String, String>
> ();
> for (NameValuePair parameter : parameters) {
> parameterMap.put(parameter.getName(), parameter.getValue());
> }
>
> String url = uri;
> int queryIndex = url.indexOf('?');
> if (queryIndex != -1) {
> url = url.substring(0, queryIndex);
> }
> Set<Entry<String, String>> parameterEntries =
> parameterMap.entrySet();
> OAuthMessage message = new OAuthMessage(method, url,
> parameterEntries);
> String consumerKey = credentials.getUserPrincipal().getName();
> String consumerSecret = credentials.getPassword();
> OAuthAccessor accessor = new OAuthAccessor(new OAuthConsumer("",
> consumerKey, consumerSecret, new OAuthServiceProvider("", "",
> "")));
> message.addRequiredParameters(accessor);
> String realm = getParameter("realm");
> String authorization = message.getAuthorizationHeader(realm);
> return new BasicHeader("Authorization", authorization);
> } catch (Throwable t) {
> t.printStackTrace();
> throw new AuthenticationException("Unable to create OAuth
> header", t);
> }
> }
>
> public String getSchemeName() {
> return "oauth";
> }
>
> public boolean isComplete() {
> return false;
> }
>
> public boolean isConnectionBased() {
> return false;
> }
>
> }
>
>
> --------------
> Code #2
> HttpContext context = new BasicHttpContext();
> context.setAttribute(ClientContext.AUTH_SCHEME_PREF, Arrays.asList
> ("oauth"));
>
> DefaultHttpClient httpclient = new DefaultHttpClient();
>
> httpclient.getAuthSchemes().register("oauth", new
> OAuthSchemeFactory());
>
> httpclient.getCredentialsProvider().setCredentials(
> new AuthScope("localhost", 8080),
> new UsernamePasswordCredentials
> ("ec1e0b2b-0f3e-401d-844d-0a649eca19d0",
> "559a4162-8167-4eca-9010-603ad707ecbf"));
>
> HttpGet users = new HttpGet("http://localhost:8080/bcgov-bpf/ws/
> users/");
>
> HttpResponse response = httpclient.execute(users, context);
> HttpEntity entity = response.getEntity();
>
> IOUtils.copy(entity.getContent(), System.out);
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
