如何使用java创建oAuth请求?

我需要使用oAuth与Viagogo网站建立联系。 参考他们的文档,我需要创建一个类似于下面的请求 

Using the example in step 1A, this means you may generate a signature base string that looks like the following: GET&http%3A%2F%2Fapi.viagogo.net%2FPublic%2FSimpleOAuthAccessRequest&oauth_consumer_key%3Dtestkey%26oauth_nonce%3Dmyn0nc3%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1292404912%26oauth_version%3D1.0%26scope%3DAPI.Public

我正在使用以下代码,但是当我对第1,2行进行注释时,它会返回未经授权的错误 ,当我使用它们时,它会显示oauthService.signRequest返回void。

TradeKingAPI.java 

 import org.scribe.builder.api.DefaultApi10a; import org.scribe.model.Token; public class TradeKingAPI extends DefaultApi10a { @Override public String getRequestTokenEndpoint() { return "http://api.viagogo.net/Public/SimpleOAuthAccessRequest"; } @Override public String getAccessTokenEndpoint() { return "http://api.viagogo.net/Public/SimpleOAuthAccessRequest"; } @Override public String getAuthorizationUrl(Token requestToken) { return "http://api.viagogo.net/Public/SimpleOAuthAccessRequest"; } }

main.java 

 import org.scribe.builder.ServiceBuilder; import org.scribe.model.OAuthRequest; import org.scribe.model.Response; import org.scribe.model.Token; import org.scribe.model.Verb; import org.scribe.oauth.OAuthService; import api.TradeKingAPI; import org.scribe.builder.api.DefaultApi10a; import org.scribe.model.OAuthConstants; import org.scribe.oauth.OAuthService; ........ OAuthService oauthService = new ServiceBuilder() .provider(TradeKingAPI.class) .apiKey("My consumer key") .apiSecret("My secret") .scope("API.Public") .build(); Long seconds = (System.currentTimeMillis() / 1000); System.out.println(">>>" + seconds); String stSeconds = seconds.toString(); OAuthRequest request = new OAuthRequest(Verb.GET, "http://api.viagogo.net/Public /SimpleOAuthAccessRequest"); request.addOAuthParameter(OAuthConstants.CONSUMER_KEY, "My consumer key"); request.addOAuthParameter(OAuthConstants.NONCE, "myn0nc3"); request.addOAuthParameter(OAuthConstants.SIGN_METHOD, "HMAC-SHA1"); request.addOAuthParameter(OAuthConstants.TIMESTAMP, seconds.toString()); request.addOAuthParameter(OAuthConstants.VERSION, "1.0"); request.addOAuthParameter("scope", "API.Public"); 1 String signature = oauthService.signRequest(OAuthConstants.EMPTY_TOKEN, request); 2 request.addOAuthParameter(OAuthConstants.SIGNATURE,signature); Response response = request.send(); System.err.println(">>" + response.isSuccessful()); System.err.println(">>" + response.getMessage()); System.err.println(">>" + response.getBody());

根据我对Viagogo公共API访问文档的理解,您在步骤1中获得的令牌相当于完整OAuth 1.0a“舞蹈”中的请求令牌。

因此,您应该能够使用scribe-java内部类来获取此令牌,而无需手动执行此操作。 唯一的区别是,在scribe中,此请求还会向OAuth服务器发送一个回调url,以用于OAuth“舞蹈”的下一步。

由于我无法获得消费者账户,我只能在此做出假设。 那么我们有两个场景:

场景1:Viagogo服务器容忍额外参数(即回调URL)

所以你可以使用这段代码 

 import org.scribe.builder.api.DefaultApi10a; import org.scribe.model.Token; public class TradeKingAPI extends DefaultApi10a { @Override public Verb getRequestTokenVerb() { return Verb.GET; } @Override public String getRequestTokenEndpoint() { return "http://api.viagogo.net/Public/SimpleOAuthAccessRequest"; } @Override public String getAccessTokenEndpoint() { return "none"; } @Override public String getAuthorizationUrl(Token requestToken) { return "none"; } }

然后你的调用代码将是: 

 OAuthService service = new ServiceBuilder() .provider(TradeKingAPI.class) .signatureType(QueryString) .apiKey("My consumer key") .apiSecret("My secret") .scope("API.Public") .build(); Token requestToken = service.getRequestToken(); //make your API calls OAuthRequest request = new OAuthRequest(Verb.GET, "http://api.viagogo.net/Public/Event/235"); service.signRequest(requestToken, request); Response response = request.send(); System.out.println(response.getBody());

但正如我所说,如果Viagogo安全性有点严格并拒绝无用的param oauth_callback ,则需要切换到方案2

场景2:构建自己的OAuthService

在这种情况下,您必须创建一个新的OAuthService以避免处理OAuthCallback参数。 

 import org.scribe.builder.api.DefaultApi10a; import org.scribe.model.*; import org.scribe.oauth.OAuth10aServiceImpl; import java.util.Map; public class OAuth10aServiceForViagogo extends OAuth10aServiceImpl { private OAuthConfig config; private DefaultApi10a api; public OAuth10aServiceForViagogo(DefaultApi10a api, OAuthConfig config) { super(api, config); this.api = api; this.config = config; } private void addOAuthParams(OAuthRequest request, Token token) { request.addOAuthParameter(OAuthConstants.TIMESTAMP, api.getTimestampService().getTimestampInSeconds()); request.addOAuthParameter(OAuthConstants.NONCE, api.getTimestampService().getNonce()); request.addOAuthParameter(OAuthConstants.CONSUMER_KEY, config.getApiKey()); request.addOAuthParameter(OAuthConstants.SIGN_METHOD, api.getSignatureService().getSignatureMethod()); request.addOAuthParameter(OAuthConstants.VERSION, getVersion()); request.addOAuthParameter(OAuthConstants.SCOPE, config.getScope()); request.addOAuthParameter(OAuthConstants.SIGNATURE, getSignature(request, token)); } private String getSignature(OAuthRequest request, Token token) { String baseString = api.getBaseStringExtractor().extract(request); String signature = api.getSignatureService().getSignature(baseString, config.getApiSecret(), token.getSecret()); return signature; } private void appendSignature(OAuthRequest request) { for (Map.Entry entry : request.getOauthParameters().entrySet()) { request.addQuerystringParameter(entry.getKey(), entry.getValue()); } } @Override public Token getRequestToken(RequestTuner tuner) { OAuthRequest request = new OAuthRequest(api.getRequestTokenVerb(), api.getRequestTokenEndpoint()); addOAuthParams(request, OAuthConstants.EMPTY_TOKEN); appendSignature(request); Response response = request.send(tuner); String body = response.getBody(); return api.getRequestTokenExtractor().extract(body); } }

在调用createService时, TrakingApi类与创建OAuth10aServiceForViagogo略有不同: 

 import org.scribe.builder.api.DefaultApi10a; import org.scribe.model.Token; public class TradeKingAPI extends DefaultApi10a { @override public OAuthService createService(OAuthConfig config) { return new OAuth10aServiceForViagogo(this, config); } @Override public Verb getRequestTokenVerb() { return Verb.GET; } @Override public String getRequestTokenEndpoint() { return "http://api.viagogo.net/Public/SimpleOAuthAccessRequest"; } @Override public String getAccessTokenEndpoint() { return "none"; } @Override public String getAuthorizationUrl(Token requestToken) { return "none"; } }

然后你的调用代码将是相同的: 

  OAuthService service = new ServiceBuilder() .provider(TradeKingAPI.class) .signatureType(QueryString) .apiKey("My consumer key") .apiSecret("My secret") .scope("API.Public") .build(); Token requestToken = service.getRequestToken(); //make your API calls OAuthRequest request = new OAuthRequest(Verb.GET, "http://api.viagogo.net/Public/Event/235"); service.signRequest(requestToken, request); Response response = request.send(); System.out.println(response.getBody());

我没有测试所有这些代码,因为我无法访问消费者和密钥,但它应该接近你需要的。

我假设您正在尝试获取访问令牌(例如,您正在调用SimpleOAuthAccessRequest)。 Scribe的OauthService有处理这个的方法。

但是……如果你要手动完成,那么你的代码就会出现问题 – 至少你已经在这里列出了什么。 我假设你已经正确配置了划线。

  • 不要通过您的请求传递消费者保密,这仅用于签署请求
  • 你应该使用addOauthParameter vs addQueryStringParameter
  • 你应该使用Scribe常量
  • 你需要签署请求(同样,Scribe的OauthService有签名请求的帮助方法)

这是您更新的代码段。

更新:让 Scribe为您提供所有Oauth参数 

 OAuthRequest request = new OAuthRequest(Verb.GET, ... //since you're just passing Oauth parameters and nothing else, //you can use signRequest will create Oauth Parameters for you service.signRequest(OAuthConstants.EMPTY_TOKEN, request) Response response = request.send()
Interesting Posts

如何指定特定的JAXB实现?

加载DOM库时log4j中的冲突? (不允许在classpath中实现dom的其他实现?)

什么是Java EE 7属性文件配置的最佳实践建议?

什么是servlet处理中的“错误调度”?

关闭tomcat时停止计划的计时器

BufferedReader.readLine()不读取并挂起系统(等待)

JBoss 7未通过Java EE6认证

是否可以在JBoss AS 7中部署爆炸的war文件(解压缩的战争)

Interceptor无法访问Action Parameters

优雅的unproxy Hibernate对象方式