1. smartproject
  2. oauth-2.0

Wiki

Clone wiki

oauth-2.0 / ResourceServer

Leeloo Resource Server

In some cases OAuth Authorization Server and Resource Server are this same application. OAuth 2.0 specification logically separates these two entities, leeloo does it to.

leeloo RS module helps you to handle client requests to access OAuth protected resource.

 protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    
    try {
             // Make the OAuth Request out of this request and validate it
             // Specify where you expect OAuth access token (request header, body or query string)
            OAuthAccessResourceRequest oauthRequest = new 
                    OAuthAccessResourceRequest(request, ParameterStyle.BODY);

             // Get the access token
            String accessToken = oauthRequest.getAccessToken();

             //... validate access token

         //if something goes wrong
    } catch(OAuthProblemException ex) {
        //build error response
            OAuthResponse oauthResponse = OAuthRSResponse
                    .errorResponse(HttpServletResponse.SC_UNAUTHORIZED)
                    .setRealm("Album Example")
                    .buildHeaderMessage();

             response.addDateHeader(OAuth.HeaderType.WWW_AUTHENTICATE,                       oauthResponse.getHeader(OAuth.HeaderType.WWW_AUTHENTICATE));
  
    }

}

Usually, it is good idea to perform leeloo RS module logic in java filter or JAX-RS interceptor.

We are currently working on more thorough solution. Keep updated!

If you need more advanced examples, integration-tests module shows you all possibilities provided by leeloo API

Updated