Java Reference
In-Depth Information
Depending on the REST service you're using, different authentication schemes can be used:
➤
Sending a username and password with every request as an URL parameter. You then send
requests to the following URL, for instance:
http://www.example.com/books/B101?usern
➤
Sending a so‐called “key” with every request as an URL parameter. This is a secret “pass-
word” given to you by the service provider. You then send requests to the following URL, for
➤
Username/password or key‐based authentication schemes where the key is sent in an HTTP
header.
➤
Username/password or key‐based authentication schemes using HTTP cookies. Users then
first authenticate once and send the given cookie in each of the subsequent requests.
➤
RESTful services using middleware—such as OAuth—to handle authentication; this is espe-
cially helpful when you need more fine‐grained authentication (instead of just allowing or
disallowing requests).
URL parameter and cookie‐based authentication is becoming quite rare in modern REST services.
The reason for this is that keys and passwords can be stolen by intercepting network traffic, espe-
cially when services are exposed over non‐secured HTTP connections.
For all of the authentication schemes mentioned previously, Java's built‐in
HttpUrlConnection
class
will work fine (just add the URL parameters in the URL you request). When you need to work with
cookies, you can use the
java.net.CookieManager
class to help out—in the “Screen Scraping” sec-
tion that follows, there is an example on how to use this class. However, for REST services using
OAuth, you might want to resort to another library to handle the authentication aspect for you, as
doing this step manually is somewhat complex.
To this end, these examples will use Google's Java OAuth Client Library. This library is built on
top of Google's HTTP Library for Java, which in turn can wrap using
HttpUrlConnection
or the
Apache HTTP Client Library for Java, an alternative third‐party class to communicate with HTTP
servers. To set up this library, navigate to
https://code.google.com/p/google-oauth-java-
zip
is used here). Extract this ZIP file somewhere. Next, create a new folder in your Eclipse project
(this topic continues to use
RESTWithJava
, but you can create a new one) named
google-http
.
Next, drag and copy the contents of the
libs
folder in the extracted ZIP to this folder. Finally, add
all the JAR files in the
google-http
folder to the build path in Eclipse.
Twitter's REST service is used here to build a sample client. Twitter is a social networking ser-
vice that enables users to send and read short messages, called “tweets.” Take a look at Twitter's
documentation lists a number of resources that can be accessed using only
GET
and
POST
HTTP
requests. For example, the page on “statuses/home_timeline”—see
https://dev.twitter.com/
docs/api/1.1/get/statuses/home_timeline
—mentions that this resource can be used to
return a collection of tweets posted by the authenticated user and the users they follow. The page
mentions that accessing this resource requires a “user context.” The page also lists parameters
that can be submitted with the request and an example request message. Try to open the URL
Search WWH ::
Custom Search