In order for you to get the callback, you have to have enough control of your machine to run a listener process that can receive HTTP requests from Box. Box will call out to you over http only to a localhost address. You have to use https for any other callback than localhost addresses.
The Box SDK handles the OAuth stuff for you. You shouldn't need the
import org.scribe.model.*;
import org.scribe.oauth.OAuthService;
You also have to configure your Box application to point at whatever address you want it to call out to you for. I strongly recommend localhost to get started with, since that will just work on most computers, and doesn't require you setting up SSL certs. I just updated the instructions for the helloWorld example. Hopefully that helps a little.