JBoss.orgCommunity Documentation

Chapter 37. Authentication

37.1. OAuth core 1.0a
37.1.1. Authenticating with OAuth
37.1.2. Accessing protected resources
37.1.3. Implementing an OAuthProvider

RESTEasy has preliminary support for OAuth.

RESTEasy has preliminary support for OAuth core 1.0a. This includes support for authenticating with OAuth (as described by the spec section 6) and OAuth authentication for protected resources (as described by the spec section 7).

Important

This API should be considered experimental and not suitable for production yet, especially for tight security. It is not final yet and subject to change. If you have comments, bugs, feature requests or questions, contact us through the RESTEasy mailing list.

OAuth authentication is the process in which Users grant access to their Protected Resources without sharing their credentials with the Consumer.

OAuth Authentication is done in three steps:

In order for RESTEasy to provide the two URL endpoints where the Client will request unauthorized Request Tokens and exchange authorized Request Tokens for Access Tokens, you need to enable the OAuthServlet in your web.xml:

				
<!-- The OAuth Servlet handles token exchange -->
<servlet>
  <servlet-name>OAuth</servlet-name>
  <servlet-class>org.jboss.RESTEasy.auth.oauth.OAuthServlet</servlet-class>
</servlet>

<!-- This will be the base for the token exchange endpoint URL -->
<servlet-mapping>
  <servlet-name>OAuth</servlet-name>
  <url-pattern>/oauth/*</url-pattern>
</servlet-mapping>
				
			

The following configuration options are available using <context-param> elements:

Table 37.1. OAuth Servlet options
Option Name Default Description
oauth.provider.provider-class *Required* Defines the fully-qualified class name of your OAuthProvider implementation
oauth.provider.tokens.request /requestToken This defines the endpoint URL for requesting unauthorized Request Tokens
oauth.provider.tokens.access /accessToken This defines the endpoint URL for exchanging authorized Request Tokens for Access Tokens