Instead, use the CommonsHttpOAuth * classes, since they are meant to be used with Apache Commons HTTP (that's what Android uses for HTTP anyway). IMPORTANT: Do NOT use the DefaultOAuth * implementations on Android, since there's a bug in Android's that keeps it from working with some service providers. Both objects are also serializable, so you can persist and restore them later. Signpost objects are very lightweight, so you are adviced to create an OAuthConsumer and OAuthProvider for every thread in your application that must send signed HTTP requests.
Signpost is not thread safe and probably will never be. If that doesn't work for your setup, Signpost is probably not the best choice for you. Trading in rarely used features for more simplicity and ease of use was a design decision. I believe that even with those restrictions in place, Signpost will work for the majority of its users.
Writing OAuth protocol params to the WWW-Authenticate header field.Message signing using the PLAINTEXT and HMAC-SHA1 methods is supported, however. Message signing using public key encryption (as per section 9.3) is currently unsupported.In order to reduce API and implementation complexity, Signpost does currently not support the following things:
Signpost com download#
Apart from the core module, which you always need, you can download additional modules to support other HTTP messaging libraries than the one coming with the standard Java platform (which would be ).Īpart from HttpURLConnection, Signpost currently has modules for Apache Commons HTTP version 4, and Jetty HTTP Client version 6. Since version 1.1, Signpost comes in modules. This means that all the power and flexibility of the underlying HTTP engine is still at your fingertips! Modularity Instead, you simply pass an HttpRequest object to it, and Signpost will sign the message using the credentials it was configured with. Unlike other implementations, Signpost does not wrap the entire HTTP layer and hides its features from the client. Signpost tries to be as unobtrusive as possible. Everything else is beyond the scope of the OAuth specification, and is thus left to the HTTP messaging layer, where it belongs.įor more exhaustive examples, please refer to GettingStarted. Signpost exposes a minimalistic API designed for two purposes: Signing HTTP messages and requesting tokens from an OAuth service provider. sign the request (consumer is a Signpost DefaultOAuthConsumer) consumer. HttpURLConnection request = ( HttpURLConnection) url. create an HTTP request to a protected resource URL url = new URL( "")
0 kommentar(er)
