We’ll expand our Lunch Roulette application from the previous chapter to include authentication. This is a required step for activating a Glass application.
The crux of our authorization process is threefold:
Filter all incoming requests and redirect a request to be authorized if no user is in session or no credentials are stored.
Provide an OAuth 2.0 endpoint servlet. This does the real heavy lifting. It can act as either the redirect to the Google authorization server or the callback accepting and storing Google Accounts’ responding auth code. It is also responsible for requesting the initial access token with the given authorization grant (a ‘code‘ parameter).
Provide a logout servlet to remove stored ...