Looks like a class loading issue - the signatures are looked up using
Class.forName(). How do you make the signature and server libraries
available to your application? Are you bundling them in the war file?
Which version of Jersey are you using?
Martin
On 18.7.2011 5:30, Matthias Broecheler wrote:
> Hello,
>
> I am trying to build a RESTful API in Jersey and would like to
> authenticate requests using OAuth via Jersey's OAuth libraries. I am
> using the server and signature libraries on the server (Glassfish) and
> the client library to test.
> I get an UnsupportedSignatureMethodException on the server when
> OAuthSignature.verify is called irrespective of what signature method
> I specify on the client (tried specifying none, HMAC_SHA1, Plain text).
>
> Here is the client call:
> OAuthParameters params = new
> OAuthParameters().consumerKey("consumer1").token("token1").
> signatureMethod(com.sun.jersey.oauth.signature.HMAC_SHA1.NAME
> <http://com.sun.jersey.oauth.signature.HMAC_SHA1.NAME>).timestamp().nonce().version();
>
>
> // OAuth secrets to access resource
> OAuthSecrets secrets = new
> OAuthSecrets().consumerSecret("consumerSec").tokenSecret("tokenSec");
>
> // if parameters and secrets remain static, filter can be
> added to each web resource
> OAuthClientFilter filter = new
> OAuthClientFilter(client.getProviders(), params, secrets);
>
> // OAuth test server resource
> WebResource resource = getResource("get/");
>
> // filter added at the web resource level
> resource.addFilter(filter);
>
> // make the request (signing it in the process)
> String response = resource.get(String.class);
> System.out.println(response);
>
> This is pretty much taken verbatim from the tutorial:
> http://wikis.sun.com/display/Jersey/OAuth
>
> Similarly for the server:
> // Read the OAuth parameters from the request
> OAuthServerRequest oauthreq = new OAuthServerRequest(request);
> OAuthParameters params = new OAuthParameters();
> params.readRequest(oauthreq);
> log.info <http://log.info>("Consumer: " + params.getConsumerKey());
> log.info <http://log.info>("Token: " + params.getToken());
>
>
> // Set the secret(s), against which we will verify the request
> OAuthSecrets secrets = new OAuthSecrets();
> secrets.consumerSecret("consumerSec");
> secrets.tokenSecret("tokenSec");
>
> // Check that the timestamp has not expired
> String timestampStr = params.getTimestamp();
> // ... timestamp checking code ...
> // Verify the signature
> try {
> if(!OAuthSignature.verify(oauthreq, params, secrets)) {
> log.info <http://log.info>("Unauthorized access");
> throw new WebApplicationException(401);
> }
> } catch (OAuthSignatureException e) {
> log.error(e);
> throw new WebApplicationException(e, 401);
> }
>
> Now, those logging statements produce the right output, but I have no
> idea why it does not support its own signature.
>
> I greatly appreciate any help or pointers.
> Thanks,
> Matthias
>
>
> --
> Matthias Broecheler
> http://www.matthiasb.com
> E-Mail: me_at_matthiasb.com <mailto:me_at_matthiasb.com>