ARCHIVED: Simple OAuth client and server examples

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

To use the following examples for OAuth Google code, you need both the OpenSocial Java client and the OAuth Java implementation.

The examples, use OAuth's two-legged authentication, the server-to-server authentication used by OpenSocial gadgets. It is appropriate when no human intervention is needed (or is possible) in the authentication process. Also, the examples use shared secret key-style authentication, using the HMAC-SH1 algorithm and symmetric key encryption. However, the OAuth code will also support public/private asymmetric keys.

Note: The steps for generating the OAuth consumer key and consumer secret are out of scope. The examples use a mock key and secret. Generally, shared secrets need to be communicated through a separate registration process. Presumably, the server would use the consumer key sent by the client to look up the secret key on the server side from a database, but check the OAuth specification for details.

Server code

The following example implements a dummy server as a JSP. You can put this in an Apache Tomcat server under a webapp called OAuthTest. You will also need to put several jars in webapp/OAuthTest/WEB-INF/lib:

  ls apache-tomcat-5.5.27/webapps/OAuthTest/WEB-INF/lib/
  commons-codec-1.3.jar jetty-6.1.11.jar
  commons-httpclient-3.1.jar jetty-util-6.1.11.jar commons-logging-1.1.jar junit.jar httpclient-4.0-beta1.jar oauth-core-20090108.jar httpcore-4.0-beta2.jar

The above jars are all from OAuth/java/lib, plus the oauth-core.jar you generated when you compiled things.

Here is the actual JSP for the dummy service, named OAuthTest.jsp:

  <%@ page import="net.oauth.server.*"%>
  <%@ page import="net.oauth.*"%>

  <%
  //Presumably this should actually be looked up for a given key. String consumerSecret="uynAeXiWTisflWX99KU1D2q5";
  
  //Presumably the key is sent by the client. This is part of the URL, after all.
  String consumerKey="orkut.com:623061448914";
  
  //Construct the message object. Use null for the URL and let the code construct it. OAuthMessage message=OAuthServlet.getMessage(request,null);
  
  //Construct an accessor and a consumer
  OAuthConsumer consumer=new OAuthConsumer(null, consumerKey, consumerSecret, null); OAuthAccessor accessor=new OAuthAccessor(consumer);
  
  //Now validate. Weirdly, validator has a void return type. It throws exceptions
  //if there are problems.
  SimpleOAuthValidator validator=new SimpleOAuthValidator(); validator.validateMessage(message,accessor);
  
  //Now what? Generate some JSON here for example.
  System.out.println("It must have worked"); %>

Client code

To build an OAuth client, you can start from an earlier OpenSocial client. For convenience, the example leaves in the OpenSocialUrl and OpenSocialHttpRequest classes, which help construct and execute the REST invocation. However, you can eliminate this and use the standard java.net classes that underly these two.

The client code follows. Save it as MyOAuthClient.java in the OpenSocial java/samples directory.

  import org.opensocial.data.*;
  import org.opensocial.client.*;
  import net.oauth.*;
  import java.util.*;
  
  public class MyOAuthClient {
  
  public static void main(String[] args\) { MyOAuthClient mosc=new MyOAuthClient(\); }

  public MyOAuthClient(\) {
  String REST_BASE_URI=
  "http://localhost:8080/OAuthTest/OAuthTest.jsp";
  String CONSUMER_SECRET=
  "uynAeXiWTisflWX99KU1D2q5";
  String CONSUMER_KEY=
  "orkut.com:623061448914";
  // String VIEWER_ID=
  // "03067092798963641994";
  String VIEWER_ID="08354253340777199997";
  
  try {
  OpenSocialUrl requestUrl = new OpenSocialUrl(REST_BASE_URI\); OpenSocialHttpRequest request=new OpenSocialHttpRequest(requestUrl\);
  requestUrl.addQueryStringParameter("xoauth_requestor_id", VIEWER_ID\); requestUrl.addQueryStringParameter("st", ""\);
  
  String requestMethod=request.getMethod(\);
  String postBody = request.getPostBody(\);
  
  OAuthMessage message =
  new OAuthMessage(requestMethod, requestUrl.toString(\), null\);
  
  OAuthConsumer consumer =
  new OAuthConsumer(null, CONSUMER_KEY, CONSUMER_SECRET, null\); consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.HMAC_SHA1\);
  
  OAuthAccessor accessor = new OAuthAccessor(consumer\); accessor.accessToken = ""; message.addRequiredParameters(accessor\);
  
  for (Map.Entry p : message.getParameters(\)\) { if (!p.getKey(\).equals(postBody\)\) { requestUrl.addQueryStringParameter(
  OAuth.percentEncode(p.getKey(\)\),
  OAuth.percentEncode(p.getValue(\)\)\);
  }
  }
  
  //Take a look at the signed URL
  System.out.println("Signed REST URL: "+requestUrl.toString(\)\);
  
  //Done with signing. Now back to OpenSocialBatch's submitRest(\) //Finally, get the response. This is the meat of the getHttpResponse //method, without the error checking.
  request.execute(\);
  }
  
  catch(Exception ex\) {
  ex.printStackTrace(\);
  }
  }
  }

Compile this from the OpenSocial SVN checkout's Java directory using:

  ant compile-samples

Then, set your classpath and execute:

  export CP=`echo $HOME/opensocial-java-client-read-only/java/lib/*.jar\tr''':'`
    
  export CP=`echo $HOME/opensocial-java-client-read-only/java/dist/*.jar\tr''':'`:$CP
    
  java -classpath $CP:/Users/marlonpierce/opensocial-java-client-read-only/java/samples/bin/ MyOAuthClient

To see if this worked, check the output of your Tomcat server's catalina.out file.

This is document aygs in the Knowledge Base.
Last modified on 2018-01-18 16:21:01.