|
||||||||||
| PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES | |||||||||
See:
Description
| Class Summary | |
|---|---|
| GoogleOAuthAuthorizeTemporaryTokenUrl | Google OAuth 1.0a URL builder for a Google Accounts web page to allow the end user to authorize the temporary token. |
| GoogleOAuthDomainWideDelegation | Google's OAuth domain-wide delegation requires an e-mail address of the user
whose data you are trying to access via GoogleOAuthDomainWideDelegation.requestorId on every HTTP
request. |
| GoogleOAuthDomainWideDelegation.Url | Generic URL that extends GoogleUrl and also provides the
GoogleOAuthDomainWideDelegation.Url.requestorId parameter. |
| GoogleOAuthGetAccessToken | Generic Google OAuth 1.0a URL to request to exchange the temporary credentials token (or "request token") for a long-lived credentials token (or "access token") from the Google Authorization server. |
| GoogleOAuthGetTemporaryToken | Generic Google OAuth 1.0a URL to request a temporary credentials token (or "request token") from the Google Authorization server. |
Google's additions to OAuth 1.0a authorization as specified in Google's OAuth API Reference (see detailed package specification).
Before using this library, you need to set up your application as follows:
consumerKey on every
OAuth request, for example in AbstractOAuthGetToken.consumerKey.OAuthHmacSigner.clientSharedSecret when
using the "HMAC-SHA1" signature method."HMAC-SHA1"
signature method. Use "anonymous" for the consumerKey and
clientSharedSecret."HMAC-SHA1" signature method, use OAuthHmacSigner."RSA-SHA1" signature method, use OAuthRsaSigner. See the instructions for generating
a self-signing private key and public certificate .After the set up has been completed, the typical application flow is:
GoogleOAuthGetTemporaryToken. A
callback URL should be specified for web applications, but does not need to be
specified for installed applications.GoogleOAuthAuthorizeTemporaryTokenUrl.OAuthCallbackUrl."" for the verification
code.GoogleOAuthGetAccessToken. This
access token must be stored.OAuthParameters.token and invoking OAuthParameters.signRequestsUsingAuthorizationHeader(com.google.api.client.http.HttpTransport).GoogleOAuthDomainWideDelegation
as a request execute intercepter to set the e-mail address of the user on
every HTTP request, or GoogleOAuthDomainWideDelegation.Url
as a generic URL builder with the requestor ID parameter.GoogleOAuthGetAccessToken.revokeAccessToken(com.google.api.client.auth.oauth.OAuthParameters).
Users can also manually revoke tokens from Google's change
authorized websites page.
import com.google.api.client.auth.*;
import com.google.api.client.auth.oauth.*;
import com.google.api.client.googleapis.*;
import com.google.api.client.googleapis.auth.oauth.*;
import com.google.api.client.http.*;
import java.io.*;
import java.net.*;
import java.security.*;
import java.util.*;
import javax.servlet.http.*;
public class PicasaSample extends HttpServlet {
private static final String CONSUMER_KEY = "...";
/**
* OAuth type. This is only needed for a general-purpose sample. In a real
* application, normally only one kind of auth is used.
*/
enum OAuthType {
REGISTERED_RSA, REGISTERED_HMAC, UNREGISTERED_HMAC
}
static final OAuthType OAUTH_TYPE = OAuthType.REGISTERED_RSA;
private static final String CONSUMER_KEY =
OAUTH_TYPE == OAuthType.UNREGISTERED_HMAC ? "anonymous" : "...";
/**
* In-memory access token store. But this is bad practice! For example, if the
* process dies, all tokens would be lost. Instead, the long-lived access
* token credentials should be stored in a long-lived location for example in
* a database.
*/
static Map<String , TokenInfo> OAUTH_TOKENS = new HashMap<String, TokenInfo>();
static final class TokenInfo {
final boolean temporary;
final String token;
final String tokenSecret;
TokenInfo(OAuthCredentialsResponse response) {
this.token = response.token;
this.tokenSecret = response.tokenSecret;
this.temporary = response.callbackConfirmed != null;
}
OAuthParameters createParameters() throws IOException {
OAuthParameters result = new OAuthParameters();
result.consumerKey = CONSUMER_KEY;
result.signer = createSigner(this);
result.token = token;
return result;
}
}
private static TokenInfo execute(AbstractOAuthGetToken request)
throws IOException {
OAuthCredentialsResponse response = request.execute();
TokenInfo result = new TokenInfo(response);
OAUTH_TOKENS.put(getCurrentUserId(), result);
return result;
}
private static final String SCOPE = "http://picasaweb.google.com/data";
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException {
PrintWriter writer = response.getWriter();
GoogleTransport transport = new GoogleTransport();
transport.applicationName = "...";
transport.setVersionHeader(PicasaWebAlbums.VERSION);
try {
String thisURL = request.getRequestURI();
String userId = getCurrentUserId();
TokenInfo tokenInfo = OAUTH_TOKENS.get(userId);
StringBuffer fullUrlBuf = request.getRequestURL();
if (request.getQueryString() != null) {
fullUrlBuf.append('?').append(request.getQueryString());
}
String fullUrl = fullUrlBuf.toString();
OAuthCallbackUrl authorizeResponse = new OAuthCallbackUrl(fullUrl);
if (tokenInfo != null && tokenInfo.temporary
&& authorizeResponse.verifier == null) {
tokenInfo = null;
}
OAuthSigner signer = createSigner(tokenInfo);
if (tokenInfo == null) {
GoogleOAuthGetTemporaryToken requestToken =
new GoogleOAuthGetTemporaryToken();
requestToken.signer = signer;
requestToken.consumerKey = CONSUMER_KEY;
requestToken.scope = SCOPE;
requestToken.callback = request.getRequestURL().toString();
tokenInfo = execute(requestToken);
GoogleOAuthAuthorizeTemporaryTokenUrl authorizeUrl =
new GoogleOAuthAuthorizeTemporaryTokenUrl();
authorizeUrl.temporaryToken = tokenInfo.token;
response.sendRedirect(authorizeUrl.build());
return;
}
if (tokenInfo.temporary) {
GoogleOAuthGetAccessToken accessToken =
new GoogleOAuthGetAccessToken();
accessToken.temporaryToken = tokenInfo.token;
accessToken.signer = signer;
accessToken.consumerKey = CONSUMER_KEY;
accessToken.verifier = authorizeResponse.verifier;
tokenInfo = execute(accessToken);
signer = createSigner(tokenInfo);
}
tokenInfo.createParameters().signRequestsUsingAuthorizationHeader(
transport);
run(writer, transport);
} catch (Exception e) {
handleException(writer, e);
}
}
private static OAuthSigner createSigner(TokenInfo tokenInfo)
throws IOException {
if (OAUTH_TYPE == OAuthType.REGISTERED_RSA) {
OAuthRsaSigner result = new OAuthRsaSigner();
result.privateKey = getPrivateKey();
return result;
}
OAuthHmacSigner result = new OAuthHmacSigner();
result.clientSharedSecret =
OAUTH_TYPE == OAuthType.UNREGISTERED_HMAC ? "anonymous" : "...";
if (tokenInfo != null) {
result.tokenSharedSecret = tokenInfo.tokenSecret;
}
return result;
}
private static PrivateKey getPrivateKey() throws IOException {
if (privateKey == null) {
try {
privateKey =
RsaSha.getPrivateKeyFromKeystore(new FileInputStream(
"WEB-INF/....jks"), "...", "...", "...");
} catch (GeneralSecurityException e) {
throw new IOException(e);
}
}
return privateKey;
}
}
for (Map.Entry<String, TokenInfo> entry : OAUTH_TOKENS.entrySet()) {
TokenInfo tokenInfo = entry.getValue();
if (!tokenInfo.temporary) {
String user = entry.getKey();
try {
OAuthParameters parameters = tokenInfo.createParameters();
GoogleOAuthGetAccessToken.revokeAccessToken(parameters);
} catch (Exception e) {
handleException(writer, e);
}
}
}
OAUTH_TOKENS.clear();
This package depends on the com.google.api.client.auth.oauth,
com.google.api.client.googleapis, com.google.api.client.http,
and com.google.api.client.util packages.
Warning: this package is experimental, and its content may be changed in incompatible ways or possibly entirely removed in a future version of the library
|
||||||||||
| PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES | |||||||||