Can u please give me a working two-legged model sample ?
What do I need to change in Tonr sample ?

I just can't get it work.

Support for two-legged OAuth is added to the provider (sparklr) by adding "requiredToObtainAuthenticatedToken" to the <consumer> element.

If you need a consumer-side (tonr) example, I'm afraid one there isn't one right now. It's more than just a matter of configuration--you have to write code to "sign" the request (presumably using the CoreOAuthConsumerSupport).

If anybody comes up with an example, it would be appreciated.

Here is the code I wrote to make a webservice call with the 2-legged OAuth model.

My spring configuration is :
<http auto-config="true" entry-point-ref="oauthProcessingFilterEntryPoint" >
<intercept-url pattern="/ws/**" access="ROLE_OAUTH_USER" />
<intercept-url pattern="/oauth/**" access="ROLE_OAUTH_USER" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</http>

<user-service id="userService">
<user name="marissa" password="koala" authorities="ROLE_OAUTH_USER"/>
<user name="paul" password="emu" authorities="ROLE_OAUTH_USER,ROLE_ADMIN"/>
</user-service>


<oauth:provider consumer-details-service-ref="consumerDetails"
token-services-ref="tokenServices"
request-token-url="/oauth/request_token"
authenticate-token-url="/oauth/authorize"
authentication-failed-url="/oauth_error.jsp"
access-granted-url="/request_token_authorized.jsp"
access-token-url="/oauth/access_token"
require10a="false"/>

<oauth:consumer-details-service id="consumerDetails" >
<oauth:consumer name="2leggedModel"
key="consumer-key"
secret="consumer-secret"
typeOfSecret="shared"
resourceName="MyResource"
resourceDescription="My Resource description."
authorities="ROLE_OAUTH_USER"
requiredToObtainAuthenticatedToken="false" />
</oauth:consumer-details-service>

<oauth:token-services id="tokenServices" />


My consumer code calls a WebService :

public static String getUserInfo(OAuthConsumerToken accessToken) {
try {


String soapRequest =
"<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:arc=\"http://archi.company.fr\">\n" +
"<soapenv:Header/>\n" +
" <soapenv:Body>\n" +
" <arc:getUser>\n" +
" <userId>caronv</userId>\n" +
" </arc:getUser>\n" +
" </soapenv:Body>\n" +
"</soapenv:Envelope>\n";



URL url = new URL(SERVER_URL_RESOURCE);

// create an empty token for the 2-legged model
OAuthConsumerToken requestToken = new OAuthConsumerToken();

url = consumerSupport.configureURLForProtectedAccess(url , requestToken, "POST", null);


URLConnection conn = url.openConnection();
conn.setRequestProperty ( "Content-Type", "text/xml;charset=UTF-8");
conn.setRequestProperty ( "SOAPAction", "\"\"");
conn.setRequestProperty ( "Accept", "text/xml");


conn.setDoOutput(true);

OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());

wr.write(soapRequest );
wr.flush();
wr.close();

// Get the response
String userXML = "";

BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String line;
while ((line = rd.readLine()) != null) {
userXML += line;
}
rd.close();

return userXML;

}
catch (IOException e) {
throw new IllegalStateException(e);
}
}

Here is the code to create a consumersupport :

CoreOAuthConsumerSupport consumerSupport = new CoreOAuthConsumerSupport();
consumerSupport.setStreamHandlerFactory( new DefaultOAuthURLStreamHandlerFactory() );
consumerSupport.setProtectedResourceDetailsService ( new ProtectedResourceDetailsService() {


public ProtectedResourceDetails loadProtectedResourceDetailsById( String id ) throws IllegalArgumentException {
SignatureSecret secret = new SharedConsumerSecret( CONSUMER_SECRET );

BaseProtectedResourceDetails resourceDetails = new BaseProtectedResourceDetails();
resourceDetails.setId(id);
resourceDetails.setConsumerKey( CONSUMER_KEY );
resourceDetails.setSharedSecret( secret );
resourceDetails.setSignatureMethod( SIGNATURE_METHOD );
resourceDetails.setUse10a( false );
resourceDetails.setRequestTokenURL( SERVER_URL_OAUTH_REQUEST );
resourceDetails.setAccessTokenURL( SERVER_URL_OAUTH_ACCESS );
resourceDetails.setUserAuthorizationURL( SERVER_URL_OAUTH_AUTHZ );

return resourceDetails;
}
} );