By the way, Dan staged 2.6.2 at
https://repository.apache.org/content/repositories/orgapachecxf-004/
so you can it try it now, before the release is complete
Sergey
On 17/08/12 12:00, Sergey Beryozkin wrote:
Hi
On 17/08/12 07:04, mayankeagle wrote:
Hi,
I'm trying to create an OAuth 1.0 server using CXF. I have written my own
custom OAuthDataProvider implementation, which maintains the client
details
and token details in memory (hash-table). I also have another Javascript
client, which I am using to invoke the REST web-service that is protected
via the CXF OAuth filter.
However, even upon providing the correct consumer key and secret, I am
always getting a 401 Unauthorized on the client side. I know that the
signature is getting generated correctly because I use the same client to
invoke a JBoss RESTEasy OAuth server as well with minor changes in the
syntax.
Below is the Authorization header of the POST request which is sent
from the
client for obtaining the request token (as per
http://cxf.apache.org/docs/jax-rs-oauth.html#JAX-RSOAuth-RequestTokenService):
OAuth
oauth_callback="oob",oauth_consumer_key="C1",oauth_signature_method="HMAC-SHA1",oauth_version="1.0",oauth_timestamp="1345183118",oauth_nonce="1TtaP6",oauth_signature="5Kpy%2FdJXAhFLFWbXXCI1NPGb2L0%3D"
Am I missing something here? Is it that these parameters have to be sent
without the quotes or differently?
I removed the "oob" support from the original contribution but put it
back - will be available in CXF 2.6.2 - to be released in a couple of days.
Please see this section for more information:
http://cxf.apache.org/docs/jax-rs-oauth.html#JAX-RSOAuth-OOBcallbacks
Note the following restriction: 'oob' has to be specified during the
client registration.
Also note that RequestTokenService will return
OOBAuthorizationResponse bean which will have to be linked to the view
handler, see this section on how to do it:
http://cxf.apache.org/docs/jax-rs-redirection.html#JAX-RSRedirection-WithRequestDispatcherProvider
or check this demo, there are few examples there:
https://github.com/Talend/tesb-rt-se/tree/master/examples/cxf/jaxrs-oauth
HTH, Sergey
Upon putting debug messages in my OAuthDataProvider, I can see that it is
finding the client as it enters the getClient () method which finds the
client in the hash-table, but after that the createRequestToken ()
method is
never called and a 401 is thrown.
--
View this message in context:
http://cxf.547215.n5.nabble.com/OAuth-1-0-in-Apache-CXF-tp5712720.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
