Hi Kristian,
Please look at the hands-on-lab we did for the last year's JavaOne - you
can download it here:
http://java.net/projects/jersey/downloads
I believe it covers exactly what you are looking for.
Please make sure to use the versions of the software outlined in the lab
(the setup section is at the end of the lab guide). Since the lab was
done, I made an incompatible change to the server oauth module, and
improved the client side oauth support. Anyway, that should be easy to
switch to once you get it working with the versions mentioned in the lab.
Regards,
Martin
On 23.5.2011 9:09, Kristian Rink wrote:
> Folks;
>
> after dealing a bit with the various considerations and concerns of
> securing a REST/Jersey based infrastructure also all along with
> securing various other resources exposed by already existing systems, I
> am tempted to deal with oauth as, at least looking at it from a 10,000
> feet point of view, seems to be a sane solution to our problem. So, I'd
> like to get a local oauth server and a small testbed infrastructure up
> and running, yet I am making my way through a bunch of documentation
> and so-so blog posts on the issue. So, two general questions before I
> proceed:
>
> * Is oauth generally a technology I would want to consider dealing
> with? There seems a vast amount of people both promoting and bashing
> it, and both seem to have valid points...
>
> * Is there a straightforward tutorial on how to quickly establish a
> working local (client, server) oauth infrastructure? For what I read
> so far, the general principles and concepts of oauth itself _seem_
> clear to me, except for the fact that in most of these papers it
> seems people assume there is "some oauth provider", which leaves out
> the information I actually would like to have (how to "oauth'ify" an
> existing credentials/roles/authentication infrastructure).
>
> Thoughts, anyone?
> TIA and all the best,
> Kristian