Announcement Announcement Module
Collapse
No announcement yet.
OAuth 2-Legged Consumer POST with body? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • OAuth 2-Legged Consumer POST with body?

    Hi,

    I can successfully access a GET resource with the following:

    Code:
    final OAuthConsumerSupport consumer = createConsumerSupport();
    final OAuthConsumerToken accessToken = new OAuthConsumerToken();
    
    final InputStream is = consumer.readProtectedResource(new URL("http://www.mydomain.com/services/test"), accessToken, "GET");
    
    final String response = convertInputStreamToString(is);
    I'm having trouble configuring my code to access a POST resource while also passing some XML data in the body (e.g. "<user><name>John</name></user>").

    I'm not sure where to set the body? OAuthConsumerSupport? OAuthConsumerToken?

    I hacked OAuthConsumerSupport to force it to write the XML to the body, but of course the authorisation failed because the hash didn't account for the XML. I found another client implementation that appears to cater for the body (http://www.javacloud.net/post/334888...-oauth-in-java), but would rather stick with Spring Security OAuth if possible...

    Cheers.

  • #2
    I'm afraid there isn't great support right now for this. You might need to hack it yourself. If you find a solution, be sure to post it here for others.

    Comment


    • #3
      I tried changing URL encoding the XML and adding it as a URL parameter like so:

      Code:
      final InputStream is = consumer.readProtectedResource(new URL("http://www.mydomain.com/services/test?%3cuser%3e%3cname%3eJohn%3c%2fname%3e%3c%2fuser%3e"), accessToken, "POST");
      I intercepted the request and it looked fine, but failed authentication because the hashes were different.

      My working solution was to accept parameters instead of XML, which is fine. The reason for wanting to post XML is that Apache CXF can automatically convert it to a Java object -- rather than explicitly name each query parameter.

      Code:
      final InputStream is = consumer.readProtectedResource(new URL("http://www.mydomain.com/services/test?name=John"), accessToken, "POST");
      Cheers.

      Comment

      Working...
      X