網(wǎng)易微博最近也開放了它的開發(fā)平臺
http://open.t.163.com,其中java版的oauth認證和新浪微博的很類似(貌似都是從twitter那邊copy過來的)。但說句實話,網(wǎng)易java版的sdk和新浪微博的比起來,的確上手比較麻煩,里面提供的example都是把access token寫死,作為參數(shù),具體的代碼如下:
public static void main(String[] args)
{
System.setProperty("tblog4j.oauth.consumerKey", "EJ0GpH9mtU584qtY");
System.setProperty("tblog4j.oauth.consumerSecret", "EgIdvwgF6UXc6WMZs6jTv5ivZcNVDvnT");
TBlog tblog = new TBlog();
tblog.setToken("46f29fb418bdb14044bf39d2cad49f81", "f0c81ad9783f1s427da38312c0cc910c");
try {
tblog.updateStatus("update status from Java SDK");
} catch (TBlogException e) {
e.printStackTrace();
}
}
完全沒有體現(xiàn)出oauth的完整認證過程,access token(就是46f29fb418bdb14044bf39d2cad49f81,f0c81ad9783f1s427da38312c0cc910c"兩段字符串)是怎么來的,完全沒有演示的過程,搞得我做這個開發(fā)的時候只能摸黑,其實oauth的完整過程是這樣的:
OAuth流程圖
- A:消費方請求Request Token
- B:服務提供者授權(quán)Request Token
- C:消費方定向用戶到服務提供者
- D:獲得用戶授權(quán)后,服務提供者定向用戶到消費方
- E:消費方請求Access Token
- F:服務提供者授權(quán)Access Token
- G:消費方訪問受保護的資源
具體的請去圍觀這篇文章http://huoding.com/2010/10/10/8.
由于開發(fā)受阻,只好求助它的兄弟sdk,那就是新浪微博的sdk,但兩者雖然相似度很高,但到底在細節(jié)處還是有所不同,下面就是我仿造新浪微博網(wǎng)頁oauth認證的網(wǎng)易版。
這個過程首先是要在網(wǎng)易開發(fā)平臺申請消費者開發(fā)的key和secret字符串,誰都可以去上面的網(wǎng)易開發(fā)平臺申請:申請到的畫面如下:
然后就可以構(gòu)造一個jsp的頁面,這個頁面就是調(diào)用oauth認證的,我這個jsp叫call.jsp,具體的jsp代碼如下:
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page language="java" import="t4j.*" %>
<%@ page language="java" import="t4j.http.*" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%
System.setProperty("tblog4j.oauth.consumerKey", "EJ0GpH9mtU123xxx");
System.setProperty("tblog4j.oauth.consumerSecret", "EgIdvwgF6UXc6WMZs6jTv5ivZcxxxxxx");
TBlog tblog = new TBlog();
try {
RequestToken requestToken = tblog.getOAuthRequestToken();
session.setAttribute("requestToken",requestToken);
String url = "http://api.t.163.com/oauth/authenticate?oauth_token="+requestToken.getToken()+"&oauth_token_secret="+requestToken.getTokenSecret()+"&oauth_callback=http%3A%2F%2Flocalhost%3A8080%2F163%2Fcallback.jsp";
response.sendRedirect(url);
} catch (TBlogException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
%>
</body>
</html>
這個頁面就是把申請來的consumerKey和consumerSecret傳到一個TBlog對象,這個對象就是網(wǎng)易微博的接口對象了,所有oauth認證以及網(wǎng)易微博的操作api都在這個類中。傳遞過去后就能夠得到request token,同時把requestToken存到session里面,方便后面的頁面使用。接下來就是oauth的認證了,需要把requestToken和requestTokenSecret(兩個字符串,在requestToken對象中)傳遞到網(wǎng)易的授權(quán)頁面,記得帶上oauth_callback參數(shù),這個參數(shù)是通過認證后網(wǎng)易回調(diào)的頁面,說明白一點,就是通過認證了,網(wǎng)易就會自己跳回到你oauth_callback里面?zhèn)鬟f的這個頁面。然后就跳到網(wǎng)易的認證頁面了。
需要輸入網(wǎng)易通行證的用戶名和密碼,登錄后就到了認證的頁面了
點擊允許后,就會跳回到oauth_callback參數(shù)傳遞的頁面,我這個頁面就是callback.jsp,代碼如下:
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page language="java" import="t4j.*" %>
<%@ page language="java" import="t4j.http.*" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%
RequestToken requestToken = (RequestToken)session.getAttribute("requestToken");
TBlog tblog = new TBlog();
AccessToken token = tblog.getOAuthAccessToken(requestToken);
tblog.setToken(token.getToken(),token.getTokenSecret());
try {
out.println(tblog.updateStatus("update status from Java SDK").getId());
} catch (TBlogException e) {
e.printStackTrace();
}
%>
</body>
</html>
在這個頁面就可以去到通過了認證的AccessToken,有了這個,就算是通過了oauth認證,可以操作網(wǎng)易微博的各種資源了。requestToken存在session的意義就是為了在這個頁面可以去到,并根據(jù)這個requestToken得到AccessToken,如果不經(jīng)過網(wǎng)易的那個認證頁面,直接用requestToken是得不到AccessToken(是的,我試過了直接取,沒用的)。上面updateStaus就是發(fā)一條微博到網(wǎng)易去。
本來到這邊就算完成了,但是如果我們需要通過接口搜索網(wǎng)易微博的內(nèi)容時,比如這樣:
List<Status> list = tblog.searchStatus("情人節(jié)");
那么你遇到的就是像一個人的情人節(jié)那樣可恥的失敗,當然上面如果是英語,是不會有問題的,但中文(中國程序員滿臉都是淚,心里都是苦),錯誤代碼是這樣的:
[Wed Feb 16 21:15:25 CST 2011]Request:
[Wed Feb 16 21:15:25 CST 2011]GET http://api.t.163.com/search.json?q=情人節(jié)
[Wed Feb 16 21:15:25 CST 2011]OAuth base string:GET&http%3A%2F%2Fapi.t.163.com%2Fsearch.json&oauth_consumer_key%3DEJ0GpH9mtU584qtY%26oauth_nonce%3D1981498615%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1297862125%26oauth_token%3D3d5ec3c98e57d20c40c458bfe6999d66%26oauth_version%3D1.0%26q%3D%25E6%2583%2585%25E4%25BA%25BA%25E8%258A%2582
[Wed Feb 16 21:15:25 CST 2011]OAuth signature:XMJW2PnNi1TuL1kSkiwCmBbSejA=
[Wed Feb 16 21:15:25 CST 2011]Authorization: OAuth oauth_consumer_key="EJ0GpH9mtU584qtY",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1297862125",oauth_nonce="1981498615",oauth_version="1.0",oauth_token="3d5ec3c98e57d20c40c458bfe6999d66",oauth_signature="XMJW2PnNi1TuL1kSkiwCmBbSejA%3D"
[Wed Feb 16 21:15:25 CST 2011]TBlog-Client-URL: http://open.t.163.com
[Wed Feb 16 21:15:25 CST 2011]Accept-Encoding: gzip
[Wed Feb 16 21:15:25 CST 2011]User-Agent: tblog4j http://open.t.163.com
[Wed Feb 16 21:15:25 CST 2011]TBlog-Client-Version: 1.0
t4j.TBlogException: 401:Authentication credentials were missing or incorrect.
{"request":"/search.json?q=?é????","error":"oauth_signature=XMJW2PnNi1TuL1kSkiwCmBbSejA= oauth_signature_base_string=GET&http%3A%2F%2Fapi.t.163.com%2Fsearch.json&oauth_consumer_key%3DEJ0GpH9mtU584qtY%26oauth_nonce%3D1981498615%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1297862125%26oauth_token%3D3d5ec3c98e57d20c40c458bfe6999d66%26oauth_version%3D1.0 oauth_problem=signature_invalid oauth_signature_method=HMAC-SHA1","error_code":"401"}
at t4j.http.HttpClient.httpRequest(HttpClient.java:572)
[Wed Feb 16 21:15:25 CST 2011]Response:
[Wed Feb 16 21:15:25 CST 2011]HTTP/1.1 401 Unauthorized
[Wed Feb 16 21:15:25 CST 2011]Content-Language:
[Wed Feb 16 21:15:25 CST 2011]Date: Wed, 16 Feb 2011 13:15:33 GMT
[Wed Feb 16 21:15:25 CST 2011]Transfer-Encoding: chunked
[Wed Feb 16 21:15:25 CST 2011]Expires: Thu, 01 Jan 1970 00:00:00 GMT
[Wed Feb 16 21:15:25 CST 2011]Content-Type: application/json;charset=utf-8
[Wed Feb 16 21:15:25 CST 2011]Connection: keep-alive
[Wed Feb 16 21:15:25 CST 2011]Server: nginx
[Wed Feb 16 21:15:25 CST 2011]Pragma: no-cache
[Wed Feb 16 21:15:25 CST 2011]Cache-Control: no-cache, no-store, max-age=0
[Wed Feb 16 21:15:25 CST 2011]{"request":"/search.json?q=?é????","error":"oauth_signature=XMJW2PnNi1TuL1kSkiwCmBbSejA= oauth_signature_base_string=GET&http%3A%2F%2Fapi.t.163.com%2Fsearch.json&oauth_consumer_key%3DEJ0GpH9mtU584qtY%26oauth_nonce%3D1981498615%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1297862125%26oauth_token%3D3d5ec3c98e57d20c40c458bfe6999d66%26oauth_version%3D1.0 oauth_problem=signature_invalid oauth_signature_method=HMAC-SHA1","error_code":"401"}
at t4j.http.HttpClient.httpRequest(HttpClient.java:514)
at t4j.http.HttpClient.get(HttpClient.java:497)
at t4j.TBlog.get(TBlog.java:949)
at t4j.TBlog.searchStatus(TBlog.java:773)
at _jsp._callback__jsp._jspService(_callback__jsp.java:46)
at com.caucho.jsp.JavaPage.service(JavaPage.java:61)
at com.caucho.jsp.Page.pageservice(Page.java:578)
at com.caucho.server.dispatch.PageFilterChain.doFilter(PageFilterChain.java:195)
at com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:187)
at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:265)
at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:273)
at com.caucho.server.port.TcpConnection.run(TcpConnection.java:682)
at com.caucho.util.ThreadPool$Item.runTasks(ThreadPool.java:743)
at com.caucho.util.ThreadPool$Item.run(ThreadPool.java:662)
at java.lang.Thread.run(Thread.java:662)
上面的提示是你的認證沒通過,其實完全不是這么回事,你只要把那個搜索語句改一下就得了:
List<Status> list = tblog.searchStatus(java.net.URLEncoder.encode("情人節(jié)","UTF-8"));
到此,真的就都OK了,真的希望網(wǎng)易做事能徹底些,這些事其實如果有個好的例子,我也不用摸黑搞了兩天。
完整的開發(fā)程序的地址在這里:http://dl.dbank.com/c035vpc4d4
我的微博
http://t.sina.com.cn/1401900445