The OAuth filter supports validating signed OAuth request that use the following algorithms: HMAC-SHA1 and RSA-SHA1. Sample usage via web.xml The follow example applies the OAuth filter to any HTTP PUT and POST requests that access resources exist in the path: /v1/gobLocale <filter> <filter-name>OAuthFilter</filter-name> <filter-class>com.ign.oauth.filter.OAuthFilter</filter-class> <init-param> <param-name>httpMethods</param-name> <param-value>PUT,POST</param-value> </init-param> </filter> <filter-mapping> <filter-name>OAuthFilter</filter-name> <url-pattern>/v1/gobLocale/*</url-pattern> </filter-mapping> Note The OAuthFilter must be declared before the Google GuiceFilter, com.google.inject.servlet.GuiceFilter, if it exist in the web.xml file. Customization The current implementation access the consumer data (key/secret/rsakey) via the table, OAUTH_CONSUMER, from the database (datasource=OAuth). If this is not desirable one can modify the persistence.xml file in the project accordingly.