stackoom
  简体   繁体   中英

Authentication issue Oauth2 in java

 原文  2014-12-15 13:34:08       java/ google-oauth

Question

I have a problem with my application. My goal is edit google spreadsheets from Java. But I have problem with authentication. I can authorize myself if I copy the auth code from browser, but is not a possible solution in my case. So first I'd like to write a siple program to authenticate myself, for example: 

package com.googleoauth;


import java.io.IOException;

import java.util.ArrayList;

import java.util.List;
import java.util.Map;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import com.google.common.collect.ImmutableMap;



public class GoogleOauthServer {

private Server server = new Server(8089);

private final String clientId = "141523981682-ee0an7hj3f82rphdud7940v9juniqkch.apps.googleusercontent.com";
private final String clientSecret = "_cCjAG9mlS9KufGzFan4Arni";
private final String callbackUri = "http://localhost:8089/callback";

public static void main(String[] args) throws Exception {
    new GoogleOauthServer().startJetty();
}

public void startJetty() throws Exception {

    ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
    context.setContextPath("/");
    server.setHandler(context);

    // map servlets to endpoints
    context.addServlet(new ServletHolder(new SigninServlet()),"/signin");        
    context.addServlet(new ServletHolder(new CallbackServlet()),"/callback");        

    server.start();
    server.join();
}

class SigninServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException,IOException {

        // redirect to google for authorization
        StringBuilder oauthUrl = new StringBuilder().append("https://accounts.google.com/o/oauth2/auth")
        .append("?client_id=").append(clientId) // the client id from the api console registration
        .append("&response_type=code")
        .append("&scope=openid%20email") // scope is the api permissions we are requesting
        .append("&redirect_uri=").append(callbackUri) // the servlet that google redirects to after authorization
        .append("&state=this_can_be_anything_to_help_correlate_the_response%3Dlike_session_id")
        .append("&access_type=offline") // here we are asking to access to user's data while they are not signed in
        .append("&approval_prompt=force"); // this requires them to verify which account to use, if they are already signed in

        resp.sendRedirect(oauthUrl.toString());
    }   
}

class CallbackServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException,IOException {
        // google redirects with
        //http://localhost:8089/callback?state=this_can_be_anything_to_help_correlate_the_response%3Dlike_session_id&code=4/ygE-kCdJ_pgwb1mKZq3uaTEWLUBd.slJWq1jM9mcUEnp6UAPFm0F2NQjrgwI&authuser=0&prompt=consent&session_state=a3d1eb134189705e9acf2f573325e6f30dd30ee4..d62c

        // if the user denied access, we get back an error, ex
        // error=access_denied&state=session%3Dpotatoes

        if (req.getParameter("error") != null) {
            resp.getWriter().println(req.getParameter("error"));
            return;
        }

        // google returns a code that can be exchanged for a access token
        String code = req.getParameter("code");

        // get the access token by post to Google
        String body = post("https://accounts.google.com/o/oauth2/token", ImmutableMap.<String,String>builder()
                .put("code", code)
                .put("client_id", clientId)
                .put("client_secret", clientSecret)
                .put("redirect_uri", callbackUri)
                .put("grant_type", "authorization_code").build());

        JSONObject jsonObject = null;

        // get the access token from json and request info from Google
        try {
            jsonObject = (JSONObject) new JSONParser().parse(body);
        } catch (ParseException e) {
            throw new RuntimeException("Unable to parse json " + body);
        }

        // google tokens expire after an hour, but since we requested offline access we can get a new token without user involvement via the refresh token
        String accessToken = (String) jsonObject.get("access_token");

        // you may want to store the access token in session
        req.getSession().setAttribute("access_token", accessToken);

        // get some info about the user with the access token
        String json = get(new StringBuilder("https://www.googleapis.com/oauth2/v1/userinfo?access_token=").append(accessToken).toString());

        // now we could store the email address in session

        // return the json of the user's basic info
        resp.getWriter().println(json);
    }   
}

// makes a GET request to url and returns body as a string
public String get(String url) throws ClientProtocolException, IOException {
    return execute(new HttpGet(url));
}

// makes a POST request to url with form parameters and returns body as a string
public String post(String url, Map<String,String> formParameters) throws ClientProtocolException, IOException { 
    HttpPost request = new HttpPost(url);

    List <NameValuePair> nvps = new ArrayList <NameValuePair>();

    for (String key : formParameters.keySet()) {
        nvps.add(new BasicNameValuePair(key, formParameters.get(key))); 
    }

    request.setEntity(new UrlEncodedFormEntity(nvps));

    return execute(request);
}

// makes request and checks response code for 200
private String execute(HttpRequestBase request) throws ClientProtocolException, IOException {
    HttpClient httpClient = new DefaultHttpClient();
    HttpResponse response = httpClient.execute(request);

    HttpEntity entity = response.getEntity();
    String body = EntityUtils.toString(entity);

    if (response.getStatusLine().getStatusCode() != 200) {
        throw new RuntimeException("Expected 200 but got " + response.getStatusLine().getStatusCode() + ", with body " + body);
    }

    return body;
}
}

When I tried this example I got an error: 401. That's an error. Error: invalid_client The OAuth client was deleted.

I can't find any useful about this error.

If somebody can send an example, where I can authorize myself without any copy or other external intervention that would be very kind.

Thanks, Richard

1 answers

solution1
 1 ACCPTED  2014-12-15 18:49:17

I just got your example and started the application. Browsed to localhost:8089/signin then logged in with google, approved some permissions and finally I got the json response with my userinfo. Then restarted the application. The scenario still works. :)

The problem you encountered "could be" caused by some wrong dependencies you use in your code. My deps were following: 

    <dependency>
        <groupId>org.eclipse.jetty</groupId>
        <artifactId>jetty-server</artifactId>
        <version>9.3.0.M1</version>
    </dependency>

    <dependency>
        <groupId>org.eclipse.jetty</groupId>
        <artifactId>jetty-servlet</artifactId>
        <version>9.3.0.M1</version>
    </dependency>

    <dependency>
        <groupId>org.apache.clerezza.ext</groupId>
        <artifactId>org.json.simple</artifactId>
        <version>0.4</version>
    </dependency>

    <dependency>
        <groupId>com.google.guava</groupId>
        <artifactId>guava-collections</artifactId>
        <version>r03</version>
    </dependency>

    <dependency>
        <groupId>org.apache.httpcomponents</groupId>
        <artifactId>httpcore</artifactId>
        <version>4.2.5</version>
    </dependency>

    <dependency>
        <groupId>org.apache.httpcomponents</groupId>
        <artifactId>httpclient</artifactId>
        <version>4.2.5</version>
    </dependency>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Issue with OAuth2 authentication with google spreadsheet OAuth2 Authentication in Java using HttpClient Authentication through Oauth2 Oauth2 authentication JSP and OAUTH2 authentication Programmatic authentication with oauth2 Designing the flow of OAuth2 authentication Java Webserver for oAuth2 OAuth2 Issue with gData ContactsService Spring Oauth2 CORS issue
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM