Hi Mahesh,
I see Paul has already indicated the URL to get the jar files.
As Suneel pointed out, the OAuth implementation we have in Jersey does
not
offer a full-fledged Service Provider since it encompasses design
considerations
that are beyond OAuth proper. For instance you would need to provide:
- token service (management)
- user authentication method(s)
- policy enforcement etc.
We do have implemented all this in OpenSSO (
http://opensso.org) as an
extension
to our platform. For now the code is an extension but we're in the
process of integrating
it to OpenSSO as a core feature.
Back to Jersey, we have 3 components (see here for more details)
- OAuth signature library
- OAuth client filter
- OAuth server filter
Cheers,
Hubert
On Nov 19, 2009, at 4:41 AM, Mahesh Venkat wrote:
> Hi Hubert,
>
> I downloaded Jersey-1.1.4 jar files (non-maven). In the contribs
> directory I did not find Oauth jar files although I found Spring,
> Guice and other contribution libraries.
>
> Where can I find a non-maven download url for Jersey OAuth Signature
> Library, as referred to in wikis.sun.com/display/Jersey/OAuth.
>
> Is this part of the OAuth Token Service war file from OpenSSO?
>
> Thanks
> --Mahesh
>
> On Fri, Oct 23, 2009 at 8:42 AM, Hubert Le Van Gong <Hubert.Levangong_at_sun.com
> > wrote:
> Right. In other words the Jersey support for OAuth SP-side is only for
> the signature part. You'd have to implement the protocol itself, which
> as you noted we have done in the context of OpenSSO.
> As Paul mentioned, looking at the OAuth Token Service code in
> the OpenSSO extension will illustrate how you can leverage the
> Jersey API.
>
> Thanks,
> Hubert
>
>
> On Oct 23, 2009, at 6:01 PM, Paul C. Bryan wrote:
>
>> I've replied on the blog entry.
>>
>> On Fri, 2009-10-23 at 17:49 +0200, Paul Sandoz wrote:
>>> Hi Suneel,
>>>
>>> I am CC'ing Hubert and Paul who implemented the OAuth functionality.
>>>
>>>
>>> On Oct 23, 2009, at 5:33 PM, Suneel Marthi wrote:
>>>
>>>> Hubert/Paul,
>>>>
>>>> I am presently working on a prototype that needs to implement OAuth
>>>> to secure RESTful Services.
>>>>
>>>> I need to implement both a Service Consumer (the example you have
>>>> provided here) and Service Provider.
>>>> Looking at the Jersey OAuth extension, seems like it only supports
>>>> the Client APi (for the Consumer) and the
>>>> all that the Server API does is to verify the signatures on the
>>>> server side.
>>>>
>>>> I did look at the OpenSSO extensions for OAuth, but using OpenSSO
>>>> but I don't want to use OpenSSO on my project as it would
>>>> be one additional piece that needs to be managed.
>>>>
>>>> Is it possible to implement a Custopm Oauth Service Provider using
>>>> the present Jersy Oauth APIs?
>>>> If so, I would appreciate if I could see some examples as to how it
>>>> can be done.
>>>>
>>>
>>> I do not know. I defer to Hubert and Paul to advise on what could be
>>> done.
>>>
>>> Paul.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>
>
> --
> Hubert A. Le Van Gong
> Identity Architect
> Sun microsystems, Inc.
>
>
> 17 Rue Duprey
> Grenoble, 38000
> France
>
> --------------------------------------------------
> email: hubert.levangong_at_sun.COM
> tel:+33 4 7663 0935
> blog: http://blog.levangong.com/
>
> N 45 11.900'
> W 005 44.145'
> Elev. 736 ft.
>
>
>
>
> --
> Regards
> --Mahesh
--
Hubert A. Le Van Gong
Identity Architect
Sun microsystems, Inc.
17 Rue Duprey
Grenoble, 38000
France
--------------------------------------------------
email: hubert.levangong_at_sun.COM
tel:+33 4 7663 0935
blog: http://blog.levangong.com/
N 45 11.900'
W 005 44.145'
Elev. 736 ft.