Child pages
  • OAuth 2.0 Authorization Server
Skip to end of metadata
Go to start of metadata

Oltu Authorization Server

With Oltu you can easily create OAuth 2.0 compliant applications.

End User Authorization Endpoint

Simplified implementation of the OAuth 2.0 End User Authorization Endpoint using Oltu:

protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {

    try {
         //dynamically recognize an OAuth profile based on request characteristic (params,
         // method, content type etc.), perform validation
         OAuthAuthzRequest oauthRequest = new OAuthAuthzRequest(request);

         validateRedirectionURI(oauthRequest)

         //build OAuth response
         OAuthResponse resp = OAuthASResponse
             .authorizationResponse(HttpServletResponse.SC_FOUND)
             .setCode(oauthIssuerImpl.authorizationCode())
             .location(ex.getRedirectUri())
             .buildQueryMessage();

         response.sendRedirect(resp.getLocationUri());

         //if something goes wrong
    } catch(OAuthProblemException ex) {
         final OAuthResponse resp = OAuthASResponse
             .errorResponse(HttpServletResponse.SC_FOUND)
             .error(ex)
             .location(redirectUri)
             .buildQueryMessage();

         response.sendRedirect(resp.getLocationUri());
    }

}

With this way of building OAuth requests and responses, it does not matter if you are using Java servlets or the JAX-RS specification.

In JAX-RS endpoint, for example, you would do:

Response.status(resp.getResponseStatus()).location(resp.getLocationUri()).build();

Token Endpoint

Simplified implementation of the OAuth 2.0 Token Endpoint using Oltu:

protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {

OAuthTokenRequest oauthRequest = null;

OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());

    try {
           oauthRequest = new OAuthTokenRequest(request);
	   
           validateClient(oauthRequest);

           String authzCode = oauthRequest.getCode();

           // some code
           String accessToken = oauthIssuerImpl.accessToken();
           String refreshToken = oauthIssuerImpl.refreshToken();

           // some code
            OAuthResponse r = OAuthASResponse
                .tokenResponse(HttpServletResponse.SC_OK)
                .setAccessToken(accessToken)
                .setExpiresIn("3600")
                .setRefreshToken(refreshToken)
                .buildJSONMessage();

        response.setStatus(r.getResponseStatus());
        PrintWriter pw = response.getWriter();
        pw.print(r.getBody());
        pw.flush();
        pw.close();
         //if something goes wrong
    } catch(OAuthProblemException ex) {

        OAuthResponse r = OAuthResponse
            .errorResponse(401)
            .error(ex)
            .buildJSONMessage();

        response.setStatus(r.getResponseStatus());

        PrintWriter pw = response.getWriter();
        pw.print(r.getBody());
        pw.flush();
        pw.close();

        response.sendError(401);
    }

}

If you need more advanced examples, then take a look at the integration-tests module which shows all possibilities provided by Oltu API.

  • No labels