Package org.restlet.ext.oauth

Support for OAuth 2.0 HTTP authentication.

See:
Description

Class Summary

AccessTokenServerResource	Server resource used to acquire an OAuth token.
AuthenticatedUser	POJO for keeping a grant that a user has approved.
AuthorizationServerResource	Restlet implementation class AuthorizationService.
AuthPageServerResource	Helper class to the AuhorizationResource Handles Authorization requests.
Client	A POJO representing a OAuth client_id.
ClientStore<G extends TokenGenerator>	Abstract class that defines a client store for the Authentication Server.
ClientStoreFactory	Factory for ClientStore.
HttpOAuthHelper	Implementation of OAuth2 Authentication.
OAuthAuthorizer	Authorizer for OAuth 2.0 protection of REST resources.
OAuthForm	Helper class used when the OAuth token should be transmitted as a form.
OAuthParameters	Container for OAuth2 Parameters.
OAuthProxy	A restlet filter for initiating a web server flow or comparable to OAuth 2.0 3-legged authorization.
OAuthServerResource	Base class for common resources used by the OAuth server side.
OAuthUser	Used for storing the OAuth access token in the OAuth security framework.
UserStore	The user store interface represents the entry point where user requests are created, searched and removed.
ValidationServerResource	The ValidationResource is intended to protect a Restlet and make sure that correct OAuth credentials are met.

Enum Summary

Flow	Enum that lets clients retrieve tokens using different OAuth2 flows.
GrantType	Supported mechanisms to grant tokens.
OAuthError	Utility class for formating OAuth errors
ResponseType	Defines the supported types of responses to a grant request.

Package org.restlet.ext.oauth Description

Support for OAuth 2.0 HTTP authentication. This is intended to be used with primarily following use-cases in mind:

• Create a protected resource
• Create a authenticating server
• Create a web client accessing protected resources

It is very simple to create an OAuth server with just a few lines of code. It is also possible to implement a custom back end for data storage and retrieval. The default implementation stores only to memory, so a JVM restart flushes all data.

{
  @code
  public Restlet createInboundRoot(){
    ...
    OAuthAuthorizer auth = new OAuthAuthorizer(
      "http://localhost:8080/OAuth2Provider/validate");
    auth.setNext(ProtectedResource.class);
    router.attach("/me", auth);
    ...
  }
}

Example 1. Creating a Protected Resource

{
  @code
  OAuthParameter params = new OAuthParameters("clientId", "clientSecret",
    oauthURL, "scope1 scope2");
    OAuthProxy proxy = new OauthProxy(params, getContext(), true);
    proxy.setNext(DummyResource.class);
    router.attach("/write", write);
     
    //A Slightly more advanced example that also sets some SSL client parameters
    Client client = new Client(Protocol.HTTPS);
    Context c = new Context();
    client.setContext(c);
    c.getParameters().add("truststorePath", "pathToKeyStoreFile");
    c.getParameters(0.add("truststorePassword", "password");
    OAuthParameter params = new OAuthParameters("clientId", "clientSecret",
    oauthURL, "scope1 scope2");
    OAuthProxy proxy = new OauthProxy(params, getContext(), true, client);
    proxy.setNext(DummyResource.class);
    router.attach("/write", write);   
}

Example 2. Creating a Proxies to access protected resources

Since:

Restlet 2.1

Author:

Kristoffer Gronowski, Martin Svensson

See Also:

OAuth 2 draft 10, Restlet OAuth Extension Wiki, OAuth, User Guide - OAuth extension