Package org.restlet.ext.oauth

Support for OAuth 2.0 HTTP authentication.

See:
          Description

Class Summary
AccessTokenServerResource Server resource used to acquire an OAuth token.
AuthenticatedUser POJO for keeping a grant that a user has approved.
AuthorizationServerResource Restlet implementation class AuthorizationService.
AuthPageServerResource Helper class to the AuhorizationResource Handles Authorization requests.
Client A POJO representing a OAuth client_id.
ClientStore<G extends TokenGenerator> Abstract class that defines a client store for the Authentication Server.
ClientStoreFactory Factory for ClientStore.
HttpOAuthHelper Implementation of OAuth2 Authentication.
OAuthAuthorizer Authorizer for OAuth 2.0 protection of REST resources.
OAuthForm Helper class used when the OAuth token should be transmitted as a form.
OAuthParameters Container for OAuth2 Parameters.
OAuthProxy A restlet filter for initiating a web server flow or comparable to OAuth 2.0 3-legged authorization.
OAuthServerResource Base class for common resources used by the OAuth server side.
OAuthUser Used for storing the OAuth access token in the OAuth security framework.
UserStore The user store interface represents the entry point where user requests are created, searched and removed.
ValidationServerResource The ValidationResource is intended to protect a Restlet and make sure that correct OAuth credentials are met.
 

Enum Summary
Flow Enum that lets clients retrieve tokens using different OAuth2 flows.
GrantType Supported mechanisms to grant tokens.
OAuthError Utility class for formating OAuth errors
ResponseType Defines the supported types of responses to a grant request.
 

Package org.restlet.ext.oauth Description

Support for OAuth 2.0 HTTP authentication. This is intended to be used with primarily following use-cases in mind:

It is very simple to create an OAuth server with just a few lines of code. It is also possible to implement a custom back end for data storage and retrieval. The default implementation stores only to memory, so a JVM restart flushes all data.
{
  @code
  public Restlet createInboundRoot(){
    ...
    OAuthAuthorizer auth = new OAuthAuthorizer(
      "http://localhost:8080/OAuth2Provider/validate");
    auth.setNext(ProtectedResource.class);
    router.attach("/me", auth);
    ...
  }
}

Example 1. Creating a Protected Resource

{
  @code
  OAuthParameter params = new OAuthParameters("clientId", "clientSecret",
    oauthURL, "scope1 scope2");
    OAuthProxy proxy = new OauthProxy(params, getContext(), true);
    proxy.setNext(DummyResource.class);
    router.attach("/write", write);
     
    //A Slightly more advanced example that also sets some SSL client parameters
    Client client = new Client(Protocol.HTTPS);
    Context c = new Context();
    client.setContext(c);
    c.getParameters().add("truststorePath", "pathToKeyStoreFile");
    c.getParameters(0.add("truststorePassword", "password");
    OAuthParameter params = new OAuthParameters("clientId", "clientSecret",
    oauthURL, "scope1 scope2");
    OAuthProxy proxy = new OauthProxy(params, getContext(), true, client);
    proxy.setNext(DummyResource.class);
    router.attach("/write", write);   
}

Example 2. Creating a Proxies to access protected resources

Since:
Restlet 2.1
Author:
Kristoffer Gronowski, Martin Svensson
See Also:
OAuth 2 draft 10, Restlet OAuth Extension Wiki, OAuth, User Guide - OAuth extension


Copyright © 2005-2013 Restlet.