網(wǎng)易微博最近也開放了它的開發(fā)平臺(tái)
http://open.t.163.com,其中java版的oauth認(rèn)證和新浪微博的很類似(貌似都是從twitter那邊copy過來的)。但說句實(shí)話,網(wǎng)易java版的sdk和新浪微博的比起來,的確上手比較麻煩,里面提供的example都是把a(bǔ)ccess token寫死,作為參數(shù),具體的代碼如下:
public static void main(String[] args)
{
System.setProperty("tblog4j.oauth.consumerKey", "EJ0GpH9mtU584qtY");
System.setProperty("tblog4j.oauth.consumerSecret", "EgIdvwgF6UXc6WMZs6jTv5ivZcNVDvnT");
TBlog tblog = new TBlog();
tblog.setToken("46f29fb418bdb14044bf39d2cad49f81", "f0c81ad9783f1s427da38312c0cc910c");
try {
tblog.updateStatus("update status from Java SDK");
} catch (TBlogException e) {
e.printStackTrace();
}
}
完全沒有體現(xiàn)出oauth的完整認(rèn)證過程,access token(就是46f29fb418bdb14044bf39d2cad49f81,f0c81ad9783f1s427da38312c0cc910c"兩段字符串)是怎么來的,完全沒有演示的過程,搞得我做這個(gè)開發(fā)的時(shí)候只能摸黑,其實(shí)oauth的完整過程是這樣的:
OAuth流程圖
- A:消費(fèi)方請(qǐng)求Request Token
- B:服務(wù)提供者授權(quán)Request Token
- C:消費(fèi)方定向用戶到服務(wù)提供者
- D:獲得用戶授權(quán)后,服務(wù)提供者定向用戶到消費(fèi)方
- E:消費(fèi)方請(qǐng)求Access Token
- F:服務(wù)提供者授權(quán)Access Token
- G:消費(fèi)方訪問受保護(hù)的資源
具體的請(qǐng)去圍觀這篇文章http://huoding.com/2010/10/10/8.
由于開發(fā)受阻,只好求助它的兄弟sdk,那就是新浪微博的sdk,但兩者雖然相似度很高,但到底在細(xì)節(jié)處還是有所不同,下面就是我仿造新浪微博網(wǎng)頁oauth認(rèn)證的網(wǎng)易版。
這個(gè)過程首先是要在網(wǎng)易開發(fā)平臺(tái)申請(qǐng)消費(fèi)者開發(fā)的key和secret字符串,誰都可以去上面的網(wǎng)易開發(fā)平臺(tái)申請(qǐng):申請(qǐng)到的畫面如下:
然后就可以構(gòu)造一個(gè)jsp的頁面,這個(gè)頁面就是調(diào)用oauth認(rèn)證的,我這個(gè)jsp叫call.jsp,具體的jsp代碼如下:
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page language="java" import="t4j.*" %>
<%@ page language="java" import="t4j.http.*" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%
System.setProperty("tblog4j.oauth.consumerKey", "EJ0GpH9mtU123xxx");
System.setProperty("tblog4j.oauth.consumerSecret", "EgIdvwgF6UXc6WMZs6jTv5ivZcxxxxxx");
TBlog tblog = new TBlog();
try {
RequestToken requestToken = tblog.getOAuthRequestToken();
session.setAttribute("requestToken",requestToken);
String url = "http://api.t.163.com/oauth/authenticate?oauth_token="+requestToken.getToken()+"&oauth_token_secret="+requestToken.getTokenSecret()+"&oauth_callback=http%3A%2F%2Flocalhost%3A8080%2F163%2Fcallback.jsp";
response.sendRedirect(url);
} catch (TBlogException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
%>
</body>
</html>
這個(gè)頁面就是把申請(qǐng)來的consumerKey和consumerSecret傳到一個(gè)TBlog對(duì)象,這個(gè)對(duì)象就是網(wǎng)易微博的接口對(duì)象了,所有oauth認(rèn)證以及網(wǎng)易微博的操作api都在這個(gè)類中。傳遞過去后就能夠得到request token,同時(shí)把requestToken存到session里面,方便后面的頁面使用。接下來就是oauth的認(rèn)證了,需要把requestToken和requestTokenSecret(兩個(gè)字符串,在requestToken對(duì)象中)傳遞到網(wǎng)易的授權(quán)頁面,記得帶上oauth_callback參數(shù),這個(gè)參數(shù)是通過認(rèn)證后網(wǎng)易回調(diào)的頁面,說明白一點(diǎn),就是通過認(rèn)證了,網(wǎng)易就會(huì)自己跳回到你oauth_callback里面?zhèn)鬟f的這個(gè)頁面。然后就跳到網(wǎng)易的認(rèn)證頁面了。
需要輸入網(wǎng)易通行證的用戶名和密碼,登錄后就到了認(rèn)證的頁面了
點(diǎn)擊允許后,就會(huì)跳回到oauth_callback參數(shù)傳遞的頁面,我這個(gè)頁面就是callback.jsp,代碼如下:
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page language="java" import="t4j.*" %>
<%@ page language="java" import="t4j.http.*" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%
RequestToken requestToken = (RequestToken)session.getAttribute("requestToken");
TBlog tblog = new TBlog();
AccessToken token = tblog.getOAuthAccessToken(requestToken);
tblog.setToken(token.getToken(),token.getTokenSecret());
try {
out.println(tblog.updateStatus("update status from Java SDK").getId());
} catch (TBlogException e) {
e.printStackTrace();
}
%>
</body>
</html>
在這個(gè)頁面就可以去到通過了認(rèn)證的AccessToken,有了這個(gè),就算是通過了oauth認(rèn)證,可以操作網(wǎng)易微博的各種資源了。requestToken存在session的意義就是為了在這個(gè)頁面可以去到,并根據(jù)這個(gè)requestToken得到AccessToken,如果不經(jīng)過網(wǎng)易的那個(gè)認(rèn)證頁面,直接用requestToken是得不到AccessToken(是的,我試過了直接取,沒用的)。上面updateStaus就是發(fā)一條微博到網(wǎng)易去。
本來到這邊就算完成了,但是如果我們需要通過接口搜索網(wǎng)易微博的內(nèi)容時(shí),比如這樣:
List<Status> list = tblog.searchStatus("情人節(jié)");
那么你遇到的就是像一個(gè)人的情人節(jié)那樣可恥的失敗,當(dāng)然上面如果是英語,是不會(huì)有問題的,但中文(中國程序員滿臉都是淚,心里都是苦),錯(cuò)誤代碼是這樣的:
[Wed Feb 16 21:15:25 CST 2011]Request:
[Wed Feb 16 21:15:25 CST 2011]GET http://api.t.163.com/search.json?q=情人節(jié)
[Wed Feb 16 21:15:25 CST 2011]OAuth base string:GET&http%3A%2F%2Fapi.t.163.com%2Fsearch.json&oauth_consumer_key%3DEJ0GpH9mtU584qtY%26oauth_nonce%3D1981498615%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1297862125%26oauth_token%3D3d5ec3c98e57d20c40c458bfe6999d66%26oauth_version%3D1.0%26q%3D%25E6%2583%2585%25E4%25BA%25BA%25E8%258A%2582
[Wed Feb 16 21:15:25 CST 2011]OAuth signature:XMJW2PnNi1TuL1kSkiwCmBbSejA=
[Wed Feb 16 21:15:25 CST 2011]Authorization: OAuth oauth_consumer_key="EJ0GpH9mtU584qtY",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1297862125",oauth_nonce="1981498615",oauth_version="1.0",oauth_token="3d5ec3c98e57d20c40c458bfe6999d66",oauth_signature="XMJW2PnNi1TuL1kSkiwCmBbSejA%3D"
[Wed Feb 16 21:15:25 CST 2011]TBlog-Client-URL: http://open.t.163.com
[Wed Feb 16 21:15:25 CST 2011]Accept-Encoding: gzip
[Wed Feb 16 21:15:25 CST 2011]User-Agent: tblog4j http://open.t.163.com
[Wed Feb 16 21:15:25 CST 2011]TBlog-Client-Version: 1.0
t4j.TBlogException: 401:Authentication credentials were missing or incorrect.
{"request":"/search.json?q=?é????","error":"oauth_signature=XMJW2PnNi1TuL1kSkiwCmBbSejA= oauth_signature_base_string=GET&http%3A%2F%2Fapi.t.163.com%2Fsearch.json&oauth_consumer_key%3DEJ0GpH9mtU584qtY%26oauth_nonce%3D1981498615%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1297862125%26oauth_token%3D3d5ec3c98e57d20c40c458bfe6999d66%26oauth_version%3D1.0 oauth_problem=signature_invalid oauth_signature_method=HMAC-SHA1","error_code":"401"}
at t4j.http.HttpClient.httpRequest(HttpClient.java:572)
[Wed Feb 16 21:15:25 CST 2011]Response:
[Wed Feb 16 21:15:25 CST 2011]HTTP/1.1 401 Unauthorized
[Wed Feb 16 21:15:25 CST 2011]Content-Language:
[Wed Feb 16 21:15:25 CST 2011]Date: Wed, 16 Feb 2011 13:15:33 GMT
[Wed Feb 16 21:15:25 CST 2011]Transfer-Encoding: chunked
[Wed Feb 16 21:15:25 CST 2011]Expires: Thu, 01 Jan 1970 00:00:00 GMT
[Wed Feb 16 21:15:25 CST 2011]Content-Type: application/json;charset=utf-8
[Wed Feb 16 21:15:25 CST 2011]Connection: keep-alive
[Wed Feb 16 21:15:25 CST 2011]Server: nginx
[Wed Feb 16 21:15:25 CST 2011]Pragma: no-cache
[Wed Feb 16 21:15:25 CST 2011]Cache-Control: no-cache, no-store, max-age=0
[Wed Feb 16 21:15:25 CST 2011]{"request":"/search.json?q=?é????","error":"oauth_signature=XMJW2PnNi1TuL1kSkiwCmBbSejA= oauth_signature_base_string=GET&http%3A%2F%2Fapi.t.163.com%2Fsearch.json&oauth_consumer_key%3DEJ0GpH9mtU584qtY%26oauth_nonce%3D1981498615%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1297862125%26oauth_token%3D3d5ec3c98e57d20c40c458bfe6999d66%26oauth_version%3D1.0 oauth_problem=signature_invalid oauth_signature_method=HMAC-SHA1","error_code":"401"}
at t4j.http.HttpClient.httpRequest(HttpClient.java:514)
at t4j.http.HttpClient.get(HttpClient.java:497)
at t4j.TBlog.get(TBlog.java:949)
at t4j.TBlog.searchStatus(TBlog.java:773)
at _jsp._callback__jsp._jspService(_callback__jsp.java:46)
at com.caucho.jsp.JavaPage.service(JavaPage.java:61)
at com.caucho.jsp.Page.pageservice(Page.java:578)
at com.caucho.server.dispatch.PageFilterChain.doFilter(PageFilterChain.java:195)
at com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:187)
at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:265)
at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:273)
at com.caucho.server.port.TcpConnection.run(TcpConnection.java:682)
at com.caucho.util.ThreadPool$Item.runTasks(ThreadPool.java:743)
at com.caucho.util.ThreadPool$Item.run(ThreadPool.java:662)
at java.lang.Thread.run(Thread.java:662)
上面的提示是你的認(rèn)證沒通過,其實(shí)完全不是這么回事,你只要把那個(gè)搜索語句改一下就得了:
List<Status> list = tblog.searchStatus(java.net.URLEncoder.encode("情人節(jié)","UTF-8"));
到此,真的就都OK了,真的希望網(wǎng)易做事能徹底些,這些事其實(shí)如果有個(gè)好的例子,我也不用摸黑搞了兩天。
完整的開發(fā)程序的地址在這里:http://dl.dbank.com/c035vpc4d4
我的微博
http://t.sina.com.cn/1401900445