At the beginning the socialization networks were for me just a childish thing but I have figure out the power of social networks, that can be used not only to promote out applications but also to increase the number of users. Well when I am specking about social networks I am thinking first of all on Facebook. Facebook is “the social network ” of our days used by millions of user so try to imagine how cool wold be that this users would use and share our application. They are providing to developers a very powerful API that can be used to develop social application. OK but what’s a social application you may say ? well in big therms a social application is noting more than a application that you used together with you’re friends. Facebook expose services through they’re API that is available for JavaScript and PHP, but they don’t offer any support for Java. There is a community effort to implement a API for Java (see more on http://restfb.com/) but there are a lot of things to be implemented. One of the missing part for this is the login. So I will show you how to implement authentication for Facebook application wrote in Java but before that let’s say just two words about OAuth 2.0.
OAuth 2.0 protocol was made in 2006 and is used for authentication and authorization in the most of the web services from today ( in special REST service ) in two words you can authenticate users in Web applications via redirects, in Javascript or in desktop and mobile applications. Let’s take a look at the following schema (see more on http://www.ibm.com/developerworks/web/library/wa-oauthsupport/?ca=drs-) this schema may be referenced as tree legged OAuth dance. This protocol ensure a simple way to access some private resource with a access token. 
So enough with the theory now is time for practice:
/** * Authenticate on Facebook as user * * @param request * Servlet request * @param response * Servlet response * @param scope * Comma separated permissions * @see http://developers.facebook.com/docs/authentication/permissions * @throws IOException */ public void authenticateAsUser(String scope) throws IOException { log.info("Executing FB AUTH"); // 'extract' HTTP request and response HttpServletResponse httpResponse = (HttpServletResponse) response; // Check if the user is authenticated already if (getFacebookToken() != null) { log.info("User is already autheticated"); return; } // Get the code parameter posted by Facebook String code = request.getParameter("code"); // The callback URL String nextURL = fbAppCanvasURL; log.info(nextURL); // OAuth step 1 if (code == null) { log.info("Auth steph 1"); @SuppressWarnings("deprecation") String requestAdress = String .format("https://graph.facebook.com/oauth/authorize?client_id=%s&canvas=true&display=page&redirect_uri=%s&scope=%s", fbClientAppId, URLEncoder.encode(nextURL), scope); log.info(requestAdress); // Make a call to Facebook to invoke authentication // httpResponse.sendRedirect(requestAdress); String out = String .format("<script type=\"text/javascript\">\ntop.location.href = \"%s\";\n</script>", requestAdress); httpResponse.getWriter().print(out); httpResponse.flushBuffer(); log.info("End of steph 1"); } // OAuth step 2 // the 'code' parameter is sent in the 2'nd authentication phase // if we have the code param the we are in the 2'nd phase else { log.info("Auth steph 2"); // request URL to make the 2'nd call to Facebook @SuppressWarnings("deprecation") String requestAdress = String .format("https://graph.facebook.com/oauth/access_token?client_secret=%s&code=%s&client_id=%s&redirect_uri=%s", fbClientAppSecret, URLEncoder.encode(code), fbClientAppId, URLEncoder.encode(nextURL)); log.info(requestAdress); // The 2'nd phase doesen't involve the user interaction // so we can read the result directly on server with a stream reader URL requestURL = new URL(requestAdress); // Open a connection to Facebook BufferedReader in = new BufferedReader(new InputStreamReader( requestURL.openStream())); // Read the response and store the result in // resultString buffer String inputLine; StringBuilder resultString = new StringBuilder(); while ((inputLine = in.readLine()) != null) resultString.append(inputLine); // Close the connection stream in.close(); log.info("Response string:"); log.info(resultString.toString()); // fetch access token & expiration time from response string String[] params = resultString.toString().split("&"); params[0] = params[0].split("access_token=")[1]; // params[1] = params[1].split("expires=")[1]; // Store them in cookies log.info("Store them in cookies"); log.info(params[0]); httpResponse.addCookie(new Cookie("FB_ACCESS_TOKEN", params[0])); // httpResponse.addCookie(new Cookie("FB_EXPIRE", // params[1])); log.info("End of steph 2"); log.info("Exiting Facebook authentication"); } }
Facebook comments: