CarrosAuthorizeResource.java

package br.com.livro.rest.oauth;

import static javax.ws.rs.core.MediaType.APPLICATION_FORM_URLENCODED;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.Principal;
import java.util.HashSet;
import java.util.Set;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import org.glassfish.jersey.server.oauth1.DefaultOAuth1Provider;
import org.glassfish.jersey.server.oauth1.DefaultOAuth1Provider.Token;

@Path("/authorize")
@Consumes(APPLICATION_FORM_URLENCODED)
public class CarrosAuthorizeResource {
	@Context
	// Provedor do OAuth registrado no MyApplication
	private DefaultOAuth1Provider provider;

	@GET
	public Response get(@QueryParam("oauth_token") String oauth_token)
			throws URISyntaxException {
		if (oauth_token == null) {
			throw new WebApplicationException(Status.BAD_REQUEST);
		}
		java.net.URI uri = new java.net.URI(String.format(
				"../authorize.jsp?oauth_token=%s", oauth_token));
		return Response.temporaryRedirect(uri).build();
	}

	@POST
	public Response post(@FormParam("oauth_token") String token,
			final @FormParam("nome") String nome,
			@FormParam("login") String login, @FormParam("senha") String senha)
			throws URISyntaxException {
		// Token de requisição
		final Token requestToken = provider.getRequestToken(token);
		// Perfil do usuário
		Set<String> roles = new HashSet<>();
		if ("livro".equals(login) && "livro123".equals(senha)) {
			roles.add("user");
		} else if ("admin".equals(login) && "admin123".equals(senha)) {
			roles.add("admin");
		} else {
			throw new NotAuthorizedException("Login incorreto");
		}
		Principal userPrincipal = new Principal() {
			@Override
			public String getName() {
				// Para simplificar utiliza o nome digitado no formulário
				return nome;
			}
		};
		// Cria o código verificador
		String verifier = provider.authorizeToken(requestToken, userPrincipal,
				roles);
		// URL de retorno (callback) com parâmetros
		String callbackUrl = requestToken.getCallbackUrl();
		callbackUrl += String.format("?oauth_verifier=%s&oauth_token=%s",
				verifier, token);
		// Redirect
		URI uri = new URI(callbackUrl.toString());
		return Response.status(Status.FOUND).location(uri).build();
	}
}