java - Spring security with google Oauth -

java - Spring security with google Oauth -

i have been working on web application in have used google oauth , spring mvc. have implemented google oauth in user directed desired url if user authenticated google oauth. achieving functionality have used google gogleauthhelper class. here code

bundle com.mob.googleoauth; import java.io.ioexception; import java.security.securerandom; import java.util.arraylist; import java.util.arrays; import java.util.list; import javax.servlet.http.httpsession; import org.json.jsonexception; import org.json.jsonobject; import com.google.api.client.auth.oauth2.authorizationcoderequesturl; import com.google.api.client.auth.oauth2.credential; import com.google.api.client.auth.oauth2.tokenresponseexception; import com.google.api.client.googleapis.auth.oauth2.googleauthorizationcodeflow; import com.google.api.client.googleapis.auth.oauth2.googleauthorizationcoderequesturl; import com.google.api.client.googleapis.auth.oauth2.googletokenresponse; import com.google.api.client.http.genericurl; import com.google.api.client.http.httprequest; import com.google.api.client.http.httprequestfactory; import com.google.api.client.http.httptransport; import com.google.api.client.http.javanet.nethttptransport; import com.google.api.client.json.jsonfactory; import com.google.api.client.json.jackson.jacksonfactory; public final class googleauthhelper { private static final string client_id = ""; private static final string client_secret = " "; /** * callback uri google redirect after successful authentication */ private static final string callback_uri = "http://localhost:8080/orgchart/oauthredirect"; // private static final string hd = " "; // start google authentication constants private static final iterable<string> scope = arrays .aslist("https://www.googleapis.com/auth/userinfo.profile;https://www.googleapis.com/auth/userinfo.email" .split(";")); private static final string user_info_url = "https://www.googleapis.com/oauth2/v1/userinfo"; private static final jsonfactory json_factory = new jacksonfactory(); private static final httptransport http_transport = new nethttptransport(); // end google authentication constants private string statetoken; private final googleauthorizationcodeflow flow; /** * constructor initializes google authorization code flow client * id, secret, , scope */ public googleauthhelper() { system.out.println("google auth helper called"); flow = new googleauthorizationcodeflow.builder(http_transport, json_factory, client_id, client_secret, scope).build(); flow.newauthorizationurl().setapprovalprompt("force").setaccesstype("offline"); // authorizationcoderequesturl authorizationurl = flow // .newauthorizationurl().setredirecturi(callback_uri) // .setapprovalprompt("force").setaccesstype("offline"); generatestatetoken(); } /** * builds login url based on client id, secret, callback uri, , scope */ public string buildloginurl() { system.out.println("building uri called"); final googleauthorizationcoderequesturl url = flow .newauthorizationurl(); homecoming url.setredirecturi(callback_uri).setstate(statetoken).build(); } /** * generates secure state token */ private void generatestatetoken() { system.out.println("generated token called"); securerandom sr1 = new securerandom(); // system.out.println(sr1); statetoken = "google;" + sr1.nextint(); } /** * accessor state token */ public string getstatetoken() { system.out.println("gettoken called"); homecoming statetoken; } /** * expects authentication code, , makes authenticated request * user's profile info * * @return json formatted user profile info * @param authcode * authentication code provided google * @throws jsonexception */ @suppresswarnings("unchecked") public list getuserinfojson(final string authcode,httpsession session) throws ioexception, jsonexception { list ls = new arraylist(); try{ system.out.println("getuserinfojson called"); final googletokenresponse response = flow.newtokenrequest(authcode) .setredirecturi(callback_uri).execute(); session.setattribute("usertoken", response.getaccesstoken()); final credential credential = flow.createandstorecredential(response, null); final httprequestfactory requestfactory = http_transport .createrequestfactory(credential); // create authenticated request final genericurl url = new genericurl(user_info_url); final httprequest request = requestfactory.buildgetrequest(url); request.getheaders().setcontenttype("application/json"); final string jsonidentity = request.execute().parseasstring(); // system.out.println(jsonidentity); jsonobject object = new jsonobject(jsonidentity); string email = object.getstring("email"); string name = object.getstring("name"); string image = object.getstring("picture"); ls.add(email); ls.add(name); ls.add(picture); } catch(nullpointerexception e) { throw e; } grab (tokenresponseexception e) { throw e; } homecoming ls; } }

above works fine 1 time authenticating user , redirecting given url after application not secure. url in application not secure. want include spring security along google oauth. there detailed illustration that. have searched google , have not been successful. want working illustration spring security , google oauth. nay help

here giving few links. helpful me understanding purpose. hope help too. on this link can go desired category. considering spring security oauth, can check.

http://docs.spring.io/spring-security/oauth/

http://www.hsc.com/portals/0/uploads/articles/wp_securing_restful_webservices_oauth2635406646412464000.pdf

http://porterhead.blogspot.in/2014/05/securing-rest-services-with-spring.html

java spring spring-mvc oauth