You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2021/09/23 10:45:15 UTC
[cxf] branch master updated: CXF-8599 - Remove OAuth 1 functionality
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 1b6adcb CXF-8599 - Remove OAuth 1 functionality
1b6adcb is described below
commit 1b6adcb32f93d708d817cabf2cc63973fbc069de
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Sep 23 11:44:54 2021 +0100
CXF-8599 - Remove OAuth 1 functionality
---
distribution/javadoc/pom.xml | 10 -
.../src/main/release/samples/oauth/README.txt | 53 ----
.../src/main/release/samples/oauth/client/pom.xml | 105 --------
.../AuthorizeResourceOwnerController.java | 52 ----
.../client/controllers/CallbackURLController.java | 61 -----
.../GetProtectedResourceController.java | 136 ----------
.../TemporaryCredentialsController.java | 121 ---------
.../client/controllers/TokenRequestController.java | 111 --------
.../main/java/demo/oauth/client/model/Common.java | 38 ---
.../java/demo/oauth/client/model/OAuthParams.java | 210 ---------------
.../src/main/webapp/WEB-INF/spring-servlet.xml | 32 ---
.../src/main/webapp/WEB-INF/views/accessToken.jsp | 93 -------
.../WEB-INF/views/authorizeResourceOwner.jsp | 73 -----
.../webapp/WEB-INF/views/temporaryCredentials.jsp | 83 ------
.../src/main/webapp/WEB-INF/views/tokenRequest.jsp | 92 -------
.../oauth/client/src/main/webapp/WEB-INF/web.xml | 40 ---
.../samples/oauth/client/src/main/webapp/index.jsp | 20 --
.../src/main/release/samples/oauth/server/pom.xml | 127 ---------
.../src/main/java/demo/oauth/server/ClientApp.java | 60 -----
.../main/java/demo/oauth/server/CustomAuth.java | 40 ---
.../demo/oauth/server/SampleResourceProvider.java | 53 ----
.../server/controllers/ApplicationController.java | 146 ----------
.../controllers/MemoryOAuthDataProvider.java | 182 -------------
.../server/controllers/OAuthClientManager.java | 36 ---
.../controllers/SampleOAuthDataProvider.java | 85 ------
.../spring/AuthenticationFailureHandler.java | 59 ----
.../spring/AuthenticationSuccessfullHandler.java | 75 ------
.../spring/SpringOAuthAuthenticationFilter.java | 72 -----
.../spring/SpringSecurityExceptionMapper.java | 31 ---
.../server/src/main/webapp/WEB-INF/oauth-beans.xml | 57 ----
.../src/main/webapp/WEB-INF/security-beans.xml | 62 -----
.../src/main/webapp/WEB-INF/spring-servlet.xml | 32 ---
.../webapp/WEB-INF/views/authorizedClientsList.jsp | 63 -----
.../main/webapp/WEB-INF/views/clientDetails.jsp | 63 -----
.../main/webapp/WEB-INF/views/displayVerifier.jsp | 36 ---
.../main/webapp/WEB-INF/views/newClientForm.jsp | 70 -----
.../webapp/WEB-INF/views/registeredClientsList.jsp | 69 -----
.../oauth/server/src/main/webapp/WEB-INF/web.xml | 82 ------
.../samples/oauth/server/src/main/webapp/index.jsp | 78 ------
.../oauth/server/src/main/webapp/oAuthLogin.jsp | 106 --------
distribution/src/main/release/samples/pom.xml | 2 -
parent/pom.xml | 1 -
rt/rs/security/oauth-parent/oauth/pom.xml | 69 -----
.../rs/security/oauth/client/OAuthClientUtils.java | 281 -------------------
.../cxf/rs/security/oauth/data/AccessToken.java | 35 ---
.../oauth/data/AccessTokenRegistration.java | 37 ---
.../rs/security/oauth/data/AuthorizationInput.java | 45 ----
.../apache/cxf/rs/security/oauth/data/Client.java | 185 -------------
.../oauth/data/OAuthAuthorizationData.java | 123 ---------
.../cxf/rs/security/oauth/data/OAuthContext.java | 47 ----
.../rs/security/oauth/data/OAuthPermission.java | 65 -----
.../cxf/rs/security/oauth/data/Permission.java | 69 -----
.../cxf/rs/security/oauth/data/RequestToken.java | 91 -------
.../oauth/data/RequestTokenRegistration.java | 74 -----
.../apache/cxf/rs/security/oauth/data/Token.java | 131 ---------
.../cxf/rs/security/oauth/data/UserSubject.java | 50 ----
.../security/oauth/filters/AbstractAuthFilter.java | 299 ---------------------
.../cxf/rs/security/oauth/filters/OAuthInfo.java | 55 ----
.../security/oauth/filters/OAuthRequestFilter.java | 61 -----
.../security/oauth/filters/OAuthServletFilter.java | 93 -------
.../oauth/provider/DefaultOAuthValidator.java | 60 -----
.../oauth/provider/MD5SequenceGenerator.java | 36 ---
.../security/oauth/provider/OAuthDataProvider.java | 100 -------
.../oauth/provider/OAuthServiceException.java | 40 ---
.../oauth/services/AbstractOAuthService.java | 63 -----
.../oauth/services/AccessTokenHandler.java | 115 --------
.../oauth/services/AccessTokenService.java | 56 ----
.../services/AuthorizationRequestHandler.java | 247 -----------------
.../services/AuthorizationRequestService.java | 82 ------
.../oauth/services/OAuthDefaultServices.java | 113 --------
.../oauth/services/OOBAuthorizationResponse.java | 46 ----
.../oauth/services/OOBResponseProvider.java | 96 -------
.../oauth/services/RequestTokenHandler.java | 157 -----------
.../oauth/services/RequestTokenService.java | 55 ----
.../rs/security/oauth/utils/OAuthConstants.java | 50 ----
.../cxf/rs/security/oauth/utils/OAuthUtils.java | 287 --------------------
.../rs/security/oauth/utils/OAuthUtilsTest.java | 38 ---
rt/rs/security/oauth-parent/pom.xml | 1 -
systests/rs-security/pom.xml | 6 -
.../security/oauth/MemoryOAuthDataProvider.java | 168 ------------
.../systest/jaxrs/security/oauth/OAuthServer.java | 68 -----
.../jaxrs/security/oauth/OAuthTestUtils.java | 71 -----
.../oauth/TemporaryCredentialServiceTest.java | 71 -----
83 files changed, 6853 deletions(-)
diff --git a/distribution/javadoc/pom.xml b/distribution/javadoc/pom.xml
index cb77e48..54bddb1 100644
--- a/distribution/javadoc/pom.xml
+++ b/distribution/javadoc/pom.xml
@@ -82,11 +82,6 @@
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-rs-security-oauth</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-security-oauth2</artifactId>
<version>${project.version}</version>
</dependency>
@@ -382,11 +377,6 @@
<artifactId>olingo-odata2-core</artifactId>
</dependency>
<dependency>
- <groupId>net.oauth.core</groupId>
- <artifactId>oauth-provider</artifactId>
- <version>${cxf.oauth.version}</version>
- </dependency>
- <dependency>
<groupId>org.codehaus.jettison</groupId>
<artifactId>jettison</artifactId>
</dependency>
diff --git a/distribution/src/main/release/samples/oauth/README.txt b/distribution/src/main/release/samples/oauth/README.txt
deleted file mode 100644
index 66ad999..0000000
--- a/distribution/src/main/release/samples/oauth/README.txt
+++ /dev/null
@@ -1,53 +0,0 @@
-OAuth 1.0a demo (client and server)
-========================================
-OAuth 1.0a demo that shows the protocol's flow between OAuth parties. The demo
-contains two parts:
-
- * client: A web application capable of making OAuth-authenticated requests.
- It is a usual OAuth client, not dependent on Apache CXF framework, built to
- test this demo server part and for OAuth educational purposes.
- The implementation works with any OAuth 1.0a providers, not only that
- included in this demo.
-
- * server: A web application capable of accepting OAuth-authenticated requests.
- It is based on the Apache CXF OAuth module. It exposes OAuth endpoints and
- protected resources in the form of JAX-RS services. The Server demo shows
- and explains how the CXF OAuth module can be configured to secure JAX-RS
- services and integrated with existing web applications.
-
-Building and running the demo using maven
----------------------------------------
-
- * client: Main directory of client demo application is located in folder:
- "client", in the base folder of this sample. To start the demo app use the
- maven command:
-
- mvn jetty:run
-
- It will start the Jetty web server and deploy the client application at the
- local host on port 8080. This port number is defined in the pom.xml.
-
- * server: Main directory of server demo application is located in folder:
- "server", in the base folder of this sample. To start the demo app use the
- maven command:
-
- mvn jetty:run
-
- It will start the Jetty web server and deploy the client application at the
- local host on port 8081. This port number is defined in the pom.xml.
-
-Performing steps in the OAuth flow
------------------------------
-When you have successfully deployed the client and server, follow these steps:
-
- 1. Go to the OAuth server (http://localhost:8081) and login with the given
- username and password
- 2. Provide details and register new application at the OAuth server.
- 3. You have registered the client application at the OAuth server, with
- associated and displayed client identifier, client shared-secret and
- callback url. You will need those on the client side.
- 4. Go to OAuth client demo (http://localhost:8080) and provide information
- about the registered application.
- 5. Perform usual OAuth 1.0 flow steps
-
-
diff --git a/distribution/src/main/release/samples/oauth/client/pom.xml b/distribution/src/main/release/samples/oauth/client/pom.xml
deleted file mode 100644
index 4eeb7bc..0000000
--- a/distribution/src/main/release/samples/oauth/client/pom.xml
+++ /dev/null
@@ -1,105 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
- -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <artifactId>oauth_demo-client</artifactId>
- <name>OAuth 1.0a client</name>
- <url>https://cxf.apache.org</url>
- <packaging>war</packaging>
- <parent>
- <groupId>org.apache.cxf.samples</groupId>
- <artifactId>cxf-samples</artifactId>
- <version>3.5.0-SNAPSHOT</version>
- <relativePath>../../pom.xml</relativePath>
- </parent>
- <build>
- <finalName>oauth_1.0a_client</finalName>
- <plugins>
- <plugin>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>jetty-maven-plugin</artifactId>
- <version>7.4.5.v20110725</version>
- <configuration>
- <webAppConfig>
- <contextPath>/</contextPath>
- </webAppConfig>
- <connectors>
- <connector implementation="org.eclipse.jetty.server.nio.SelectChannelConnector">
- <port>8080</port>
- <maxIdleTime>60000</maxIdleTime>
- </connector>
- </connectors>
- <scanIntervalSeconds>10</scanIntervalSeconds>
- </configuration>
- </plugin>
- </plugins>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-web</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-webmvc</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-beans</artifactId>
- </dependency>
- <dependency>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- <version>1.2</version>
- </dependency>
- <dependency>
- <groupId>net.oauth.core</groupId>
- <artifactId>oauth-consumer</artifactId>
- <version>20100527</version>
- </dependency>
- <dependency>
- <groupId>net.oauth.core</groupId>
- <artifactId>oauth-provider</artifactId>
- <version>20100527</version>
- </dependency>
- <dependency>
- <groupId>jakarta.servlet</groupId>
- <artifactId>jakarta.servlet-api</artifactId>
- </dependency>
- <dependency>
- <artifactId>standard</artifactId>
- <groupId>taglibs</groupId>
- <version>1.1.2</version>
- <type>jar</type>
- <scope>runtime</scope>
- </dependency>
- </dependencies>
- <repositories>
- <repository>
- <id>oauth</id>
- <name>OAuth Repository</name>
- <url>https://oauth.googlecode.com/svn/code/maven/</url>
- </repository>
- </repositories>
-</project>
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/AuthorizeResourceOwnerController.java b/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/AuthorizeResourceOwnerController.java
deleted file mode 100644
index d11db01..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/AuthorizeResourceOwnerController.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.client.controllers;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.RequestMapping;
-
-import demo.oauth.client.model.OAuthParams;
-
-
-@Controller
-public class AuthorizeResourceOwnerController {
-
- @RequestMapping("/authorizeResourceOwner")
- public void handleRequest(@ModelAttribute(value = "oAuthParams") OAuthParams oAuthParams,
- HttpServletResponse response) throws Exception {
-
- String oauthToken = oAuthParams.getOauthToken();
- String resourceOwnerAuthorizationEndpoint = oAuthParams.getResourceOwnerAuthorizationEndpoint();
- if (resourceOwnerAuthorizationEndpoint == null || "".equals(resourceOwnerAuthorizationEndpoint)) {
- oAuthParams.setErrorMessage("Missing resource owner authorization URI");
- }
-
- if (oauthToken == null || "".equals(oauthToken)) {
- oAuthParams.setErrorMessage("Missing oauth token");
- }
-
- response
- .sendRedirect(
- new StringBuilder().append(resourceOwnerAuthorizationEndpoint).
- append("?oauth_token=").append(oauthToken).toString());
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/CallbackURLController.java b/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/CallbackURLController.java
deleted file mode 100644
index 69d714a..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/CallbackURLController.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.client.controllers;
-
-import javax.servlet.http.HttpServletRequest;
-
-import net.oauth.OAuth;
-import net.oauth.OAuthMessage;
-import net.oauth.OAuthProblemException;
-import net.oauth.server.OAuthServlet;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.servlet.ModelAndView;
-
-import demo.oauth.client.model.Common;
-import demo.oauth.client.model.OAuthParams;
-
-
-
-@Controller
-public class CallbackURLController {
-
- @RequestMapping("/callback")
- protected ModelAndView handleRequest(@ModelAttribute("oAuthParams") OAuthParams oAuthParams,
- HttpServletRequest request) throws Exception {
-
- OAuthMessage message = OAuthServlet.getMessage(request, request.getRequestURL().toString());
-
- try {
- message.requireParameters(OAuth.OAUTH_TOKEN, OAuth.OAUTH_VERIFIER);
- oAuthParams.setOauthToken(message.getToken());
- oAuthParams.setOauthVerifier(message.getParameter(OAuth.OAUTH_VERIFIER));
-
- oAuthParams.setClientID(Common.findCookieValue(request, "clientID"));
- oAuthParams.setClientSecret(Common.findCookieValue(request, "clientSecret"));
- } catch (OAuthProblemException e) {
- oAuthParams.setErrorMessage("OAuth problem: " + e.getProblem() + e.getParameters().toString());
- }
-
-
- return new ModelAndView("tokenRequest");
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/GetProtectedResourceController.java b/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/GetProtectedResourceController.java
deleted file mode 100644
index e68297b..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/GetProtectedResourceController.java
+++ /dev/null
@@ -1,136 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.client.controllers;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.UUID;
-import javax.servlet.http.HttpServletRequest;
-
-import net.oauth.OAuth;
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
-import net.oauth.OAuthMessage;
-import net.oauth.OAuthServiceProvider;
-import net.oauth.ParameterStyle;
-import net.oauth.client.OAuthClient;
-import net.oauth.client.OAuthResponseMessage;
-import net.oauth.client.URLConnectionClient;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.servlet.ModelAndView;
-
-import demo.oauth.client.model.OAuthParams;
-
-@Controller
-public class GetProtectedResourceController {
-
- @RequestMapping("/getProtectedResource")
- protected ModelAndView handleRequest(@ModelAttribute("oAuthParams") OAuthParams oAuthParams,
- HttpServletRequest request)
- throws Exception {
-
- OAuthServiceProvider provider = new OAuthServiceProvider(
- oAuthParams.getTemporaryCredentialsEndpoint(),
- oAuthParams.getResourceOwnerAuthorizationEndpoint(), null);
-
- OAuthConsumer consumer = new OAuthConsumer(null, oAuthParams.getClientID(),
- oAuthParams.getClientSecret(),
- provider);
- OAuthAccessor accessor = new OAuthAccessor(consumer);
- accessor.requestToken = oAuthParams.getOauthToken();
- accessor.tokenSecret = oAuthParams.getOauthTokenSecret();
-
- Map<String, String> parameters = new HashMap<>();
- parameters.put(OAuth.OAUTH_SIGNATURE_METHOD, oAuthParams.getSignatureMethod());
- parameters.put(OAuth.OAUTH_NONCE, UUID.randomUUID().toString());
- parameters.put(OAuth.OAUTH_TIMESTAMP, String.valueOf(System.currentTimeMillis() / 1000));
- parameters.put(OAuth.OAUTH_TOKEN, oAuthParams.getOauthToken());
- parameters.put(OAuth.OAUTH_CONSUMER_KEY, oAuthParams.getClientID());
-
- OAuthMessage msg = null;
- String method = request.getParameter("op");
-
-
- if ("GET".equals(method)) {
- msg = accessor
- .newRequestMessage(OAuthMessage.GET, oAuthParams.getGetResourceURL(), parameters.entrySet());
- } else {
- msg = accessor
- .newRequestMessage(OAuthMessage.POST, oAuthParams.getPostResourceURL(),
- parameters.entrySet());
- }
-
-
- OAuthClient client = new OAuthClient(new URLConnectionClient());
-
- msg = client.access(msg, ParameterStyle.QUERY_STRING);
-
- StringBuilder bodyBuffer = readBody(msg);
-
- oAuthParams.setResourceResponse(bodyBuffer.toString());
- String authHeader = msg.getHeader("WWW-Authenticate");
- String oauthHeader = msg.getHeader("OAuth");
- String header = "";
-
- if (authHeader != null) {
- header += "WWW-Authenticate:" + authHeader;
- }
-
- if (oauthHeader != null) {
- header += "OAuth:" + oauthHeader;
- }
-
- oAuthParams.setHeader(header);
- oAuthParams.setResponseCode(((OAuthResponseMessage)msg).getHttpResponse().getStatusCode());
-
- return new ModelAndView("accessToken");
- }
-
- private StringBuilder readBody(OAuthMessage msg) throws IOException {
- StringBuilder body = new StringBuilder();
- InputStream responseBody = null;
- BufferedReader br = null;
- try {
- responseBody = msg.getBodyAsStream();
- if (responseBody != null) {
- br = new BufferedReader(new InputStreamReader(responseBody));
- String buf;
- while ((buf = br.readLine()) != null) {
- body.append(buf);
- }
- }
- } finally {
- if (br != null) {
- br.close();
- }
- if (responseBody != null) {
- responseBody.close();
- }
- }
- return body;
- }
-
-}
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/TemporaryCredentialsController.java b/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/TemporaryCredentialsController.java
deleted file mode 100644
index a78da7e..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/TemporaryCredentialsController.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.client.controllers;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.UUID;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-
-import net.oauth.OAuth;
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
-import net.oauth.OAuthMessage;
-import net.oauth.OAuthServiceProvider;
-import net.oauth.ParameterStyle;
-import net.oauth.client.OAuthClient;
-import net.oauth.client.URLConnectionClient;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.servlet.ModelAndView;
-
-import demo.oauth.client.model.OAuthParams;
-
-@Controller
-public class TemporaryCredentialsController {
-
- @RequestMapping("/handleTemporaryCredentials")
- public ModelAndView handleRequest(@ModelAttribute(value = "oAuthParams") OAuthParams oAuthParams,
- HttpServletResponse response) {
-
- OAuthServiceProvider provider;
- OAuthConsumer consumer;
- OAuthAccessor accessor;
-
- OAuthClient client = new OAuthClient(new URLConnectionClient());
-
- oAuthParams.setErrorMessage(null);
- String temporaryCredentialsEndpointUrl = oAuthParams.getTemporaryCredentialsEndpoint();
- if (temporaryCredentialsEndpointUrl == null || "".equals(temporaryCredentialsEndpointUrl)) {
- oAuthParams.setErrorMessage("Missing temporary credentials endpoint url");
- }
- String clientId = oAuthParams.getClientID();
- if (clientId == null || "".equals(clientId)) {
- oAuthParams.setErrorMessage("Missing client identifier");
- }
- String secret = oAuthParams.getClientSecret();
- if (secret == null || "".equals(secret)) {
- oAuthParams.setErrorMessage("Missing client shared-secret");
- }
-
- if (oAuthParams.getErrorMessage() == null) {
- provider = new OAuthServiceProvider(temporaryCredentialsEndpointUrl,
- oAuthParams.getResourceOwnerAuthorizationEndpoint(), oAuthParams.getTokenRequestEndpoint());
- consumer = new OAuthConsumer(null, clientId,
- secret,
- provider);
- accessor = new OAuthAccessor(consumer);
-
- Map<String, String> parameters = new HashMap<>();
- parameters.put(OAuth.OAUTH_SIGNATURE_METHOD, oAuthParams.getSignatureMethod());
- parameters.put(OAuth.OAUTH_NONCE, UUID.randomUUID().toString());
- parameters.put(OAuth.OAUTH_TIMESTAMP, String.valueOf(System.currentTimeMillis() / 1000));
- parameters.put(OAuth.OAUTH_CALLBACK, oAuthParams.getCallbackURL());
- parameters.put("realm", "private");
- parameters.put("scope", "read_info modify_info");
-
-
- try {
- accessor.consumer
- .setProperty(OAuthClient.PARAMETER_STYLE, ParameterStyle.AUTHORIZATION_HEADER);
- client.getRequestToken(accessor, OAuthMessage.POST, parameters.entrySet());
- } catch (Exception e) {
- oAuthParams.setErrorMessage(e.toString());
- }
-
- oAuthParams.setOauthToken(accessor.requestToken);
- oAuthParams.setOauthTokenSecret(accessor.tokenSecret);
- Cookie cId = new Cookie("clientID", oAuthParams.getClientID());
- Cookie cSec = new Cookie("clientSecret", oAuthParams.getClientSecret());
- Cookie tokenSec = new Cookie("tokenSec", accessor.tokenSecret);
- response.addCookie(cId);
- response.addCookie(cSec);
- response.addCookie(tokenSec);
- }
-
- ModelAndView modelAndView = new ModelAndView();
- if (oAuthParams.getErrorMessage() != null) {
- modelAndView.setViewName("temporaryCredentials");
- } else {
- modelAndView.setViewName("authorizeResourceOwner");
- }
-
- return modelAndView;
- }
-
- @RequestMapping("/temporaryCredentials")
- public ModelAndView handleInternalRequest(
- @ModelAttribute(value = "oAuthParams") OAuthParams oAuthParams) {
- return new ModelAndView("temporaryCredentials");
- }
-
-}
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/TokenRequestController.java b/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/TokenRequestController.java
deleted file mode 100644
index 1a1ed06..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/controllers/TokenRequestController.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.client.controllers;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.UUID;
-import javax.servlet.http.HttpServletRequest;
-
-import net.oauth.OAuth;
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
-import net.oauth.OAuthMessage;
-import net.oauth.OAuthServiceProvider;
-import net.oauth.client.OAuthClient;
-import net.oauth.client.URLConnectionClient;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.servlet.ModelAndView;
-
-import demo.oauth.client.model.Common;
-import demo.oauth.client.model.OAuthParams;
-
-
-@Controller
-public class TokenRequestController {
-
- @RequestMapping("/tokenRequest")
- protected ModelAndView handleRequest(@ModelAttribute("oAuthParams") OAuthParams oAuthParams,
- HttpServletRequest request)
- throws Exception {
-
- String oauthToken = oAuthParams.getOauthToken();
-
- String tokenRequestEndpoint = oAuthParams.getTokenRequestEndpoint();
- String clientID = oAuthParams.getClientID();
-
- if (tokenRequestEndpoint == null || "".equals(tokenRequestEndpoint)) {
- oAuthParams.setErrorMessage("Missing token request URI");
- }
-
- if (clientID == null || "".equals(clientID)) {
- oAuthParams.setErrorMessage("Missing consumer key");
- }
-
- if (oauthToken == null || "".equals(oauthToken)) {
- oAuthParams.setErrorMessage("Missing oauth token");
- }
-
- String verifier = oAuthParams.getOauthVerifier();
- if (verifier == null || "".equals(verifier)) {
- oAuthParams.setErrorMessage("Missing oauth verifier");
- }
-
- if (oAuthParams.getErrorMessage() == null) {
- OAuthClient client = new OAuthClient(new URLConnectionClient());
- OAuthServiceProvider provider = new OAuthServiceProvider(
- oAuthParams.getTemporaryCredentialsEndpoint(),
- oAuthParams.getResourceOwnerAuthorizationEndpoint(), tokenRequestEndpoint);
-
- OAuthConsumer consumer = new OAuthConsumer(null, clientID,
- oAuthParams.getClientSecret(),
- provider);
- OAuthAccessor accessor = new OAuthAccessor(consumer);
- accessor.requestToken = oauthToken;
- accessor.tokenSecret = Common.findCookieValue(request, "tokenSec");
-
- Map<String, String> parameters = new HashMap<>();
- parameters.put(OAuth.OAUTH_SIGNATURE_METHOD, oAuthParams.getSignatureMethod());
- parameters.put(OAuth.OAUTH_NONCE, UUID.randomUUID().toString());
- parameters.put(OAuth.OAUTH_TIMESTAMP, String.valueOf(System.currentTimeMillis() / 1000));
- parameters.put(OAuth.OAUTH_TOKEN, oauthToken);
- parameters.put(OAuth.OAUTH_VERIFIER, oAuthParams.getOauthVerifier());
-
-
- try {
- client.getAccessToken(accessor, OAuthMessage.GET, parameters.entrySet());
- oAuthParams.setOauthToken(accessor.accessToken);
- } catch (Exception e) {
- oAuthParams.setErrorMessage(e.toString());
- oAuthParams.setOauthToken(oauthToken);
- return new ModelAndView("tokenRequest");
- }
- oAuthParams.setOauthTokenSecret(accessor.tokenSecret);
- }
-
- oAuthParams.setClientID(Common.findCookieValue(request, "clientID"));
- oAuthParams.setClientSecret(Common.findCookieValue(request, "clientSecret"));
-
- return new ModelAndView("accessToken");
- }
-
-}
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/model/Common.java b/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/model/Common.java
deleted file mode 100644
index 6287a85..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/model/Common.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.client.model;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-
-public final class Common {
- private Common() {
- }
-
- public static String findCookieValue(HttpServletRequest request, String key) {
- Cookie[] cookies = request.getCookies();
-
- for (Cookie cooky : cookies) {
- if (cooky.getName().equals(key)) {
- return cooky.getValue();
- }
- }
- return "";
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/model/OAuthParams.java b/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/model/OAuthParams.java
deleted file mode 100644
index 45918d2..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/java/demo/oauth/client/model/OAuthParams.java
+++ /dev/null
@@ -1,210 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.client.model;
-
-import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.List;
-
-public class OAuthParams implements Serializable {
- private String temporaryCredentialsEndpoint = "http://localhost:8081/auth/oauth/initiate";
- private String resourceOwnerAuthorizationEndpoint = "http://localhost:8081/auth/oauth/authorize";
- private String tokenRequestEndpoint = "http://localhost:8081/auth/oauth/token";
- private String getResourceURL = "http://localhost:8081/auth/resources/person/get/john";
- private String postResourceURL = "http://localhost:8081/auth/resources/person/modify/john";
-
- private String callbackURL = "http://localhost:8080/app/callback";
-
- private String clientID = "12345678";
- private String clientSecret = "secret";
- private String signatureMethod;
-
- private String oauthToken;
- private String oauthTokenSecret;
- private String oauthVerifier;
-
- private String errorMessage;
- private String resourceResponse;
- private String header;
- private Integer responseCode;
-
- private List<SignatureMethod> methods = new ArrayList<>();
-
- public OAuthParams() {
- methods.add(new SignatureMethod("HMAC-SHA1"));
- }
-
- public OAuthParams(String clientSecret, String clientID) {
- super();
- this.clientSecret = clientSecret;
- this.clientID = clientID;
- }
-
- public String getClientSecret() {
- return clientSecret;
- }
-
- public void setClientSecret(String clientSecret) {
- this.clientSecret = clientSecret;
- }
-
- public String getClientID() {
- return clientID;
- }
-
- public void setClientID(String clientID) {
- this.clientID = clientID;
- }
-
- public String getSignatureMethod() {
- return signatureMethod;
- }
-
- public void setSignatureMethod(String signatureMethod) {
- this.signatureMethod = signatureMethod;
- }
-
- public String getTemporaryCredentialsEndpoint() {
- return temporaryCredentialsEndpoint;
- }
-
- public void setTemporaryCredentialsEndpoint(String temporaryCredentialsEndpoint) {
- this.temporaryCredentialsEndpoint = temporaryCredentialsEndpoint;
- }
-
- public String getOauthToken() {
- return oauthToken;
- }
-
- public void setOauthToken(String oauthToken) {
- this.oauthToken = oauthToken;
- }
-
- public String getOauthTokenSecret() {
- return oauthTokenSecret;
- }
-
- public void setOauthTokenSecret(String oauthTokenSecret) {
- this.oauthTokenSecret = oauthTokenSecret;
- }
-
- public String getResourceOwnerAuthorizationEndpoint() {
- return resourceOwnerAuthorizationEndpoint;
- }
-
- public void setResourceOwnerAuthorizationEndpoint(String resourceOwnerAuthorizationEndpoint) {
- this.resourceOwnerAuthorizationEndpoint = resourceOwnerAuthorizationEndpoint;
- }
-
- public String getTokenRequestEndpoint() {
- return tokenRequestEndpoint;
- }
-
- public void setTokenRequestEndpoint(String tokenRequestEndpoint) {
- this.tokenRequestEndpoint = tokenRequestEndpoint;
- }
-
- public String getOauthVerifier() {
- return oauthVerifier;
- }
-
- public void setOauthVerifier(String oauthVerifier) {
- this.oauthVerifier = oauthVerifier;
- }
-
- public String getErrorMessage() {
- return errorMessage;
- }
-
- public void setErrorMessage(String errorMessage) {
- this.errorMessage = errorMessage;
- }
-
- public String getGetResourceURL() {
- return getResourceURL;
- }
-
- public void setGetResourceURL(String getResourceURL) {
- this.getResourceURL = getResourceURL;
- }
-
- public String getCallbackURL() {
- return callbackURL;
- }
-
- public void setCallbackURL(String callbackURL) {
- this.callbackURL = callbackURL;
- }
-
- public String getResourceResponse() {
- return resourceResponse;
- }
-
- public void setResourceResponse(String resourceResponse) {
- this.resourceResponse = resourceResponse;
- }
-
- public String getHeader() {
- return header;
- }
-
- public void setHeader(String header) {
- this.header = header;
- }
-
- public List getMethods() {
- return methods;
- }
-
- public void setMethods(List<SignatureMethod> methods) {
- this.methods = methods;
- }
-
- public String getPostResourceURL() {
- return postResourceURL;
- }
-
- public void setPostResourceURL(String postResourceURL) {
- this.postResourceURL = postResourceURL;
- }
-
- public Integer getResponseCode() {
- return responseCode;
- }
-
- public void setResponseCode(Integer responseCode) {
- this.responseCode = responseCode;
- }
-
- static class SignatureMethod {
- private String methodName;
-
- SignatureMethod(String methodName) {
- this.methodName = methodName;
- }
-
- public String getMethodName() {
- return methodName;
- }
-
- public void setMethodName(String methodName) {
- this.methodName = methodName;
- }
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/spring-servlet.xml b/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/spring-servlet.xml
deleted file mode 100644
index 734771c..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/spring-servlet.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:mvc="http://www.springframework.org/schema/mvc"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
- <mvc:annotation-driven/>
- <context:annotation-config/>
- <context:component-scan base-package="demo.oauth.client.controllers"/>
- <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
- <property name="prefix" value="/WEB-INF/views/"/>
- <property name="suffix" value=".jsp"/>
- </bean>
-</beans>
\ No newline at end of file
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/views/accessToken.jsp b/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/views/accessToken.jsp
deleted file mode 100644
index e9c5c93..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/views/accessToken.jsp
+++ /dev/null
@@ -1,93 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<%--@elvariable id="oAuthParams" type="org.apache.cxf.auth.oauth.demo.client.model.OAuthParams"--%>
-<%@ page contentType="text/html;charset=UTF-8" language="java" %>
-<%@ page isELIgnored="false" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-
-<html>
-<head>
- <title>OAuth Client</title>
-</head>
-<body>
-<table align="center">
- <tr>
- <td><h2>Sample OAuth 1.0a client implementation</h2></td>
- </tr>
-</table>
-<h3>Step 4. Get Protected Resource</h3>
-
-<form:form commandName="oAuthParams" action="/app/getProtectedResource">
- <table>
- <tr>
- <td>OAuth Token:</td>
- <td><form:input size="70" path="oauthToken"/></td>
- </tr>
- <tr>
- <td>OAuth Secret:</td>
- <td><form:input size="70" path="oauthTokenSecret"/></td>
- </tr>
- <tr>
- <td>Client Identifier:</td>
- <td><form:input size="70" path="clientID"/></td>
- </tr>
- <tr>
- <td>Client Shared-Secret:</td>
- <td><form:input size="70" path="clientSecret"/></td>
- </tr>
- <tr>
- <td>GET Protected Resource, need scope: 'read_info'</td>
- <td><form:input size="70" path="getResourceURL"/></td>
- </tr>
- <tr>
- <td>POST Protected Resource, need scope: 'modify_info'</td>
- <td><form:input size="70" path="postResourceURL"/></td>
- </tr>
- <tr>
- <td>Signature Method:</td>
- <td><form:select path="signatureMethod">
- <form:options items="${oAuthParams.methods}" itemValue="methodName"
- itemLabel="methodName"/>
- </form:select></td>
- </tr>
- <tr>
- <td colspan="2">
- <input type="submit" name="op" value="GET"/>
- </td>
- </tr>
- <tr>
- <td colspan="2">
- <input type="submit" name="op" value="POST"/>
- </td>
- </tr>
- </table>
-</form:form>
-
-<c:if test="${!empty oAuthParams.resourceResponse}">
- <p><b>Response:</b> ${oAuthParams.resourceResponse}</p>
-</c:if>
-<c:if test="${!empty oAuthParams.header}">
- <p><b>Header:</b>${oAuthParams.header}</p>
-</c:if>
-<c:if test="${!empty oAuthParams.responseCode}">
- <p><b>Response Status:</b>${oAuthParams.responseCode}</p>
-</c:if>
-</body>
-</html>
\ No newline at end of file
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/views/authorizeResourceOwner.jsp b/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/views/authorizeResourceOwner.jsp
deleted file mode 100644
index 3cbb99c..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/views/authorizeResourceOwner.jsp
+++ /dev/null
@@ -1,73 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<%--@elvariable id="text" type="java.lang.String"--%>
-<%--@elvariable id="oAuthParams" type="org.apache.cxf.auth.oauth.demo.client.model.OAuthParams"--%>
-<%@ page contentType="text/html;charset=UTF-8" language="java" %>
-<%@ page isELIgnored="false" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-
-<html>
-<head>
- <title>OAuth 1.0a client</title>
-</head>
-<body>
-<table align="center">
- <tr>
- <td><h2>Sample OAuth 1.0a client implementation</h2></td>
- </tr>
-</table>
-<h3>Step 2. Authorize Resource Owner</h3>
-
-<form:form commandName="oAuthParams" action="/app/authorizeResourceOwner">
- <c:if test="${!empty oAuthParams.errorMessage}">
- <font color="red"><p>Error: ${oAuthParams.errorMessage}</p></font>
- </c:if>
- <table>
- <tr>
- <td>Response:</td>
- </tr>
- <tr>
- <td>OAuth Token:</td>
- <td><form:input size="70" path="oauthToken"/></td>
- </tr>
- <tr>
- <td>OAuth Token Secret:</td>
- <td><form:input size="70" path="oauthTokenSecret"/></td>
- </tr>
- <tr>
- <td> </td>
- <td> </td>
- </tr>
- <tr>
- <td>Required OAuth parameters:</td>
- </tr>
- <tr>
- <td>Resource Owner Authorization Endpoint URI:</td>
- <td><form:input size="70" path="resourceOwnerAuthorizationEndpoint"/></td>
- </tr>
- <tr>
- <td colspan="2">
- <input type="submit" value="Authorize Resource Owner"/>
- </td>
- </tr>
- </table>
-</form:form>
-</body>
-</html>
\ No newline at end of file
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/views/temporaryCredentials.jsp b/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/views/temporaryCredentials.jsp
deleted file mode 100644
index 1c8df3d..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/views/temporaryCredentials.jsp
+++ /dev/null
@@ -1,83 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<%--@elvariable id="text" type="java.lang.String"--%>
-<%--@elvariable id="oAuthParams" type="org.apache.cxf.auth.oauth.demo.client.model.OAuthParams"--%>
-<%--@elvariable id="methods" type="java.util.List"--%>
-<%@ page contentType="text/html;charset=UTF-8" language="java" %>
-<%@ page isELIgnored="false" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-
-<html>
-<head>
- <title>OAuth 1.0a client</title>
-</head>
-<body>
-<table align="center">
- <tr>
- <td><h2>Sample OAuth 1.0a client implementation</h2></td>
- </tr>
-</table>
-
-<p>
-
-<h3>Step 1. Get OAuth temporary credentials</h3></p>
-
-<form:form commandName="oAuthParams" action="/app/handleTemporaryCredentials">
- <c:if test="${!empty oAuthParams.errorMessage}">
- <font color="red"><p>Error: ${oAuthParams.errorMessage}</p></font>
- </c:if>
- <table>
- <tr>
- <td>Required OAuth parameters:</td>
- </tr>
- <tr>
- <td>Temporary Credentials Endoint URI:</td>
- <td><form:input size="70" path="temporaryCredentialsEndpoint"/></td>
- </tr>
- <tr>
- <td>Client Identifier:</td>
- <td><form:input size="70" path="clientID"/></td>
- </tr>
- <tr>
- <td>Client Shared-Secret:</td>
- <td><form:input size="70" path="clientSecret"/></td>
- </tr>
- <tr>
- <td>Callback URL:</td>
- <td><form:input size="70" path="callbackURL"/></td>
- </tr>
- <tr>
- <td>Signature Method:</td>
- <td>
- <form:select path="signatureMethod">
- <form:options items="${oAuthParams.methods}" itemValue="methodName"
- itemLabel="methodName"/>
- </form:select>
- </td>
- </tr>
- <tr>
- <td colspan="2">
- <input type="submit" value="Get Temporary Credentials"/>
- </td>
- </tr>
- </table>
-</form:form>
-</body>
-</html>
\ No newline at end of file
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/views/tokenRequest.jsp b/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/views/tokenRequest.jsp
deleted file mode 100644
index 1598779..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/views/tokenRequest.jsp
+++ /dev/null
@@ -1,92 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<%--@elvariable id="text" type="java.lang.String"--%>
-<%--@elvariable id="oAuthParams" type="org.apache.cxf.auth.oauth.demo.client.model.OAuthParams"--%>
-<%@ page contentType="text/html;charset=UTF-8" language="java" %>
-<%@ page isELIgnored="false" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-
-<html>
-<head>
- <title>OAuth 1.0a Client</title>
-</head>
-<body>
-<table align="center">
- <tr>
- <td><h2>Sample OAuth 1.0a client implementation</h2></td>
- </tr>
-</table>
-<h3>Step 3. Request Access Token</h3>
-
-<form:form commandName="oAuthParams" action="/app/tokenRequest">
- <c:if test="${!empty oAuthParams.errorMessage}">
- <font color="red"><p>Error: ${oAuthParams.errorMessage}</p></font>
- </c:if>
- <table>
- <tr>
- <td>Response:</td>
- <td></td>
- </tr>
- <tr>
- <td>OAuth Token:</td>
- <td><form:input size="70" path="oauthToken"/></td>
- </tr>
- <tr>
- <td>OAuth Verifier:</td>
- <td><form:input size="70" path="oauthVerifier"/></td>
- </tr>
- <tr>
- <td> </td>
- <td> </td>
- </tr>
- <tr>
- <td>Required OAuth parameters:</td>
- </tr>
- <tr>
- <td>Token Request URI:</td>
- <td><form:input size="70" path="tokenRequestEndpoint"/></td>
- </tr>
-
- <tr>
- <td>Client Identifier:</td>
- <td><form:input size="70" path="clientID"/></td>
- </tr>
- <tr>
- <td>Client Shared-Secret:</td>
- <td><form:input size="70" path="clientSecret"/></td>
- </tr>
- <tr>
- <td>Signature Method:</td>
- <td>
- <form:select path="signatureMethod">
- <form:options items="${oAuthParams.methods}" itemValue="methodName"
- itemLabel="methodName"/>
- </form:select>
- </td>
- </tr>
- <tr>
- <td colspan="2">
- <input type="submit" value="Request Access Token"/>
- </td>
- </tr>
- </table>
-</form:form>
-</body>
-</html>
\ No newline at end of file
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/web.xml b/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/web.xml
deleted file mode 100644
index 9dfd455..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/webapp/WEB-INF/web.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" metadata-complete="true" version="2.5">
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/spring-servlet.xml</param-value>
- </context-param>
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
- <servlet>
- <servlet-name>spring</servlet-name>
- <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>spring</servlet-name>
- <url-pattern>/app/*</url-pattern>
- </servlet-mapping>
- <welcome-file-list>
- <welcome-file>index.jsp</welcome-file>
- </welcome-file-list>
-</web-app>
diff --git a/distribution/src/main/release/samples/oauth/client/src/main/webapp/index.jsp b/distribution/src/main/release/samples/oauth/client/src/main/webapp/index.jsp
deleted file mode 100644
index eb7d747..0000000
--- a/distribution/src/main/release/samples/oauth/client/src/main/webapp/index.jsp
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%response.sendRedirect("/app/temporaryCredentials"); %>
diff --git a/distribution/src/main/release/samples/oauth/server/pom.xml b/distribution/src/main/release/samples/oauth/server/pom.xml
deleted file mode 100644
index 069e653..0000000
--- a/distribution/src/main/release/samples/oauth/server/pom.xml
+++ /dev/null
@@ -1,127 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
- -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <artifactId>oauth_demo-server</artifactId>
- <name>OAuth 1.0a server</name>
- <packaging>war</packaging>
- <parent>
- <groupId>org.apache.cxf.samples</groupId>
- <artifactId>cxf-samples</artifactId>
- <version>3.5.0-SNAPSHOT</version>
- <relativePath>../../pom.xml</relativePath>
- </parent>
- <build>
- <finalName>oauth_1.0a_server</finalName>
- <plugins>
- <plugin>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>maven-jetty-plugin</artifactId>
- <version>6.1.24</version>
- <configuration>
- <webAppConfig>
- <contextPath>/</contextPath>
- </webAppConfig>
- <connectors>
- <connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
- <port>8081</port>
- <maxIdleTime>60000</maxIdleTime>
- </connector>
- </connectors>
- <scanIntervalSeconds>10</scanIntervalSeconds>
- </configuration>
- </plugin>
- </plugins>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-rs-security-oauth</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-transports-http-jetty</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-frontend-jaxrs</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-web</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-webmvc</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-beans</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-context</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-web</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-config</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-acl</artifactId>
- </dependency>
- <dependency>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- <version>1.1.1</version>
- </dependency>
- <dependency>
- <groupId>javax.annotation</groupId>
- <artifactId>jsr250-api</artifactId>
- <version>1.0</version>
- </dependency>
- <dependency>
- <groupId>cglib</groupId>
- <artifactId>cglib-nodep</artifactId>
- </dependency>
- <dependency>
- <artifactId>standard</artifactId>
- <groupId>taglibs</groupId>
- <version>1.1.2</version>
- <type>jar</type>
- <scope>runtime</scope>
- </dependency>
- </dependencies>
-</project>
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/ClientApp.java b/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/ClientApp.java
deleted file mode 100644
index a13365a..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/ClientApp.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.server;
-
-import java.io.Serializable;
-
-public class ClientApp implements Serializable {
- private String clientName = "OAuth 1.0a client";
- private String callbackURL = "http://localhost:8080/app/callback";
- private String consumerKey;
- private String error;
-
- public String getClientName() {
- return clientName;
- }
-
- public void setClientName(String clientName) {
- this.clientName = clientName;
- }
-
- public String getCallbackURL() {
- return callbackURL;
- }
-
- public void setCallbackURL(String callbackURL) {
- this.callbackURL = callbackURL;
- }
-
- public String getError() {
- return error;
- }
-
- public void setError(String error) {
- this.error = error;
- }
-
- public String getConsumerKey() {
- return consumerKey;
- }
-
- public void setConsumerKey(String consumerKey) {
- this.consumerKey = consumerKey;
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/CustomAuth.java b/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/CustomAuth.java
deleted file mode 100644
index 6431063..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/CustomAuth.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.server;
-
-import java.io.IOException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
-
-
-public class CustomAuth extends LoginUrlAuthenticationEntryPoint {
- public CustomAuth(String v) {
- super(v);
- }
-
- @Override
- public void commence(HttpServletRequest request, HttpServletResponse response,
- AuthenticationException authException) throws IOException, ServletException {
- super.commence(request, response, authException);
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/SampleResourceProvider.java b/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/SampleResourceProvider.java
deleted file mode 100644
index be80b34..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/SampleResourceProvider.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.server;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.Response;
-
-import org.springframework.security.access.annotation.Secured;
-
-/**
- * Sample JAX-RS resource service
- */
-@Path("/")
-public class SampleResourceProvider {
-
- @GET
- @Produces("text/html")
- @Path("/person/get/{name}")
- @Secured({"ROLE_USER" })
- public Response getInfo(@PathParam("name") String name, @Context HttpServletRequest request) {
- return Response.ok("Successfully accessed OAuth protected person: " + name).build();
- }
-
- @POST
- @Produces("text/html")
- @Path("/person/modify/{name}")
- @Secured({"ROLE_ADMIN" })
- public Response modifyInfo(@PathParam("name") String name, @Context HttpServletRequest request) {
- return Response.ok("Successfully modified OAuth protected person: " + name).build();
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java b/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
deleted file mode 100644
index d87ff63..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
+++ /dev/null
@@ -1,146 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.server.controllers;
-
-import java.nio.charset.StandardCharsets;
-import java.security.Principal;
-import java.security.SecureRandom;
-import java.util.Set;
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.cxf.common.util.StringUtils;
-
-import org.apache.cxf.rs.security.oauth.data.Client;
-import org.apache.cxf.rs.security.oauth.provider.MD5SequenceGenerator;
-import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
-
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.context.ServletContextAware;
-import org.springframework.web.servlet.ModelAndView;
-import org.springframework.web.servlet.view.RedirectView;
-
-import demo.oauth.server.ClientApp;
-
-@Controller
-public class ApplicationController implements ServletContextAware {
-
- private OAuthDataProvider oauthDataProvider;
-
- private OAuthClientManager clientManager;
-
- @RequestMapping("/newClientForm")
- public ModelAndView handleRequest(@ModelAttribute("client") ClientApp clientApp) {
- return new ModelAndView("newClientForm");
- }
-
- @RequestMapping("/registerClient")
- public ModelAndView registerApp(@ModelAttribute("client") ClientApp clientApp)
- throws Exception {
-
- if (StringUtils.isEmpty(clientApp.getClientName())) {
- clientApp.setError("Client name field is required!");
-
- return handleInternalRedirect(clientApp);
- }
-
- MD5SequenceGenerator tokenGen = new MD5SequenceGenerator();
- Principal principal = SecurityContextHolder.getContext().getAuthentication();
- String consumerKey = clientApp.getConsumerKey();
- if (StringUtils.isEmpty(consumerKey)) {
- consumerKey = tokenGen
- .generate((principal.getName() + clientApp.getClientName()).getBytes(StandardCharsets.UTF_8));
- }
-
- String secretKey = tokenGen.generate(new SecureRandom().generateSeed(20));
-
- Client clientInfo =
- new Client(consumerKey, secretKey, clientApp.getClientName(), null);
- clientInfo.setCallbackURI(clientApp.getCallbackURL());
- clientInfo.setLoginName(principal.getName());
-
- Client authNInfo = clientManager.registerNewClient(consumerKey, clientInfo);
- if (authNInfo != null) {
- clientApp.setError("Client already exists!");
-
- return handleInternalRedirect(clientApp);
- }
-
- ModelAndView modelAndView = new ModelAndView("clientDetails");
- modelAndView.getModel().put("clientInfo", clientInfo);
-
- return modelAndView;
- }
-
- @RequestMapping("/listRegisteredClients")
- public ModelAndView listRegisteredClients() {
- Set<Client> apps = clientManager.listRegisteredClients();
-
- ModelAndView modelAndView = new ModelAndView("registeredClientsList");
- modelAndView.getModelMap().put("clients", apps);
- return modelAndView;
- }
-
- @RequestMapping("/listAuthorizedClients")
- public ModelAndView listAuthorizedClients() {
- Set<Client> apps = clientManager.listAuthorizedClients();
-
- ModelAndView modelAndView = new ModelAndView("authorizedClientsList");
- modelAndView.getModelMap().put("clients", apps);
- return modelAndView;
- }
-
- @RequestMapping("/removeClient")
- public ModelAndView removeClient(HttpServletRequest request) {
- String consumerKey = request.getParameter("consumerKey");
-
- clientManager.removeRegisteredClient(consumerKey);
-
- return new ModelAndView(new RedirectView("/app/listRegisteredClients"));
- }
-
- @RequestMapping("/revokeAccess")
- public ModelAndView revokeAccess(HttpServletRequest request) {
- String consumerKey = request.getParameter("consumerKey");
-
- clientManager.removeAllTokens(consumerKey);
-
- return new ModelAndView(new RedirectView("/app/listAuthorizedClients"));
- }
-
- @RequestMapping("/displayVerifier")
- public ModelAndView displayVerifier() {
- return new ModelAndView("displayVerifier");
- }
-
- private ModelAndView handleInternalRedirect(ClientApp app) {
- ModelAndView modelAndView = new ModelAndView("newClientForm");
- modelAndView.getModel().put("client", app);
- return modelAndView;
- }
-
- public void setServletContext(ServletContext servletContext) {
- oauthDataProvider = OAuthUtils.getOAuthDataProvider(null, servletContext);
- clientManager = (OAuthClientManager)oauthDataProvider;
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java b/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
deleted file mode 100644
index bd7c0e5..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
+++ /dev/null
@@ -1,182 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package demo.oauth.server.controllers;
-
-import java.nio.charset.StandardCharsets;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
-import java.util.concurrent.ConcurrentHashMap;
-
-import net.oauth.OAuth;
-import net.oauth.OAuthProblemException;
-
-import org.apache.cxf.jaxrs.impl.MetadataMap;
-import org.apache.cxf.rs.security.oauth.data.AccessToken;
-import org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration;
-import org.apache.cxf.rs.security.oauth.data.AuthorizationInput;
-import org.apache.cxf.rs.security.oauth.data.Client;
-import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
-import org.apache.cxf.rs.security.oauth.data.RequestToken;
-import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
-import org.apache.cxf.rs.security.oauth.data.Token;
-import org.apache.cxf.rs.security.oauth.provider.MD5SequenceGenerator;
-import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
-
-public class MemoryOAuthDataProvider implements OAuthDataProvider {
-
- public static final String CALLBACK = "http://www.example.com/callback";
- public static final String APPLICATION_NAME = "Test Oauth 1.0 application";
- public static final String CLIENT_ID = "12345678";
- public static final String CLIENT_SECRET = "secret";
-
- private static final ConcurrentHashMap<String, OAuthPermission> AVAILABLE_PERMISSIONS =
- new ConcurrentHashMap<>();
-
- static {
- AVAILABLE_PERMISSIONS
- .put("read_info", new OAuthPermission("read_info", "Read your personal information",
- Collections.singletonList("ROLE_USER")));
- AVAILABLE_PERMISSIONS.put("modify_info",
- new OAuthPermission("modify_info", "Modify your personal information",
- Collections.singletonList("ROLE_ADMIN")));
- }
-
- protected ConcurrentHashMap<String, Client> clientAuthInfo = new ConcurrentHashMap<>();
-
- protected MetadataMap<String, String> userRegisteredClients = new MetadataMap<>();
-
- protected MetadataMap<String, String> userAuthorizedClients = new MetadataMap<>();
-
- protected ConcurrentHashMap<String, Token> oauthTokens = new ConcurrentHashMap<>();
-
- protected MD5SequenceGenerator tokenGenerator = new MD5SequenceGenerator();
-
- public MemoryOAuthDataProvider() {
- Client client = new Client(CLIENT_ID, CLIENT_SECRET, APPLICATION_NAME, CALLBACK);
- clientAuthInfo.put(CLIENT_ID, client);
- }
-
- private List<OAuthPermission> getPermissionsInfo(List<String> requestPermissions) {
- List<OAuthPermission> permissions = new ArrayList<>();
- for (String requestScope : requestPermissions) {
- OAuthPermission oAuthPermission = AVAILABLE_PERMISSIONS.get(requestScope);
- permissions.add(oAuthPermission);
- }
-
- return permissions;
- }
-
- public Client getClient(String consumerKey) {
- return clientAuthInfo.get(consumerKey);
- }
-
- public RequestToken createRequestToken(RequestTokenRegistration reg) throws OAuthServiceException {
- String token = generateToken();
- String tokenSecret = generateToken();
-
- RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret,
- reg.getLifetime(), reg.getIssuedAt());
- reqToken.setScopes(getPermissionsInfo(reg.getScopes()));
- reqToken.setCallback(reg.getCallback());
- oauthTokens.put(token, reqToken);
- return reqToken;
- }
-
- public RequestToken getRequestToken(String tokenString) throws OAuthServiceException {
-
- Token token = oauthTokens.get(tokenString);
- if (token == null || (!RequestToken.class.isAssignableFrom(token.getClass()))) {
- throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
- }
- return (RequestToken) token;
- }
-
- public String finalizeAuthorization(AuthorizationInput input) throws
- OAuthServiceException {
- RequestToken requestToken = input.getToken();
- requestToken.setVerifier(generateToken());
- return requestToken.getVerifier();
- }
-
- public AccessToken createAccessToken(AccessTokenRegistration reg) throws
- OAuthServiceException {
-
- RequestToken requestToken = reg.getRequestToken();
-
- Client client = requestToken.getClient();
- requestToken = getRequestToken(requestToken.getTokenKey());
-
- String accessTokenString = generateToken();
- String tokenSecretString = generateToken();
-
- AccessToken accessToken = new AccessToken(client, accessTokenString,
- tokenSecretString, 3600, System.currentTimeMillis() / 1000);
-
- accessToken.setScopes(requestToken.getScopes());
-
- synchronized (oauthTokens) {
- oauthTokens.remove(requestToken.getTokenKey());
- oauthTokens.put(accessTokenString, accessToken);
- synchronized (userAuthorizedClients) {
- userAuthorizedClients.add(client.getConsumerKey(), client.getConsumerKey());
- }
- }
-
- return accessToken;
- }
-
- public AccessToken getAccessToken(String accessToken) throws OAuthServiceException {
- return (AccessToken) oauthTokens.get(accessToken);
- }
-
- public void removeAllTokens(String consumerKey) {
- //TODO: implement
- }
-
- public void removeToken(Token t) {
-
- for (Token token : oauthTokens.values()) {
- Client authNInfo = token.getClient();
- if (t.getClient().getConsumerKey().equals(authNInfo.getConsumerKey())) {
- oauthTokens.remove(token.getTokenKey());
- break;
- }
- }
-
- }
-
- protected String generateToken() throws OAuthServiceException {
- String token;
- try {
- token = tokenGenerator.generate(UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8));
- } catch (Exception e) {
- throw new OAuthServiceException("Unable to create token ", e.getCause());
- }
- return token;
- }
-
- public void setClientAuthInfo(Map<String, Client> clientAuthInfo) {
- this.clientAuthInfo.putAll(clientAuthInfo);
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java b/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java
deleted file mode 100644
index 55c46f3..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.server.controllers;
-
-import java.util.Set;
-
-import org.apache.cxf.rs.security.oauth.data.Client;
-
-
-public interface OAuthClientManager {
- Client registerNewClient(String consumerKey, Client client);
-
- Set<Client> listRegisteredClients();
-
- Set<Client> listAuthorizedClients();
-
- void removeRegisteredClient(String consumerKey);
-
- void removeAllTokens(String consumerKey);
-}
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java b/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java
deleted file mode 100644
index 4a69e87..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.server.controllers;
-
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.cxf.rs.security.oauth.data.Client;
-import org.apache.cxf.rs.security.oauth.data.Token;
-
-public class SampleOAuthDataProvider extends MemoryOAuthDataProvider
- implements OAuthClientManager {
-
- public Client registerNewClient(String consumerKey, Client client) {
- Client authNInfo = clientAuthInfo.putIfAbsent(consumerKey, client);
- if (authNInfo == null) {
- userRegisteredClients.add(consumerKey, consumerKey);
- }
- return authNInfo;
- }
-
- public Set<Client> listRegisteredClients() {
- Set<Client> apps = new HashSet<>();
- Set<String> appList = userRegisteredClients.keySet();
- if (appList != null) {
- for (String s : appList) {
- apps.add(clientAuthInfo.get(s));
- }
- }
- return apps;
- }
-
- public Set<Client> listAuthorizedClients() {
- Set<Client> apps = new HashSet<>();
- Set<String> appList = userAuthorizedClients.keySet();
- if (appList != null) {
- for (String s : appList) {
- apps.add(clientAuthInfo.get(s));
- }
- }
- return apps;
- }
-
- public synchronized void removeRegisteredClient(String consumerKey) {
- List<String> registeredApps = this.userRegisteredClients.get(consumerKey);
- this.clientAuthInfo.remove(consumerKey);
-
- //remove registered app
- registeredApps.remove(consumerKey);
- this.userRegisteredClients.put(consumerKey, registeredApps);
-
- //remove all authorized apps from other clients
- for (Map.Entry<String, List<String>> userAuthorizedClientsSet : userAuthorizedClients.entrySet()) {
- String principalName = userAuthorizedClientsSet.getKey();
- List<String> clients = userAuthorizedClientsSet.getValue();
- clients.remove(consumerKey);
- userAuthorizedClients.put(principalName, clients);
- }
- //remove access tokens
- for (Token token : oauthTokens.values()) {
- Client authNInfo = token.getClient();
- if (consumerKey.equals(authNInfo.getConsumerKey())) {
- oauthTokens.remove(token.getTokenKey());
- }
- }
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationFailureHandler.java b/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationFailureHandler.java
deleted file mode 100644
index d68f7b6..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationFailureHandler.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.server.spring;
-
-import java.io.IOException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import net.oauth.OAuth;
-
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
-
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
-
-public class AuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
-
- private String authorizeUrl;
-
- public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
- AuthenticationException exception)
- throws IOException, ServletException {
- String oauthToken = request.getParameter(OAuth.OAUTH_TOKEN);
- String xScope = request.getParameter(OAuthConstants.X_OAUTH_SCOPE);
-
- StringBuilder url = new StringBuilder(authorizeUrl).append('?').append(OAuth.OAUTH_TOKEN).append("=")
- .append(oauthToken);
-
- if (!StringUtils.isEmpty(xScope)) {
- url.append('&').append(OAuthConstants.X_OAUTH_SCOPE).append("=").append(xScope);
- }
-
- setDefaultFailureUrl(url.toString());
- super.onAuthenticationFailure(request, response,
- exception);
- }
-
- public void setAuthorizeUrl(String authorizeUrl) {
- this.authorizeUrl = authorizeUrl;
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationSuccessfullHandler.java b/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationSuccessfullHandler.java
deleted file mode 100644
index 1a71f8d..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationSuccessfullHandler.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.server.spring;
-
-import java.io.IOException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import net.oauth.OAuth;
-
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
-
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
-
-public class AuthenticationSuccessfullHandler extends SavedRequestAwareAuthenticationSuccessHandler {
-
- private String confirmationUrl;
-
- public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
- Authentication authentication) throws IOException,
- ServletException {
- super.onAuthenticationSuccess(request, response, authentication);
- }
-
- protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
-
- String oauthToken = request.getParameter(OAuth.OAUTH_TOKEN);
- String authToken = request.getParameter(OAuthConstants.AUTHENTICITY_TOKEN);
- String decision = request.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
- String xScope = request.getParameter(OAuthConstants.X_OAUTH_SCOPE);
-
- if (StringUtils.isEmpty(oauthToken)) {
- return super.determineTargetUrl(request, response);
- }
-
- StringBuilder url = new StringBuilder(confirmationUrl).append('?').append(OAuth.OAUTH_TOKEN).append("=")
- .append(oauthToken).append('&').append(OAuthConstants.AUTHENTICITY_TOKEN)
- .append('=')
- .append(authToken);
-
- if (!StringUtils.isEmpty(decision)) {
- url.append('&').append(OAuthConstants.AUTHORIZATION_DECISION_KEY).append("=")
- .append(decision);
- }
-
- if (!StringUtils.isEmpty(xScope)) {
- url.append('&').append(OAuthConstants.X_OAUTH_SCOPE).append("=").append(xScope);
- }
-
- return url.toString();
- }
-
- public void setConfirmationUrl(String confirmationUrl) {
- this.confirmationUrl = confirmationUrl;
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringOAuthAuthenticationFilter.java b/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringOAuthAuthenticationFilter.java
deleted file mode 100644
index 1c134bd..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringOAuthAuthenticationFilter.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.server.spring;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.UUID;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
-
-public class SpringOAuthAuthenticationFilter implements Filter {
- public static final String OAUTH_AUTHORITIES = "oauth_authorities";
-
- public void init(FilterConfig filterConfig) throws ServletException {
- }
-
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
- throws IOException, ServletException {
- HttpServletRequest req = (HttpServletRequest)request;
- HttpServletResponse resp = (HttpServletResponse)response;
-
- List<String> authorities = (List<String>)request.getAttribute(OAUTH_AUTHORITIES);
- List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
-
- if (authorities != null) {
- for (String authority : authorities) {
- grantedAuthorities.add(new SimpleGrantedAuthority(authority));
- }
-
- Authentication auth = new AnonymousAuthenticationToken(UUID.randomUUID().toString(),
- req.getUserPrincipal(), grantedAuthorities);
-
- SecurityContextHolder.getContext().setAuthentication(auth);
- }
-
-
- chain.doFilter(req, resp);
- }
-
- public void destroy() {
-
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringSecurityExceptionMapper.java b/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringSecurityExceptionMapper.java
deleted file mode 100644
index e63671f..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringSecurityExceptionMapper.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package demo.oauth.server.spring;
-
-import javax.ws.rs.core.Response;
-import javax.ws.rs.ext.ExceptionMapper;
-
-import org.springframework.security.access.AccessDeniedException;
-
-public class SpringSecurityExceptionMapper implements ExceptionMapper<AccessDeniedException> {
-
- public Response toResponse(AccessDeniedException exception) {
- return Response.status(Response.Status.FORBIDDEN).build();
- }
-}
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/oauth-beans.xml b/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/oauth-beans.xml
deleted file mode 100644
index 2c05c5d..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/oauth-beans.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:beans="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:sec="http://cxf.apache.org/configuration/security"
- xmlns:http="http://cxf.apache.org/transports/http/configuration"
- xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
- xmlns:jaxrs="http://cxf.apache.org/jaxrs"
- xsi:schemaLocation="http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxrs http:/ [...]
- <import resource="classpath:META-INF/cxf/cxf.xml"/>
- <import resource="classpath:META-INF/cxf/cxf-servlet.xml"/>
- <!-- Publish OAuth endpoints-->
- <jaxrs:server id="oauthServer" address="/oauth/">
- <jaxrs:serviceBeans>
- <ref bean="oauthServices"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="dispatchProvider"/>
- </jaxrs:providers>
- </jaxrs:server>
- <!--Definitions of OAuth module endpoints-->
- <bean id="oauthServices" class="org.apache.cxf.rs.security.oauth.services.OAuthDefaultServices"/>
- <!--Redirects from Resource Owner Authorization Endpoint to sign in page-->
- <bean id="dispatchProvider" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider">
- <property name="resourcePath" value="/oAuthLogin.jsp"/>
- </bean>
- <!-- Endpoint serves OAuth protected resource -->
- <jaxrs:server id="resourceServer" address="/resources/">
- <jaxrs:serviceBeans>
- <ref bean="resource"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="springSecurityExceptionMapper"/>
- </jaxrs:providers>
- </jaxrs:server>
- <bean id="springSecurityExceptionMapper" class="demo.oauth.server.spring.SpringSecurityExceptionMapper"/>
- <!-- Resource Provider -->
- <bean id="resource" class="demo.oauth.server.SampleResourceProvider"/>
-</beans>
\ No newline at end of file
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml b/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml
deleted file mode 100644
index 6004d31..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml
+++ /dev/null
@@ -1,62 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.1.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
- <beans:bean id="authenticationSuccHandler" class="demo.oauth.server.spring.AuthenticationSuccessfullHandler">
- <beans:property name="defaultTargetUrl" value="/app/newClientForm.jsp"/>
- <beans:property name="confirmationUrl" value="/auth/oauth/authorize/decision"/>
- </beans:bean>
- <beans:bean id="authenticationFailHandler" class="demo.oauth.server.spring.AuthenticationFailureHandler">
- <beans:property name="authorizeUrl" value="/auth/oauth/authorize"/>
- </beans:bean>
- <global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/>
- <beans:bean id="entryPoint" class="demo.oauth.server.CustomAuth">
- <beans:constructor-arg value="/index.jsp"/>
- </beans:bean>
-
- <http pattern="/oAuthLogin.jsp" security="none" />
- <http pattern="/index.jsp" security="none" />
- <http pattern="/" security="none" />
- <http pattern="/favicon.ico" security="none" />
- <http pattern="/auth/oauth/**" security="none" />
- <http pattern="/auth/resources/**" security="none" />
-
- <http auto-config="false" entry-point-ref="entryPoint">
- <intercept-url pattern="/oAuthLogin.jsp" />
- <intercept-url pattern="/index.jsp"/>
- <intercept-url pattern="/"/>
- <intercept-url pattern="/favicon.ico"/>
- <intercept-url pattern="/auth/oauth/**"/>
- <intercept-url pattern="/auth/resources/**"/>
- <intercept-url pattern="/**" access="ROLE_USER"/>
- <form-login authentication-success-handler-ref="authenticationSuccHandler" authentication-failure-handler-ref="authenticationFailHandler" login-page="/index.jsp" authentication-failure-url="/auth/oauth/authorize" default-target-url="/app/newClientForm.jsp"/>
- <logout invalidate-session="true" logout-url="/logout.htm" logout-success-url="/login.jsp?loggedout=true"/>
- </http>
- <authentication-manager>
- <authentication-provider>
- <user-service>
- <user name="user1" password="1111" authorities="ROLE_USER"/>
- <user name="user2" password="2222" authorities="ROLE_USER"/>
- </user-service>
- </authentication-provider>
- </authentication-manager>
-</beans:beans>
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/spring-servlet.xml b/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/spring-servlet.xml
deleted file mode 100644
index ace2ba2..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/spring-servlet.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:mvc="http://www.springframework.org/schema/mvc"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
- <mvc:annotation-driven/>
- <context:annotation-config/>
- <context:component-scan base-package="demo.oauth.server.controllers"/>
- <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
- <property name="prefix" value="/WEB-INF/views/"/>
- <property name="suffix" value=".jsp"/>
- </bean>
-</beans>
\ No newline at end of file
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/authorizedClientsList.jsp b/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/authorizedClientsList.jsp
deleted file mode 100644
index a54c0ac..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/authorizedClientsList.jsp
+++ /dev/null
@@ -1,63 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<%--@elvariable id="clients" type="java.util.Set<org.apache.cxf.rs.security.oauth.provider.Client>"--%>
-<%@ page contentType="text/html;charset=UTF-8" language="java" %>
-<%@ page isELIgnored="false" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-<html>
-<head><title>Authorized Clients</title></head>
-<body>
-
-<h3>Authorized clients:</h3>
-<table>
- <c:forEach var="client" items="${clients}">
- <form:form action="/app/revokeAccess" commandName="client">
- <input type="hidden" name="consumerKey" value="${client.consumerKey}"/>
- <tr>
- <td>Application Name:</td>
- <td>${client.applicationName}</td>
- </tr>
- <tr>
- <td>Customer Key:</td>
- <td>${client.consumerKey}</td>
- </tr>
- <tr>
- <td>Consumer Secret:</td>
- <td>${client.secretKey}</td>
- </tr>
- <tr>
- <td>Callback URL:</td>
- <td>${client.callbackURI}</td>
- </tr>
- <tr>
- <td colspan="2">
- <input type="submit" value="Revoke Access"/>
- </td>
- </tr>
- </form:form>
- <tr>
- <td> </td>
- <td> </td>
- </tr>
- </c:forEach>
-</table>
-
-</body>
-</html>
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp b/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp
deleted file mode 100644
index 434faa4..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp
+++ /dev/null
@@ -1,63 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<%--@elvariable id="clientInfo" type="org.apache.cxf.rs.security.oauth.provider.Client"--%>
-<%@ page contentType="text/html;charset=UTF-8" language="java" %>
-<%@ page isELIgnored="false" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-<html>
-<head><title>Application Details</title></head>
-<body>
-
-<table>
- <form:form action="/app/newClientForm">
- <tr>
- <td>Application Name:</td>
- <td>${clientInfo.applicationName}</td>
- </tr>
- <tr>
- <td>Customer Key:</td>
- <td>${clientInfo.consumerKey}</td>
- </tr>
- <tr>
- <td>Consumer Secret:</td>
- <td>${clientInfo.secretKey}</td>
- </tr>
- <tr>
- <td>Callback URL:</td>
- <td>${clientInfo.callbackURI}</td>
- </tr>
- <tr>
- <td colspan="2">
- <input type="submit" value="Register New Client"/>
- </td>
- </tr>
- </form:form>
- <tr>
- <td>
- <form:form action="/app/listRegisteredClients">
- <input type="submit" value="List Registered Clients"/>
- </form:form>
- </td>
- </tr>
-
-</table>
-
-</body>
-</html>
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/displayVerifier.jsp b/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/displayVerifier.jsp
deleted file mode 100644
index f1c61e6..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/displayVerifier.jsp
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<%--@elvariable id="oauth_verifier" type="java.lang.String"--%>
-<%@ page contentType="text/html;charset=UTF-8" language="java" %>
-<%@ page isELIgnored="false" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<html>
-<head><title>OAuth 1.0a CXF server</title></head>
-<body>
-<h4>Callback URI was not provided, propably you cannot receive callbacks.
- Save below oauth verifier value to be able to receive access token.
-</h4>
-<table>
- <tr>
- <td>OAuth verifier:</td>
- <td><%=request.getParameter("oauth_verifier")%></td>
- </tr>
-</table>
-</body>
-</html>
\ No newline at end of file
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/newClientForm.jsp b/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/newClientForm.jsp
deleted file mode 100644
index 176c657..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/newClientForm.jsp
+++ /dev/null
@@ -1,70 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<%--@elvariable id="client" type="org.apache.cxf.rs.security.oauth.demo.server.ClientApp"--%>
-<%@ page contentType="text/html;charset=UTF-8" language="java" %>
-<%@ page isELIgnored="false" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-<html>
-<head><title>Authorization Server</title></head>
-<body>
-
-<c:if test="${!empty client.error}">
- <font color="red"><p>Error: ${client.error}</p></font>
-</c:if>
-<table>
- <form:form commandName="client" action="/app/registerClient">
- <tr>
- <td>Consumer key:</td>
- <td><form:input size="70" path="consumerKey"/> - You can provide consumer key,
- if not it will be automatically generated
- </td>
- </tr>
- <tr>
- <td>Client Name:</td>
- <td><form:input size="70" path="clientName"/></td>
- </tr>
- <tr>
- <td>Callback URL:</td>
- <td><form:input size="70" path="callbackURL"/></td>
- </tr>
- <tr>
- <td colspan="2">
- <input type="submit" value="Register New Client"/>
- </td>
- </tr>
- </form:form>
- <tr>
- <form:form action="/app/listRegisteredClients">
- <td colspan="2">
- <input type="submit" value="List Registered Clients"/>
- </td>
- </form:form>
- </tr>
- <tr>
- <form:form action="/app/listAuthorizedClients">
- <td colspan="2">
- <input type="submit" value="List Authorized Clients"/>
- </td>
- </form:form>
- </tr>
-</table>
-
-</body>
-</html>
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/registeredClientsList.jsp b/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/registeredClientsList.jsp
deleted file mode 100644
index e08b683..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/registeredClientsList.jsp
+++ /dev/null
@@ -1,69 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<%--@elvariable id="clients" type="java.util.Set<org.apache.cxf.rs.security.oauth.provider.Client>"--%>
-<%@ page contentType="text/html;charset=UTF-8" language="java" %>
-<%@ page isELIgnored="false" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-<html>
-<head><title>Registered clients</title></head>
-<body>
-<h3>Registered clients:</h3>
-<table>
- <c:forEach var="client" items="${clients}">
- <form:form action="/app/removeClient" commandName="client">
- <input type="hidden" name="consumerKey" value="${client.consumerKey}"/>
- <tr>
- <td>Application Name:</td>
- <td>${client.applicationName}</td>
- </tr>
- <tr>
- <td>Customer Key:</td>
- <td>${client.consumerKey}</td>
- </tr>
- <tr>
- <td>Consumer Secret:</td>
- <td>${client.secretKey}</td>
- </tr>
- <tr>
- <td>Callback URL:</td>
- <td>${client.callbackURI}</td>
- </tr>
- <tr>
- <td colspan="2">
- <input type="submit" value="Remove Client"/>
- </td>
- </tr>
- </form:form>
- <tr>
- <td> </td>
- <td> </td>
- </tr>
- </c:forEach>
- <tr>
- <form:form action="/app/newClientForm">
- <td colspan="2">
- <input type="submit" value="Register New Client"/>
- </td>
- </form:form>
- </tr>
-</table>
-
-</body>
-</html>
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/web.xml b/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/web.xml
deleted file mode 100644
index 13a7202..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/web.xml
+++ /dev/null
@@ -1,82 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" metadata-complete="true" version="2.5">
- <context-param>
- <param-name>oauth.data.provider-class</param-name>
- <param-value>demo.oauth.server.controllers.SampleOAuthDataProvider</param-value>
- </context-param>
- <filter>
- <filter-name>oauthFilter</filter-name>
- <filter-class>org.apache.cxf.rs.security.oauth.filters.OAuthServletFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>oauthFilter</filter-name>
- <url-pattern>/auth/resources/person/*</url-pattern>
- </filter-mapping>
- <filter>
- <filter-name>oauthSpringFilter</filter-name>
- <filter-class>demo.oauth.server.spring.SpringOAuthAuthenticationFilter
- </filter-class>
- </filter>
- <filter-mapping>
- <filter-name>oauthSpringFilter</filter-name>
- <url-pattern>/auth/resources/person/*</url-pattern>
- </filter-mapping>
- <!-- **************** Spring configuration *****************-->
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/*-beans.xml</param-value>
- </context-param>
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <servlet>
- <servlet-name>spring</servlet-name>
- <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>spring</servlet-name>
- <url-pattern>/app/*</url-pattern>
- </servlet-mapping>
- <!-- **************** CXF configuration *****************-->
- <servlet>
- <servlet-name>CXFServlet</servlet-name>
- <servlet-class>
- org.apache.cxf.transport.servlet.CXFServlet
- </servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>CXFServlet</servlet-name>
- <url-pattern>/auth/*</url-pattern>
- </servlet-mapping>
- <welcome-file-list>
- <welcome-file>index.jsp</welcome-file>
- </welcome-file-list>
-</web-app>
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/webapp/index.jsp b/distribution/src/main/release/samples/oauth/server/src/main/webapp/index.jsp
deleted file mode 100644
index fcfbbc9..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/webapp/index.jsp
+++ /dev/null
@@ -1,78 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<%--@elvariable id="text" type="java.lang.String"--%>
-<%--@elvariable id="oauthauthorizationdata" type="org.apache.cxf.rs.security.oauth.provider.OAuthAuthorizationData"--%>
-<%@ page contentType="text/html;charset=UTF-8" language="java" %>
-<%@ page isELIgnored="false" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-<html>
-<head><title>OAuth 1.0a CXF server</title></head>
-<body>
-<table align="center">
- <tr align="center">
- <td><h2>Sample CXF-OAuth 1.0a server implementation</h2></td>
- </tr>
-
- <tr align="center">
- <td><h3>OAuth protected resources at path: </h3></td>
- </tr>
- <tr align="center">
- <td><input size="70" value="/auth/resources/person/{name}"/><br/><br/>
- You can access this resources by using OAuth client hosted at: <a
- href="http://www.oauthclient.appspot.com/">OAuth client</a></td>
- </tr>
-</table>
-<br/><br/>
-<table align="center">
- <tr align="center">
- <td><h3>Login with Username and Password to register OAuth client</h3></td>
- </tr>
-
- <tr>
- <td>User: user1</td>
- </tr>
- <tr>
- <td>Password: 1111</td>
- </tr>
- <tr align="center">
- <td>
- <form name="f" action="/j_spring_security_check" method="POST">
- <c:if test="${not empty param.login_error}">
- <font color="red">
- Your login attempt was not successful, try again.<br/><br/>
- Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
- </font>
- </c:if>
- <label for="login">User</label>
- <input type="text" id="login" name='j_username'
- value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/>
-
- <div class="clear"></div>
- <label for="password">Password</label>
- <input type="password" id="password" name="j_password"/>
- <br>
- <input type="submit" class="button" name="commit" value="Log in"/>
- </form>
- </td>
- </tr>
-</table>
-
-</body>
-</html>
diff --git a/distribution/src/main/release/samples/oauth/server/src/main/webapp/oAuthLogin.jsp b/distribution/src/main/release/samples/oauth/server/src/main/webapp/oAuthLogin.jsp
deleted file mode 100644
index 54d3436..0000000
--- a/distribution/src/main/release/samples/oauth/server/src/main/webapp/oAuthLogin.jsp
+++ /dev/null
@@ -1,106 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<%--@elvariable id="text" type="java.lang.String"--%>
-<%--@elvariable id="oauthauthorizationdata" type="org.apache.cxf.rs.security.oauth.provider.OAuthAuthorizationData"--%>
-<%@ page contentType="text/html;charset=UTF-8" language="java" %>
-<%@ page isELIgnored="false" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-<html>
-<head><title>OAuth 1.0a CXF server</title></head>
-<body>
-<c:choose>
- <c:when test="${!empty oauthauthorizationdata.oauthToken}">
- <table align="center">
- <tr align="center">
- <td>
- <form name="f" action="/j_spring_security_check" method="POST">
- <input type="hidden" name="oauth_token"
- value="${oauthauthorizationdata.oauthToken}"/>
- <input type="hidden"
- name="<%=org.apache.cxf.rs.security.oauth.utils.OAuthConstants
- .AUTHENTICITY_TOKEN%>"
- value="${oauthauthorizationdata.authenticityToken}"/>
- <input type="hidden"
- name="<%=org.apache.cxf.rs.security.oauth.utils.OAuthConstants
- .X_OAUTH_SCOPE%>"
- value="<%=request.getParameter("x_oauth_scope")%>"/>
-
- <p>The application <b>${oauthauthorizationdata.applicationName}</b> would like
- the
- ability to access and update your data on Sample OAuth CXF server:
- <br/></p>
- <br/>
- <b>Permissions:</b>
-
- <c:forEach items="${oauthauthorizationdata.permissions}" var="permission">
- <li>${permission.description}</li>
- URIs:
- <c:forEach items="${permission.uris}" var="uri">
- <li>${uri}</li>
- </c:forEach>
- </c:forEach>
- <br/>
- Please ensure that you trust this website with your information before
- proceeding!
- <c:if test="${not empty param.login_error}">
- <font color="red">
- Your login attempt was not successful, try again.<br/><br/>
- Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
- </font>
- </c:if>
- <br>
- User: user2
- <br>
- Password: 2222
- <br>
- <label for="login">User</label>
- <input type="text" id="login" name='j_username'
- value='<c:if test="${not empty param.login_error}"><c:out
- value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/>
-
- <div class="clear"></div>
- <label for="password">Password</label>
- <input type="password" id="password" name="j_password"/>
- <br>
- <button name="<%=org.apache.cxf.rs.security.oauth.utils.OAuthConstants
- .AUTHORIZATION_DECISION_KEY%>"
- type="submit"
- value="<%=org.apache.cxf.rs.security.oauth.utils.OAuthConstants
- .AUTHORIZATION_DECISION_DENY%>">
- Deny
- </button>
- <button name="<%=org.apache.cxf.rs.security.oauth.utils.OAuthConstants
- .AUTHORIZATION_DECISION_KEY%>"
- type="submit"
- value="<%=org.apache.cxf.rs.security.oauth.utils.OAuthConstants
- .AUTHORIZATION_DECISION_ALLOW%>">
- Allow
- </button>
- </form>
- </td>
- </tr>
- </table>
- </c:when>
- <c:otherwise>
- <h3>Invalid request</h3>
- </c:otherwise>
-</c:choose>
-</body>
-</html>
diff --git a/distribution/src/main/release/samples/pom.xml b/distribution/src/main/release/samples/pom.xml
index 5b0e4f8..cfbbca5 100644
--- a/distribution/src/main/release/samples/pom.xml
+++ b/distribution/src/main/release/samples/pom.xml
@@ -120,8 +120,6 @@
<module>js_client</module>
<module>js_provider</module>
<module>mtom</module>
- <module>oauth/client</module>
- <module>oauth/server</module>
<module>restful_dispatch</module>
<module>ruby_spring_support</module>
<module>soap_header</module>
diff --git a/parent/pom.xml b/parent/pom.xml
index 23a1bd9..b861ab2 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -173,7 +173,6 @@
<cxf.neethi.version>3.2.0-SNAPSHOT</cxf.neethi.version>
<cxf.netty.version.range>[4,5)</cxf.netty.version.range>
<cxf.netty.version>4.1.68.Final</cxf.netty.version>
- <cxf.oauth.version>20100527</cxf.oauth.version>
<cxf.olingo.version>2.0.11</cxf.olingo.version>
<cxf.openjpa.version>3.1.2</cxf.openjpa.version>
<cxf.opensaml.osgi.version.range>[3.1,4)</cxf.opensaml.osgi.version.range>
diff --git a/rt/rs/security/oauth-parent/oauth/pom.xml b/rt/rs/security/oauth-parent/oauth/pom.xml
deleted file mode 100644
index 099e763..0000000
--- a/rt/rs/security/oauth-parent/oauth/pom.xml
+++ /dev/null
@@ -1,69 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <artifactId>cxf-rt-rs-security-oauth</artifactId>
- <packaging>bundle</packaging>
- <name>Apache CXF Runtime OAuth 1.0a</name>
- <description>Apache CXF Runtime OAuth 1.0a</description>
- <url>https://cxf.apache.org</url>
- <parent>
- <artifactId>cxf-rt-rs-security-oauth-parent</artifactId>
- <groupId>org.apache.cxf</groupId>
- <version>3.5.0-SNAPSHOT</version>
- <relativePath>../pom.xml</relativePath>
- </parent>
- <properties>
- <cxf.module.name>org.apache.cxf.rs.security.oauth</cxf.module.name>
- <cxf.osgi.import>
- javax.servlet*;version="${cxf.osgi.javax.servlet.version}",
- javax.xml.bind*;version="${cxf.osgi.javax.bind.version}"
- </cxf.osgi.import>
- </properties>
- <dependencies>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-frontend-jaxrs</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-rs-client</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>net.oauth.core</groupId>
- <artifactId>oauth-provider</artifactId>
- <version>${cxf.oauth.version}</version>
- </dependency>
- <dependency>
- <groupId>${cxf.servlet-api.group}</groupId>
- <artifactId>${cxf.servlet-api.artifact}</artifactId>
- <scope>provided</scope>
- <optional>true</optional>
- </dependency>
- <!--test dependencies-->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java
deleted file mode 100644
index 567200e..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java
+++ /dev/null
@@ -1,281 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.client;
-
-import java.net.URI;
-import java.security.PrivateKey;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.UUID;
-
-import javax.ws.rs.ProcessingException;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Form;
-import javax.ws.rs.core.UriBuilder;
-
-import net.oauth.OAuth;
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
-import net.oauth.OAuthMessage;
-import net.oauth.signature.RSA_SHA1;
-import org.apache.cxf.jaxrs.client.WebClient;
-import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
-
-/**
- * The utility class for simplifying making OAuth request and access token
- * requests as well as for creating Authorization OAuth headers
- */
-public final class OAuthClientUtils {
- private OAuthClientUtils() {
-
- }
-
- /**
- * Returns URI of the authorization service with the query parameter containing
- * the request token key
- * @param authorizationServiceURI the service URI
- * @param requestToken the request token key
- * @return
- */
- public static URI getAuthorizationURI(String authorizationServiceURI, String requestToken) {
- return UriBuilder.fromUri(authorizationServiceURI).
- queryParam("oauth_token", requestToken).build();
-
- }
-
- /**
- * Returns a simple representation of the Request token
- * @param requestTokenService initialized RequestToken service client
- * @param consumer Consumer bean containing the consumer key and secret
- * @param callback the callback URI where the request token verifier will
- * be returned
- * @param extraParams additional parameters such as state, scope, etc
- * @return the token
- */
- public static Token getRequestToken(WebClient requestTokenService,
- Consumer consumer,
- URI callback,
- Map<String, String> extraParams) throws OAuthServiceException {
- return getRequestToken(requestTokenService, consumer, callback, extraParams, null);
- }
-
- public static Map<String, Object> prepareOAuthRsaProperties(PrivateKey pk) {
- Map<String, Object> props = new HashMap<>();
- props.put(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1);
- props.put(RSA_SHA1.PRIVATE_KEY, pk);
- return props;
- }
-
- public static Token getRequestToken(WebClient requestTokenService,
- Consumer consumer,
- URI callback,
- Map<String, String> extraParams,
- Map<String, Object> oauthConsumerProps) throws OAuthServiceException {
- Map<String, String> parameters = new HashMap<>();
- if (extraParams != null) {
- parameters.putAll(extraParams);
- }
- parameters.put(OAuth.OAUTH_CALLBACK, callback.toString());
-
- if (oauthConsumerProps == null || !oauthConsumerProps.containsKey(OAuth.OAUTH_SIGNATURE_METHOD)) {
- parameters.put(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.HMAC_SHA1);
- }
- parameters.put(OAuth.OAUTH_NONCE, UUID.randomUUID().toString());
- parameters.put(OAuth.OAUTH_TIMESTAMP, String.valueOf(System.currentTimeMillis() / 1000));
- parameters.put(OAuth.OAUTH_CONSUMER_KEY, consumer.getKey());
-
- OAuthAccessor accessor = createAccessor(consumer, oauthConsumerProps);
- return getToken(requestTokenService, accessor, parameters);
- }
- private static OAuthAccessor createAccessor(Consumer consumer, Map<String, Object> props) {
- OAuthConsumer oAuthConsumer = new OAuthConsumer(null, consumer.getKey(), consumer.getSecret(),
- null);
- if (props != null) {
- for (Map.Entry<String, Object> entry : props.entrySet()) {
- oAuthConsumer.setProperty(entry.getKey(), entry.getValue());
- }
- }
- return new OAuthAccessor(oAuthConsumer);
- }
-
- /**
- * Returns a simple representation of the Access token
- * @param accessTokenService initialized AccessToken service client
- * @param consumer Consumer bean containing the consumer key and secret
- * @param verifier the verifier/authorization key
- * @return the token
- */
- public static Token getAccessToken(WebClient accessTokenService,
- Consumer consumer,
- Token requestToken,
- String verifier) throws OAuthServiceException {
- return getAccessToken(accessTokenService, consumer, requestToken, verifier, null);
- }
-
- public static Token getAccessToken(WebClient accessTokenService,
- Consumer consumer,
- Token requestToken,
- String verifier,
- Map<String, Object> oauthConsumerProps) throws OAuthServiceException {
- Map<String, String> parameters = new HashMap<>();
- parameters.put(OAuth.OAUTH_CONSUMER_KEY, consumer.getKey());
- parameters.put(OAuth.OAUTH_TOKEN, requestToken.getToken());
- parameters.put(OAuth.OAUTH_VERIFIER, verifier);
- if (oauthConsumerProps == null || !oauthConsumerProps.containsKey(OAuth.OAUTH_SIGNATURE_METHOD)) {
- parameters.put(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.HMAC_SHA1);
- }
-
- OAuthAccessor accessor = createAccessor(consumer, oauthConsumerProps);
- accessor.requestToken = requestToken.getToken();
- accessor.tokenSecret = requestToken.getSecret();
- return getToken(accessTokenService, accessor, parameters);
- }
-
- /**
- * Creates OAuth Authorization header
- * @param consumer Consumer bean containing the consumer key and secret
- * @param accessToken Access token representation
- * @param method HTTP method
- * @param requestURI request URI
- * @return the header value
- */
- public static String createAuthorizationHeader(Consumer consumer,
- Token accessToken,
- String method,
- String requestURI) {
- return createAuthorizationHeader(consumer, accessToken, method, requestURI, null);
- }
-
- public static String createAuthorizationHeader(Consumer consumer,
- Token accessToken,
- String method,
- String requestURI,
- Map<String, Object> oauthConsumerProps) {
- Map<String, String> parameters = new HashMap<>();
- parameters.put(OAuth.OAUTH_CONSUMER_KEY, consumer.getKey());
- if (accessToken != null) {
- parameters.put(OAuth.OAUTH_TOKEN, accessToken.getToken());
- }
- if (oauthConsumerProps == null || !oauthConsumerProps.containsKey(OAuth.OAUTH_SIGNATURE_METHOD)) {
- parameters.put(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.HMAC_SHA1);
- }
- parameters.put(OAuth.OAUTH_NONCE, UUID.randomUUID().toString());
- parameters.put(OAuth.OAUTH_TIMESTAMP, String.valueOf(System.currentTimeMillis() / 1000));
-
- OAuthAccessor accessor = createAccessor(consumer, oauthConsumerProps);
- if (accessToken != null) {
- accessor.accessToken = accessToken.getToken();
- accessor.tokenSecret = accessToken.getSecret();
- }
- return doGetAuthorizationHeader(accessor, method, requestURI, parameters);
- }
-
-
- /**
- * Creates OAuth Authorization header containing consumer key and secret values only
- * @param consumer Consumer bean containing the consumer key and secret
- * @return the header value
- */
- public static String createAuthorizationHeader(Consumer consumer) {
- StringBuilder sb = new StringBuilder(64);
- sb.append("OAuth ").append("oauth_consumer_key=").append(consumer.getKey())
- .append("oauth_consumer_secret=").append(consumer.getSecret());
- return sb.toString();
-
- }
-
- private static String doGetAuthorizationHeader(OAuthAccessor accessor,
- String method, String requestURI, Map<String, String> parameters) {
- try {
- OAuthMessage msg = accessor.newRequestMessage(method, requestURI, parameters.entrySet());
- StringBuilder sb = new StringBuilder();
- sb.append(msg.getAuthorizationHeader(null));
- for (Map.Entry<String, String> entry : parameters.entrySet()) {
- if (!entry.getKey().startsWith("oauth_")) {
- sb.append(", ");
- sb.append(OAuth.percentEncode(entry.getKey())).append("=\"");
- sb.append(OAuth.percentEncode(entry.getValue())).append('"');
- }
- }
- return sb.toString();
- } catch (Exception ex) {
- throw new ProcessingException(ex);
- }
- }
-
- private static Token getToken(WebClient tokenService, OAuthAccessor accessor,
- Map<String, String> parameters) throws OAuthServiceException {
- String header = doGetAuthorizationHeader(accessor,
- "POST",
- tokenService.getBaseURI().toString(),
- parameters);
- try {
- tokenService.replaceHeader("Authorization", header);
- Form form = tokenService.post(null, Form.class);
- return new Token(form.asMap().getFirst("oauth_token"),
- form.asMap().getFirst("oauth_token_secret"));
- } catch (WebApplicationException ex) {
- throw new OAuthServiceException(ex);
- }
- }
-
- /**
- * Simple token representation
- */
- public static class Token {
- private String token;
- private String secret;
-
- public Token(String token, String secret) {
- this.token = token;
- this.secret = secret;
- }
- public String getToken() {
- return token;
- }
-
- public String getSecret() {
- return secret;
- }
-
-
- }
- /**
- * Simple consumer representation
- */
- public static class Consumer {
-
- private String key;
- private String secret;
-
- public Consumer(String key, String secret) {
- this.key = key;
- this.secret = secret;
- }
- public String getKey() {
- return key;
- }
-
- public String getSecret() {
- return secret;
- }
-
-
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java
deleted file mode 100644
index 46291a9..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.data;
-
-/**
- * Access Token representation
- */
-public class AccessToken extends Token {
- public AccessToken(Client client, String tokenString,
- String tokenSecret) {
- this(client, tokenString, tokenSecret, -1L,
- System.currentTimeMillis() / 1000);
- }
-
- public AccessToken(Client client, String tokenString,
- String tokenSecret, long lifetime, long issuedAt) {
- super(client, tokenString, tokenSecret, lifetime, issuedAt);
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessTokenRegistration.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessTokenRegistration.java
deleted file mode 100644
index 748186b..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessTokenRegistration.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.data;
-
-
-/**
- * Captures the information associated with the access token registration request.
- * @see AccessToken
- */
-public class AccessTokenRegistration {
- private RequestToken requestToken;
-
- public void setRequestToken(RequestToken requestToken) {
- this.requestToken = requestToken;
- }
-
- public RequestToken getRequestToken() {
- return requestToken;
- }
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AuthorizationInput.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AuthorizationInput.java
deleted file mode 100644
index f830928..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AuthorizationInput.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.data;
-
-import java.util.List;
-
-/**
- * Represents the user approval of the client RequestToken.
- * It also contains the set of approved scopes which may be
- * more restricted than the original list requested by the client
- */
-public class AuthorizationInput {
-
- private RequestToken token;
- private List<OAuthPermission> approvedScopes;
- public void setToken(RequestToken token) {
- this.token = token;
- }
- public RequestToken getToken() {
- return token;
- }
- public void setApprovedScopes(List<OAuthPermission> approvedScopes) {
- this.approvedScopes = approvedScopes;
- }
- public List<OAuthPermission> getApprovedScopes() {
- return approvedScopes;
- }
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
deleted file mode 100644
index 0c3386e..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
+++ /dev/null
@@ -1,185 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.data;
-
-/**
- * Represents a registered third-party consumer
- */
-public class Client {
- private String consumerKey;
- private String secretKey;
- private String applicationURI;
- private String applicationName;
- private String applicationDescription;
- private String logoUri;
- private String callbackURI;
- private String loginName;
-
- private AccessToken preAuthorizedToken;
-
- public Client(String consumerId,
- String secretKey,
- String applicationName,
- String applicationURI) {
- this.consumerKey = consumerId;
- this.secretKey = secretKey;
- this.applicationURI = applicationURI;
- this.applicationName = applicationName;
- }
-
- public Client(String consumerId, String secretKey) {
- this(consumerId, secretKey, null, null);
- }
-
- /**
- * Gets the consumer registration id
- * @return the consumer key
- */
- public String getConsumerKey() {
- return consumerKey;
- }
-
- /**
- * Gets the secret key
- * @return the secret key
- */
- public String getSecretKey() {
- return secretKey;
- }
-
- /**
- * Gets the name of the third-party application
- * this client represents
- * @return the application name
- */
- public String getApplicationName() {
- return applicationName;
- }
-
- /**
- * Sets the name of the third-party application
- * this client represents
- * @param applicationName the name
- */
- public void setApplicationName(String applicationName) {
- this.applicationName = applicationName;
- }
-
- /**
- * Gets the public URI of the third-party application.
- * For example, this property can be used to validate
- * request token callbacks
- * @return the application URI
- */
- public String getApplicationURI() {
- return applicationURI;
- }
-
- /**
- * Sets the public URI of the third-party application.
- */
- public void setApplicationURI(String applicationURI) {
- this.applicationURI = applicationURI;
- }
-
- /**
- * Sets the description of the third-party application.
- */
- public void setApplicationDescription(String applicationDescription) {
- this.applicationDescription = applicationDescription;
- }
-
- /**
- * Gets the description of the third-party application.
- * @return the application description
- */
- public String getApplicationDescription() {
- return applicationDescription;
- }
-
- /**
- * Sets the uri pointing to a client logo image.
- * At the moment it must be a relative URI
- * @param logoPath
- */
- public void setLogoUri(String logoPath) {
- this.logoUri = logoPath;
- }
-
- public String getLogoUri() {
- return logoUri;
- }
-
- /**
- * Gets the optional login name; can be used
- * for enforcing the RBAC rules
- * @return the login name
- */
- public String getLoginName() {
- return loginName == null ? consumerKey : loginName;
- }
-
- /**
- * Sets the optional login name
- * @param name the login name
- */
- public void setLoginName(String name) {
- this.loginName = name;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
- if (o == null || getClass() != o.getClass()) {
- return false;
- }
-
- Client that = (Client)o;
-
- if (!consumerKey.equals(that.consumerKey)) {
- return false;
- }
- return secretKey.equals(that.secretKey);
- }
-
- @Override
- public int hashCode() {
- int result = consumerKey.hashCode();
- result = 31 * result + secretKey.hashCode();
- return result;
- }
-
- public void setPreAuthorizedToken(AccessToken preAuthorizedToken) {
- this.preAuthorizedToken = preAuthorizedToken;
- }
-
- public AccessToken getPreAuthorizedToken() {
- return preAuthorizedToken;
- }
-
- public void setCallbackURI(String callbackURI) {
- this.callbackURI = callbackURI;
- }
-
- public String getCallbackURI() {
- return callbackURI;
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
deleted file mode 100644
index 1fd6675..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
+++ /dev/null
@@ -1,123 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.data;
-
-import java.io.Serializable;
-import java.util.List;
-
-import javax.xml.bind.annotation.XmlRootElement;
-
-/**
- * This bean represents a resource owner authorization challenge.
- * Typically, an HTML view will be returned to a resource owner who
- * will authorize or deny the third-party consumer
- */
-@XmlRootElement(name = "authorizationData",
- namespace = "http://org.apache.cxf.rs.security.oauth")
-public class OAuthAuthorizationData implements Serializable {
- private static final long serialVersionUID = -7755998413495017637L;
- private String oauthToken;
- private String authenticityToken;
- private String applicationName;
- private String applicationURI;
- private String callbackURI;
- private String applicationDescription;
- private String logoUri;
- private String replyTo;
- private List<? extends Permission> permissions;
-
- public OAuthAuthorizationData() {
- }
-
- public OAuthAuthorizationData(String oauthToken) {
- this.oauthToken = oauthToken;
- }
-
- public String getOauthToken() {
- return oauthToken;
- }
-
- public void setOauthToken(String oauthToken) {
- this.oauthToken = oauthToken;
- }
-
- public String getApplicationName() {
- return applicationName;
- }
-
- public void setApplicationName(String applicationName) {
- this.applicationName = applicationName;
- }
-
- public List<? extends Permission> getPermissions() {
- return permissions;
- }
-
- public void setPermissions(List<? extends Permission> permissions) {
- this.permissions = permissions;
- }
-
- public void setAuthenticityToken(String authenticityToken) {
- this.authenticityToken = authenticityToken;
- }
-
- public String getAuthenticityToken() {
- return authenticityToken;
- }
-
- public void setReplyTo(String replyTo) {
- this.replyTo = replyTo;
- }
-
- public String getReplyTo() {
- return replyTo;
- }
-
- public void setApplicationURI(String applicationURI) {
- this.applicationURI = applicationURI;
- }
-
- public String getApplicationURI() {
- return applicationURI;
- }
-
- public void setApplicationDescription(String applicationDescription) {
- this.applicationDescription = applicationDescription;
- }
-
- public String getApplicationDescription() {
- return applicationDescription;
- }
-
- public void setLogoUri(String logoPath) {
- this.logoUri = logoPath;
- }
-
- public String getLogoUri() {
- return logoUri;
- }
-
- public String getCallbackURI() {
- return callbackURI;
- }
-
- public void setCallbackURI(String callbackURI) {
- this.callbackURI = callbackURI;
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthContext.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthContext.java
deleted file mode 100644
index 5eec8ab..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthContext.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.data;
-
-import java.util.Collections;
-import java.util.List;
-
-
-/**
- * Captures the information which custom filters may use to further protect the endpoints
- */
-public class OAuthContext {
-
- private UserSubject subject;
- private List<OAuthPermission> permissions;
-
- public OAuthContext(UserSubject subject, List<OAuthPermission> perms) {
- this.subject = subject;
- this.permissions = perms;
- }
-
- public UserSubject getSubject() {
- return subject;
- }
-
- public List<OAuthPermission> getPermissions() {
- return Collections.unmodifiableList(permissions);
- }
-
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
deleted file mode 100644
index 5763758..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.data;
-
-import java.util.Collections;
-import java.util.List;
-
-/**
- * Provides the complete information about a given opaque permission.
- */
-public class OAuthPermission extends Permission {
- private List<String> roles = Collections.emptyList();
- private List<String> httpVerbs = Collections.emptyList();
- private List<String> uris = Collections.emptyList();
-
- public OAuthPermission(String permission, String description) {
- super(permission, description);
- }
-
- public OAuthPermission(String permission, String description, List<String> roles) {
- super(permission, description);
- this.roles = roles;
- }
-
- public void setRoles(List<String> roles) {
- this.roles = roles;
- }
-
- public List<String> getRoles() {
- return roles;
- }
-
- public void setHttpVerbs(List<String> httpVerbs) {
- this.httpVerbs = httpVerbs;
- }
-
- public List<String> getHttpVerbs() {
- return httpVerbs;
- }
-
- public void setUris(List<String> uri) {
- this.uris = uri;
- }
-
- public List<String> getUris() {
- return uris;
- }
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
deleted file mode 100644
index fe1fd6d..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.data;
-
-/**
- * Base permission description which is visible to
- * authorization handlers
- * @see OAuthAuthorizationData
- */
-public class Permission {
- private String permission;
- private String description;
- private boolean isDefault;
-
- public Permission() {
-
- }
-
- public Permission(String permission, String description) {
- this.description = description;
- this.permission = permission;
- }
-
- public String getDescription() {
- return description;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
- public String getPermission() {
- return permission;
- }
-
- public void setPermission(String permission) {
- this.permission = permission;
- }
-
- /**
- * Indicates that this permission has been allocated by default.
- * Authorization View handlers may use this property in order to restrict
- * the list of scopes which may be refused to non-default scopes only
- * @param value
- */
- public void setDefault(boolean value) {
- this.isDefault = value;
- }
-
- public boolean isDefault() {
- return isDefault;
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java
deleted file mode 100644
index fc26252..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.data;
-
-/**
- * Request Token representation
- */
-public class RequestToken extends Token {
-
- private String oauthVerifier;
- private String callback;
- private String state;
-
- public RequestToken(Client client,
- String tokenString,
- String tokenSecret) {
- this(client, tokenString, tokenSecret, -1L,
- System.currentTimeMillis() / 1000);
- }
-
- public RequestToken(Client client, String tokenString,
- String tokenSecret, long lifetime, long issuedAt) {
- super(client, tokenString, tokenSecret, lifetime, issuedAt);
- }
-
- /**
- * Sets the token verifier
- * @param verifier
- */
- public void setVerifier(String verifier) {
- this.oauthVerifier = verifier;
- }
-
- /**
- * Gets the token verifier
- * @return the verifier
- */
- public String getVerifier() {
- return oauthVerifier;
- }
-
- /**
- * Sets the callback URI
- * @param callback the callback
- */
- public void setCallback(String callback) {
- this.callback = callback;
- }
-
- /**
- * Gets the callback URI
- * @return the callback
- */
- public String getCallback() {
- return callback;
- }
-
- /**
- * Sets the state - it will be reported back to the consumer
- * after the authorization decision on this token has been made.
- * @param state
- */
- public void setState(String state) {
- this.state = state;
- }
-
- /**
- * Gets the state
- * @return the state
- */
- public String getState() {
- return state;
- }
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
deleted file mode 100644
index 7e48e54..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.data;
-
-import java.util.List;
-
-/**
- * Captures the information associated with the request token registration request.
- * @see RequestToken
- */
-public class RequestTokenRegistration {
- private Client client;
- private String state;
- private String callback;
- private List<String> scopes;
- private long lifetime;
- private long issuedAt;
-
- public void setClient(Client client) {
- this.client = client;
- }
- public Client getClient() {
- return client;
- }
-
- public void setCallback(String callback) {
- this.callback = callback;
- }
-
- public String getCallback() {
- return callback;
- }
-
- public void setState(String state) {
- this.state = state;
- }
- public String getState() {
- return state;
- }
- public void setScopes(List<String> scopes) {
- this.scopes = scopes;
- }
- public List<String> getScopes() {
- return scopes;
- }
- public void setLifetime(long lifetime) {
- this.lifetime = lifetime;
- }
- public long getLifetime() {
- return lifetime;
- }
- public void setIssuedAt(long issuedAt) {
- this.issuedAt = issuedAt;
- }
- public long getIssuedAt() {
- return issuedAt;
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
deleted file mode 100644
index f2e528c..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
+++ /dev/null
@@ -1,131 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.data;
-
-import java.util.Collections;
-import java.util.List;
-
-/**
- * Base Token representation
- */
-public abstract class Token {
-
- private String tokenString;
- private String tokenSecret;
- private final long issuedAt;
- private final long lifetime;
- private Client client;
- private List<OAuthPermission> scopes = Collections.emptyList();
- private UserSubject subject;
- private boolean preAuthorized;
-
- protected Token(Client client, String tokenKey,
- String tokenSecret, long lifetime, long issuedAt) {
- this.client = client;
- this.tokenString = tokenKey;
- this.tokenSecret = tokenSecret;
- this.lifetime = lifetime;
- this.issuedAt = issuedAt;
- }
-
- /**
- * Returns the Client associated with this token
- * @return the client
- */
- public Client getClient() {
- return client;
- }
-
- /**
- * Returns the token key
- * @return the key
- */
- public String getTokenKey() {
- return tokenString;
- }
-
- /**
- * Returns the token secret
- * @return the secret
- */
- public String getTokenSecret() {
- return tokenSecret;
- }
-
- /**
- * Returns the time (in seconds) when this token was issued at
- * @return the seconds
- */
- public long getIssuedAt() {
- return issuedAt;
- }
-
- /**
- * Returns the number of seconds this token can be valid after it was issued
- * @return the seconds
- */
- public long getLifetime() {
- return lifetime;
- }
-
- /**
- * Returns a list of opaque permissions/scopes
- * @return the scopes
- */
- public List<OAuthPermission> getScopes() {
- return scopes;
- }
-
- /**
- * Sets a list of opaque permissions/scopes
- * @param scopes the scopes
- */
- public void setScopes(List<OAuthPermission> scopes) {
- this.scopes = scopes;
- }
-
- /**
- * Sets a subject capturing the login name
- * the end user used to login to the resource server
- * when authorizing a given client request
- * @param subject
- */
- public void setSubject(UserSubject subject) {
- this.subject = subject;
- }
-
- /**
- * Returns a subject capturing the login name
- * the end user used to login to the resource server
- * when authorizing a given client request
- * @return UserSubject
- */
- public UserSubject getSubject() {
- return subject;
- }
-
- public void setPreAuthorized(boolean preAuthorized) {
- this.preAuthorized = preAuthorized;
- }
-
- public boolean isPreAuthorized() {
- return preAuthorized;
- }
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/UserSubject.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/UserSubject.java
deleted file mode 100644
index 9d19250..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/UserSubject.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.data;
-
-import java.util.Collections;
-import java.util.List;
-
-/**
- * Represents a user alias or login name which AuthorizationService
- * may capture after the end user approved a given third party request
- */
-public class UserSubject {
-
- private String login;
- private List<String> roles;
-
- public UserSubject(String login, List<String> roles) {
- this.login = login;
- this.roles = roles;
- }
-
- public String getLogin() {
- return login;
- }
-
- public List<String> getRoles() {
- if (roles == null) {
- return Collections.emptyList();
- }
- return Collections.unmodifiableList(roles);
- }
-
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
deleted file mode 100644
index 568c8d4..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
+++ /dev/null
@@ -1,299 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.filters;
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-
-import net.oauth.OAuth;
-import net.oauth.OAuthMessage;
-import net.oauth.OAuthProblemException;
-import net.oauth.OAuthValidator;
-import net.oauth.server.OAuthServlet;
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.security.SimplePrincipal;
-import org.apache.cxf.configuration.security.AuthorizationPolicy;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.phase.PhaseInterceptorChain;
-import org.apache.cxf.rs.security.oauth.data.AccessToken;
-import org.apache.cxf.rs.security.oauth.data.Client;
-import org.apache.cxf.rs.security.oauth.data.OAuthContext;
-import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
-import org.apache.cxf.rs.security.oauth.data.UserSubject;
-import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
-import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
-import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
-import org.apache.cxf.security.SecurityContext;
-
-/**
- * Base OAuth filter which can be used to protect end-user endpoints
- */
-public class AbstractAuthFilter {
- private static final Logger LOG = LogUtils.getL7dLogger(AbstractAuthFilter.class);
- private static final String[] REQUIRED_PARAMETERS =
- new String[] {
- OAuth.OAUTH_CONSUMER_KEY,
- OAuth.OAUTH_TOKEN,
- OAuth.OAUTH_SIGNATURE_METHOD,
- OAuth.OAUTH_SIGNATURE,
- OAuth.OAUTH_TIMESTAMP,
- OAuth.OAUTH_NONCE
- };
-
- private static final Set<String> ALLOWED_OAUTH_PARAMETERS = new HashSet<>(Arrays.asList(REQUIRED_PARAMETERS));
- static {
- ALLOWED_OAUTH_PARAMETERS.add(OAuth.OAUTH_VERSION);
- ALLOWED_OAUTH_PARAMETERS.add(OAuthConstants.OAUTH_CONSUMER_SECRET);
- }
-
- private boolean supportUnknownParameters;
- private boolean useUserSubject;
- private OAuthDataProvider dataProvider;
- private OAuthValidator validator = new DefaultOAuthValidator();
-
- protected AbstractAuthFilter() {
-
- }
-
- /**
- * Sets {@link OAuthDataProvider} provider.
- * @param provider the provider
- */
- public void setDataProvider(OAuthDataProvider provider) {
- dataProvider = provider;
- }
-
- public void setUseUserSubject(boolean useUserSubject) {
- this.useUserSubject = useUserSubject;
- }
-
- public boolean isUseUserSubject() {
- return useUserSubject;
- }
-
- /**
- * Authenticates the third-party consumer and returns
- * {@link OAuthInfo} bean capturing the information about the request.
- * @param req http request
- * @return OAuth info
- * @see OAuthInfo
- * @throws Exception
- * @throws OAuthProblemException
- */
- protected OAuthInfo handleOAuthRequest(HttpServletRequest req) throws
- Exception, OAuthProblemException {
- if (LOG.isLoggable(Level.FINE)) {
- LOG.log(Level.FINE, "OAuth security filter for url: {0}", req.getRequestURL());
- }
-
- final AccessToken accessToken;
- Client client = null;
-
- OAuthMessage oAuthMessage = OAuthServlet.getMessage(new CustomHttpServletWrapper(req),
- OAuthServlet.getRequestURL(req));
- if (oAuthMessage.getParameter(OAuth.OAUTH_TOKEN) != null) {
- oAuthMessage.requireParameters(REQUIRED_PARAMETERS);
-
- accessToken = dataProvider.getAccessToken(oAuthMessage.getToken());
-
- //check if access token is not null
- if (accessToken == null) {
- LOG.warning("Access token is unavailable");
- throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
- }
- client = accessToken.getClient();
-
- OAuthUtils.validateMessage(oAuthMessage, client, accessToken,
- dataProvider, validator);
- } else {
- String consumerKey = null;
- String consumerSecret = null;
-
- String authHeader = oAuthMessage.getHeader("Authorization");
- if (authHeader != null) {
- if (authHeader.startsWith("OAuth")) {
- consumerKey = oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY);
- consumerSecret = oAuthMessage.getParameter(OAuthConstants.OAUTH_CONSUMER_SECRET);
- } else if (authHeader.startsWith("Basic")) {
- AuthorizationPolicy policy = getAuthorizationPolicy(authHeader);
- if (policy != null) {
- consumerKey = policy.getUserName();
- consumerSecret = policy.getPassword();
- }
- }
- }
-
- if (consumerKey != null) {
- client = dataProvider.getClient(consumerKey);
- }
- if (client == null) {
- LOG.warning("Client is invalid");
- throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
- }
-
- if (consumerSecret != null && !consumerSecret.equals(client.getSecretKey())) {
- LOG.warning("Client secret is invalid");
- throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
- }
- OAuthUtils.validateMessage(oAuthMessage, client, null,
- dataProvider, validator);
- accessToken = client.getPreAuthorizedToken();
- if (accessToken == null || !accessToken.isPreAuthorized()) {
- LOG.warning("Preauthorized access token is unavailable");
- throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
- }
- }
-
- List<OAuthPermission> permissions = accessToken.getScopes();
- List<OAuthPermission> matchingPermissions = new ArrayList<>();
-
- for (OAuthPermission perm : permissions) {
- boolean uriOK = checkRequestURI(req, perm.getUris());
- boolean verbOK = checkHttpVerb(req, perm.getHttpVerbs());
- if (uriOK && verbOK) {
- matchingPermissions.add(perm);
- }
- }
-
- if (!permissions.isEmpty() && matchingPermissions.isEmpty()) {
- String message = "Client has no valid permissions";
- LOG.warning(message);
- throw new OAuthProblemException(message);
- }
- return new OAuthInfo(accessToken, matchingPermissions);
-
- }
-
- protected AuthorizationPolicy getAuthorizationPolicy(String authorizationHeader) {
- Message m = PhaseInterceptorChain.getCurrentMessage();
- return m != null ? m.get(AuthorizationPolicy.class) : null;
- }
-
- protected boolean checkHttpVerb(HttpServletRequest req, List<String> verbs) {
- if (!verbs.isEmpty()
- && !verbs.contains(req.getMethod())) {
- String message = "Invalid http verb";
- LOG.fine(message);
- return false;
- }
- return true;
- }
-
- protected boolean checkRequestURI(HttpServletRequest request, List<String> uris) {
-
- if (uris.isEmpty()) {
- return true;
- }
- String servletPath = request.getPathInfo();
- boolean foundValidScope = false;
- for (String uri : uris) {
- if (OAuthUtils.checkRequestURI(servletPath, uri)) {
- foundValidScope = true;
- break;
- }
- }
- if (!foundValidScope) {
- String message = "Invalid request URI: " + request.getRequestURL().toString();
- LOG.warning(message);
- }
- return foundValidScope;
- }
-
- protected SecurityContext createSecurityContext(HttpServletRequest request,
- final OAuthInfo info) {
- // TODO:
- // This custom parameter is only needed by the "oauth"
- // demo shipped in the distribution; needs to be removed.
- request.setAttribute("oauth_authorities", info.getRoles());
-
- UserSubject subject = info.getToken().getSubject();
-
- final UserSubject theSubject = subject;
- return new SecurityContext() {
-
- public Principal getUserPrincipal() {
- String login = AbstractAuthFilter.this.useUserSubject
- ? (theSubject != null ? theSubject.getLogin() : null)
- : info.getToken().getClient().getLoginName();
- return new SimplePrincipal(login);
- }
-
- public boolean isUserInRole(String role) {
- final List<String> roles;
- if (AbstractAuthFilter.this.useUserSubject && theSubject != null) {
- roles = theSubject.getRoles();
- } else {
- roles = info.getRoles();
- }
- return roles.contains(role);
- }
-
- };
- }
-
- protected OAuthContext createOAuthContext(OAuthInfo info) {
- UserSubject subject = null;
- if (info.getToken() != null) {
- subject = info.getToken().getSubject();
- }
- return new OAuthContext(subject, info.getMatchedPermissions());
- }
-
- public void setValidator(OAuthValidator validator) {
- this.validator = validator;
- }
-
- public void setSupportUnknownParameters(boolean supportUnknownParameters) {
- this.supportUnknownParameters = supportUnknownParameters;
- }
-
- private class CustomHttpServletWrapper extends HttpServletRequestWrapper {
- CustomHttpServletWrapper(HttpServletRequest req) {
- super(req);
- }
-
- public Map<String, String[]> getParameterMap() {
- Map<String, String[]> params = super.getParameterMap();
-
- if (supportUnknownParameters || ALLOWED_OAUTH_PARAMETERS.containsAll(params.keySet())) {
- return params;
- }
-
- Map<String, String[]> newParams = new HashMap<>();
- for (Map.Entry<String, String[]> entry : params.entrySet()) {
- if (ALLOWED_OAUTH_PARAMETERS.contains(entry.getKey())) {
- newParams.put(entry.getKey(), entry.getValue());
- }
- }
- return newParams;
- }
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
deleted file mode 100644
index cc0a47a..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.filters;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.cxf.rs.security.oauth.data.AccessToken;
-import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
-
-/**
- * Captures the information about the current request
- */
-public class OAuthInfo {
- private AccessToken token;
- private List<OAuthPermission> permissions;
- public OAuthInfo(AccessToken token,
- List<OAuthPermission> matchedPermissions) {
- this.token = token;
- this.permissions = matchedPermissions;
- }
- public AccessToken getToken() {
- return token;
- }
-
- public List<String> getRoles() {
- List<String> authorities = new ArrayList<>();
- for (OAuthPermission permission : permissions) {
- authorities.addAll(permission.getRoles());
- }
- return authorities;
- }
-
- public List<OAuthPermission> getMatchedPermissions() {
- return permissions;
- }
-
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java
deleted file mode 100644
index b2abff4..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.filters;
-
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.container.PreMatching;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.ext.Provider;
-
-import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.jaxrs.ext.MessageContextImpl;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.rs.security.oauth.data.OAuthContext;
-import org.apache.cxf.security.SecurityContext;
-
-/**
- * JAX-RS OAuth filter which can be used to protect end user endpoints
- */
-@Provider
-@PreMatching
-public class OAuthRequestFilter extends AbstractAuthFilter implements ContainerRequestFilter {
-
- @Override
- public void filter(ContainerRequestContext context) {
- try {
- Message m = JAXRSUtils.getCurrentMessage();
- MessageContext mc = new MessageContextImpl(m);
- OAuthInfo info = handleOAuthRequest(mc.getHttpServletRequest());
- setSecurityContext(mc, m, info);
-
- } catch (Exception e) {
- context.abortWith(Response.status(401).header("WWW-Authenticate", "OAuth").build());
- }
- }
-
- private void setSecurityContext(MessageContext mc, Message m, OAuthInfo info) {
-
- SecurityContext sc = createSecurityContext(mc.getHttpServletRequest(), info);
- m.setContent(SecurityContext.class, sc);
- m.setContent(OAuthContext.class, createOAuthContext(info));
-
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
deleted file mode 100644
index b43d771..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.filters;
-
-import java.io.IOException;
-import java.security.Principal;
-
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-
-import net.oauth.server.OAuthServlet;
-import org.apache.cxf.common.util.PropertyUtils;
-import org.apache.cxf.rs.security.oauth.data.OAuthContext;
-import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
-import org.apache.cxf.security.SecurityContext;
-
-/**
- * HTTP Servlet filter which can be used to protect end user endpoints
- */
-public class OAuthServletFilter extends AbstractAuthFilter implements javax.servlet.Filter {
- protected static final String USE_USER_SUBJECT = "org.apache.cxf.rs.security.oauth.use_user_subject";
-
- public void init(FilterConfig filterConfig) throws ServletException {
- ServletContext servletContext = filterConfig.getServletContext();
- super.setDataProvider(OAuthUtils.getOAuthDataProvider(servletContext));
- super.setValidator(OAuthUtils.getOAuthValidator(servletContext));
- super.setUseUserSubject(PropertyUtils.isTrue(servletContext.getInitParameter(USE_USER_SUBJECT)));
- }
-
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws
- IOException, ServletException {
- HttpServletRequest req = (HttpServletRequest)request;
- HttpServletResponse resp = (HttpServletResponse)response;
-
- try {
- OAuthInfo info = handleOAuthRequest(req);
- req = setSecurityContext(req, info);
- chain.doFilter(req, resp);
- } catch (Exception e) {
- OAuthServlet.handleException(resp, e, "");
- }
- }
-
- protected HttpServletRequest setSecurityContext(HttpServletRequest request,
- OAuthInfo info) {
- final SecurityContext sc = createSecurityContext(request, info);
- HttpServletRequest newRequest = new HttpServletRequestWrapper(request) {
-
- @Override
- public Principal getUserPrincipal() {
- return sc.getUserPrincipal();
- }
-
- @Override
- public boolean isUserInRole(String role) {
- return sc.isUserInRole(role);
- }
-
- @Override
- public String getAuthType() {
- return "OAuth";
- }
- };
- newRequest.setAttribute(OAuthContext.class.getName(), createOAuthContext(info));
- return newRequest;
- }
-
- public void destroy() {
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
deleted file mode 100644
index 0ce7f17..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.oauth.provider;
-
-import java.io.IOException;
-import java.net.URISyntaxException;
-
-import net.oauth.OAuth;
-import net.oauth.OAuthException;
-import net.oauth.OAuthMessage;
-import net.oauth.OAuthProblemException;
-import net.oauth.SimpleOAuthValidator;
-import org.apache.cxf.rs.security.oauth.data.Token;
-
-/**
- * The utility OAuth validator which is primarily used
- * by the runtime to validate that the issued tokens have not expired.
- * Note that the runtime does validate OAuth signatures separately.
- */
-public class DefaultOAuthValidator extends SimpleOAuthValidator {
-
- public DefaultOAuthValidator() {
- }
-
- public void checkSingleParameter(OAuthMessage message) throws OAuthException, IOException,
- URISyntaxException {
- super.checkSingleParameters(message);
- }
-
- public void validateToken(Token token, OAuthDataProvider provider)
- throws OAuthProblemException {
- if (token == null) {
- throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
- }
- long issuedAt = token.getIssuedAt();
- long lifetime = token.getLifetime();
- if (lifetime != -1
- && (issuedAt + lifetime < (System.currentTimeMillis() / 1000L))) {
- provider.removeToken(token);
- throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
- }
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5SequenceGenerator.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5SequenceGenerator.java
deleted file mode 100644
index 5e5a192..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5SequenceGenerator.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.provider;
-
-import net.oauth.OAuthException;
-import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
-
-/**
- * The utility MD5 sequence generator which can be used for generating
- * request or access token keys and secrets as well as request token
- * verifiers
- */
-public class MD5SequenceGenerator {
- public String generate(byte[] input) throws OAuthException {
- if (input == null) {
- throw new OAuthException("You have to pass input to Token Generator");
- }
- return MessageDigestUtils.generate(input, MessageDigestUtils.ALGO_MD5);
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
deleted file mode 100644
index d829619..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.oauth.provider;
-
-import org.apache.cxf.rs.security.oauth.data.AccessToken;
-import org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration;
-import org.apache.cxf.rs.security.oauth.data.AuthorizationInput;
-import org.apache.cxf.rs.security.oauth.data.Client;
-import org.apache.cxf.rs.security.oauth.data.RequestToken;
-import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
-import org.apache.cxf.rs.security.oauth.data.Token;
-
-/**
- * OAuth provider responsible for persisting the information about
- * OAuth consumers, request and access tokens.
- */
-public interface OAuthDataProvider {
-
- /**
- * Returns the previously registered third-party {@link Client}
- * @param clientId the client id
- * @return Client
- * @throws OAuthServiceException
- */
- Client getClient(String clientId) throws OAuthServiceException;
-
- /**
- * Creates a temporarily request token which will capture the
- * information about the {@link Client} attempting to access or
- * modify the resource owner's resource
- * @param reg RequestTokenRegistration
- * @return new request token
- * @see RequestTokenRegistration
- * @throws OAuthServiceException
- */
- RequestToken createRequestToken(RequestTokenRegistration reg) throws OAuthServiceException;
-
- /**
- * Returns the previously registered {@link RequestToken}
- * @param requestToken the token key
- * @return RequestToken
- * @throws OAuthServiceException
- */
- RequestToken getRequestToken(String requestToken) throws OAuthServiceException;
-
- /**
- * Sets the verifier confirming the resource owner's agreement for
- * the {@link Client} to perform the action as represented by
- * the provided {@link RequestToken}. The runtime will report
- * this verifier to the client who will exchange it for
- * a new {@link AccessToken}
- *
- * @param data AuthorizationInput
- * @return the generated verifier
- * @throws OAuthServiceException
- */
- String finalizeAuthorization(AuthorizationInput data) throws OAuthServiceException;
-
- /**
- * Creates a new {@link AccessToken}
- * @param reg {@link AccessTokenRegistration} instance which captures
- * a request token approved by the resource owner
- * @return new AccessToken
- * @throws OAuthServiceException
- */
- AccessToken createAccessToken(AccessTokenRegistration reg) throws OAuthServiceException;
-
- /**
- * Returns the {@link AccessToken}
- * @param accessToken the token key
- * @return AccessToken
- * @throws OAuthServiceException
- */
- AccessToken getAccessToken(String accessToken) throws OAuthServiceException;
-
- /**
- * Removes the token
- * @param token the token
- * @throws OAuthServiceException
- */
- void removeToken(Token token) throws OAuthServiceException;
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java
deleted file mode 100644
index 27d886e..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.oauth.provider;
-
-/**
- * Encapsulates OAuth-related problems
- */
-public class OAuthServiceException extends RuntimeException {
-
- private static final long serialVersionUID = 343738539234766320L;
-
- public OAuthServiceException(String message) {
- super(message);
- }
-
- public OAuthServiceException(Throwable cause) {
- super(cause);
- }
-
- public OAuthServiceException(String message, Throwable cause) {
- super(message, cause);
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
deleted file mode 100644
index aed1cb6..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.services;
-
-import javax.ws.rs.core.Context;
-
-import net.oauth.OAuthValidator;
-import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
-import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
-
-/**
- * Abstract utility class which OAuth services extend
- */
-public abstract class AbstractOAuthService {
- private MessageContext mc;
-
- private OAuthDataProvider dataProvider;
- private OAuthValidator validator = new DefaultOAuthValidator();
-
- @Context
- public void setMessageContext(MessageContext context) {
- this.mc = context;
- }
-
- public MessageContext getMessageContext() {
- return mc;
- }
-
- public void setDataProvider(OAuthDataProvider dataProvider) {
- this.dataProvider = dataProvider;
- }
-
- protected OAuthDataProvider getDataProvider() {
- return OAuthUtils.getOAuthDataProvider(dataProvider, mc.getServletContext());
- }
-
- public OAuthValidator getValidator() {
- return validator;
- }
-
- public void setValidator(OAuthValidator validator) {
- this.validator = validator;
- }
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
deleted file mode 100644
index f792fc4..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
+++ /dev/null
@@ -1,115 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.services;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.core.Response;
-
-import net.oauth.OAuth;
-import net.oauth.OAuthMessage;
-import net.oauth.OAuthProblemException;
-import net.oauth.OAuthValidator;
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.rs.security.oauth.data.AccessToken;
-import org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration;
-import org.apache.cxf.rs.security.oauth.data.RequestToken;
-import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
-import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
-import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
-
-
-public class AccessTokenHandler {
-
- private static final Logger LOG = LogUtils.getL7dLogger(AccessTokenHandler.class);
- private static final String[] REQUIRED_PARAMETERS =
- new String[] {
- OAuth.OAUTH_CONSUMER_KEY,
- OAuth.OAUTH_TOKEN,
- OAuth.OAUTH_SIGNATURE_METHOD,
- OAuth.OAUTH_SIGNATURE,
- OAuth.OAUTH_TIMESTAMP,
- OAuth.OAUTH_NONCE
- };
-
- public Response handle(MessageContext mc,
- OAuthDataProvider dataProvider,
- OAuthValidator validator) {
- try {
- OAuthMessage oAuthMessage =
- OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);
-
- RequestToken requestToken = dataProvider.getRequestToken(oAuthMessage.getToken());
- if (requestToken == null) {
- throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
- }
-
- String oauthVerifier = oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER);
- if (StringUtils.isEmpty(oauthVerifier)) {
- if (requestToken.getSubject() != null && requestToken.isPreAuthorized()) {
- LOG.fine("Preauthorized request token");
- } else {
- throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
- }
- } else if (!oauthVerifier.equals(requestToken.getVerifier())) {
- throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
- }
-
- OAuthUtils.validateMessage(oAuthMessage,
- requestToken.getClient(),
- requestToken,
- dataProvider,
- validator);
-
- AccessTokenRegistration reg = new AccessTokenRegistration();
- reg.setRequestToken(requestToken);
- AccessToken accessToken = dataProvider.createAccessToken(reg);
-
- //create response
- Map<String, Object> responseParams = new HashMap<>();
- responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenKey());
- responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
-
- String responseString = OAuth.formEncode(responseParams.entrySet());
- return Response.ok(responseString).build();
-
- } catch (OAuthProblemException e) {
- LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
- int code = e.getHttpStatusCode();
- if (code == HttpServletResponse.SC_OK) {
- code = OAuth.Problems.CONSUMER_KEY_UNKNOWN.equals(e.getProblem())
- ? 401 : 400;
- }
- return OAuthUtils.handleException(mc, e, code);
- } catch (OAuthServiceException e) {
- return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_BAD_REQUEST);
- } catch (Exception e) {
- LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
- new Object[] {e.fillInStackTrace()});
- return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- }
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
deleted file mode 100644
index a3d823d..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.oauth.services;
-
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Response;
-
-
-/**
- * This resource will replace a request token with a new access token which
- * will complete the OAuth flow. The third-party consumer will use the access
- * token to access end user resources.
- */
-@Path("/token")
-public class AccessTokenService extends AbstractOAuthService {
-
- private AccessTokenHandler handler = new AccessTokenHandler();
-
- public void setAccessTokenHandler(AccessTokenHandler h) {
- this.handler = h;
- }
-
- @GET
- @Produces("application/x-www-form-urlencoded")
- public Response getAccessTokenWithGET() {
- return getAccessToken();
- }
-
- @POST
- @Produces("application/x-www-form-urlencoded")
- public Response getAccessToken() {
- return handler.handle(getMessageContext(),
- getDataProvider(),
- getValidator());
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
deleted file mode 100644
index a1c9a1c..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
+++ /dev/null
@@ -1,247 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.services;
-
-import java.io.IOException;
-import java.net.URI;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.UUID;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriBuilder;
-
-import net.oauth.OAuth;
-import net.oauth.OAuthMessage;
-import net.oauth.OAuthProblemException;
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.jaxrs.utils.ExceptionUtils;
-import org.apache.cxf.rs.security.oauth.data.AuthorizationInput;
-import org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData;
-import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
-import org.apache.cxf.rs.security.oauth.data.RequestToken;
-import org.apache.cxf.rs.security.oauth.data.UserSubject;
-import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
-import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
-import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
-import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
-import org.apache.cxf.security.LoginSecurityContext;
-import org.apache.cxf.security.SecurityContext;
-
-
-public class AuthorizationRequestHandler {
-
- private static final Logger LOG = LogUtils.getL7dLogger(AuthorizationRequestHandler.class);
- private static final String[] REQUIRED_PARAMETERS = {
- OAuth.OAUTH_TOKEN
- };
-
- public Response handle(MessageContext mc, OAuthDataProvider dataProvider) {
- HttpServletRequest request = mc.getHttpServletRequest();
- try {
- OAuthMessage oAuthMessage =
- OAuthUtils.getOAuthMessage(mc, request, REQUIRED_PARAMETERS);
- new DefaultOAuthValidator().checkSingleParameter(oAuthMessage);
-
- RequestToken token = dataProvider.getRequestToken(oAuthMessage.getToken());
- if (token == null) {
- throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
- }
-
- String decision = oAuthMessage.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
-
- OAuthAuthorizationData secData = new OAuthAuthorizationData();
- if (!compareRequestSessionTokens(request, oAuthMessage)) {
- if (decision != null) {
- // this is a user decision request, the session has expired or been possibly hijacked
- LOG.warning("Session authenticity token is missing or invalid");
- throw ExceptionUtils.toBadRequestException(null, null);
- }
- // assume it is an initial authorization request
- addAuthenticityTokenToSession(secData, request);
- return Response.ok(
- addAdditionalParams(secData, dataProvider, token)).build();
- }
-
-
- boolean allow = OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision);
-
- Map<String, String> queryParams = new HashMap<>();
- if (allow) {
- SecurityContext sc = (SecurityContext)mc.get(SecurityContext.class.getName());
- List<String> roleNames = Collections.emptyList();
- if (sc instanceof LoginSecurityContext) {
- roleNames = new ArrayList<>();
- Set<Principal> roles = ((LoginSecurityContext)sc).getUserRoles();
- for (Principal p : roles) {
- roleNames.add(p.getName());
- }
- }
- token.setSubject(new UserSubject(sc.getUserPrincipal() == null
- ? null : sc.getUserPrincipal().getName(), roleNames));
-
- AuthorizationInput input = new AuthorizationInput();
- input.setToken(token);
-
- Set<OAuthPermission> approvedScopesSet = new HashSet<>();
-
- List<OAuthPermission> originalScopes = token.getScopes();
- for (OAuthPermission perm : originalScopes) {
- String param = oAuthMessage.getParameter(perm.getPermission() + "_status");
- if (OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(param)) {
- approvedScopesSet.add(perm);
- }
- }
- List<OAuthPermission> approvedScopes = new LinkedList<>(approvedScopesSet);
- if (approvedScopes.isEmpty()) {
- approvedScopes = originalScopes;
- } else if (approvedScopes.size() < originalScopes.size()) {
- for (OAuthPermission perm : originalScopes) {
- if (perm.isDefault() && !approvedScopes.contains(perm)) {
- approvedScopes.add(perm);
- }
- }
- }
-
- input.setApprovedScopes(approvedScopes);
-
- String verifier = dataProvider.finalizeAuthorization(input);
- queryParams.put(OAuth.OAUTH_VERIFIER, verifier);
- } else {
- dataProvider.removeToken(token);
- }
- queryParams.put(OAuth.OAUTH_TOKEN, token.getTokenKey());
- if (token.getState() != null) {
- queryParams.put(OAuthConstants.X_OAUTH_STATE, token.getState());
- }
- String callbackValue = getCallbackValue(token);
- if (OAuthConstants.OAUTH_CALLBACK_OOB.equals(callbackValue)) {
- OOBAuthorizationResponse bean = convertQueryParamsToOOB(queryParams);
- return Response.ok().entity(bean).build();
- }
- URI callbackURI = buildCallbackURI(callbackValue, queryParams);
- return Response.seeOther(callbackURI).build();
-
- } catch (OAuthProblemException e) {
- LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[]{e.fillInStackTrace()});
- int code = e.getHttpStatusCode();
- if (code == HttpServletResponse.SC_OK) {
- code = OAuth.Problems.CONSUMER_KEY_UNKNOWN.equals(e.getProblem())
- ? 401 : 400;
- }
- return OAuthUtils.handleException(mc, e, code);
- } catch (OAuthServiceException e) {
- return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_BAD_REQUEST);
- } catch (Exception e) {
- LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
- new Object[] {e.fillInStackTrace()});
- return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- }
- }
-
- protected String getCallbackValue(RequestToken token) throws OAuthProblemException {
- String callback = token.getCallback();
- if (callback == null) {
- callback = token.getClient().getApplicationURI();
- }
- if (callback == null) {
- throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
- }
- return callback;
- }
-
- private URI buildCallbackURI(String callback, final Map<String, String> queryParams) {
-
- UriBuilder builder = UriBuilder.fromUri(callback);
- for (Map.Entry<String, String> entry : queryParams.entrySet()) {
- builder.queryParam(entry.getKey(), entry.getValue());
- }
-
- return builder.build();
- }
-
- private OOBAuthorizationResponse convertQueryParamsToOOB(Map<String, String> queryParams) {
-
- OOBAuthorizationResponse oob = new OOBAuthorizationResponse();
- oob.setRequestToken(queryParams.get(OAuth.OAUTH_TOKEN));
- oob.setVerifier(queryParams.get(OAuth.OAUTH_VERIFIER));
- oob.setState(queryParams.get("state"));
- return oob;
- }
-
- protected OAuthAuthorizationData addAdditionalParams(OAuthAuthorizationData secData,
- OAuthDataProvider dataProvider,
- RequestToken token) throws OAuthProblemException {
- secData.setOauthToken(token.getTokenKey());
- secData.setApplicationName(token.getClient().getApplicationName());
- secData.setApplicationURI(token.getClient().getApplicationURI());
- secData.setCallbackURI(getCallbackValue(token));
- secData.setApplicationDescription(token.getClient().getApplicationDescription());
- secData.setLogoUri(token.getClient().getLogoUri());
- secData.setPermissions(token.getScopes());
-
- return secData;
- }
-
- private void addAuthenticityTokenToSession(OAuthAuthorizationData secData,
- HttpServletRequest request) {
- HttpSession session = request.getSession();
- String value = UUID.randomUUID().toString();
-
- secData.setAuthenticityToken(value);
- session.setAttribute(OAuthConstants.AUTHENTICITY_TOKEN, value);
- }
-
- private boolean compareRequestSessionTokens(HttpServletRequest request,
- OAuthMessage oAuthMessage) {
- HttpSession session = request.getSession();
- final String requestToken;
- try {
- requestToken = oAuthMessage.getParameter(OAuthConstants.AUTHENTICITY_TOKEN);
- } catch (IOException ex) {
- return false;
- }
- String sessionToken = (String) session.getAttribute(OAuthConstants.AUTHENTICITY_TOKEN);
-
- if (StringUtils.isEmpty(requestToken) || StringUtils.isEmpty(sessionToken)) {
- return false;
- }
-
- boolean b = requestToken.equals(sessionToken);
- session.removeAttribute(OAuthConstants.AUTHENTICITY_TOKEN);
- return b;
- }
-
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
deleted file mode 100644
index 2c43f9e..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
+++ /dev/null
@@ -1,82 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.oauth.services;
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Response;
-
-import org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData;
-
-
-/**
- * This resource handles the End User authorising
- * or denying the Client to access its resources.
- * If End User approves the access this resource will
- * redirect End User back to the Client, supplying
- * a request token verifier (aka authorization code)
- */
-@Path("/authorize")
-public class AuthorizationRequestService extends AbstractOAuthService {
-
- private AuthorizationRequestHandler handler = new AuthorizationRequestHandler();
-
- public void setAuthorizationRequestHandler(AuthorizationRequestHandler h) {
- this.handler = h;
- }
-
- @GET
- @Produces({"application/xhtml+xml", "text/html", "application/xml", "application/json" })
- public Response authorize() {
- Response response = handler.handle(getMessageContext(), getDataProvider());
- if (response.getEntity() instanceof OAuthAuthorizationData) {
- String replyTo = getMessageContext().getUriInfo()
- .getAbsolutePathBuilder().path("decision").build().toString();
- ((OAuthAuthorizationData)response.getEntity()).setReplyTo(replyTo);
- }
- return response;
- }
-
- @GET
- @Path("/decision")
- @Produces({"application/xhtml+xml",
- "text/html",
- "application/xml;qs=0.9",
- "application/json;qs=0.9",
- "application/x-www-form-urlencoded" })
- public Response authorizeDecision() {
- return authorize();
- }
-
- @POST
- @Path("/decision")
- @Consumes("application/x-www-form-urlencoded")
- @Produces({"application/xhtml+xml",
- "text/html",
- "application/xml;qs=0.9",
- "application/json;qs=0.9",
- "application/x-www-form-urlencoded" })
- public Response authorizeDecisionForm() {
- return authorizeDecision();
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java
deleted file mode 100644
index 6a00148..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.services;
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.Response;
-
-import org.apache.cxf.jaxrs.ext.MessageContext;
-
-/**
- * Default OAuth service implementation
- */
-@Path("/")
-public class OAuthDefaultServices {
-
- private AuthorizationRequestService authorizeService =
- new AuthorizationRequestService();
- private AccessTokenService accessTokenService =
- new AccessTokenService();
- private RequestTokenService requestTokenService =
- new RequestTokenService();
-
- public OAuthDefaultServices() {
- }
-
- @Context
- public void setMessageContext(MessageContext mc) {
- this.authorizeService.setMessageContext(mc);
- this.accessTokenService.setMessageContext(mc);
- this.requestTokenService.setMessageContext(mc);
- }
-
- public void setAuthorizationService(AuthorizationRequestService service) {
- this.authorizeService = service;
- }
-
- public void setAccessTokenService(AccessTokenService service) {
- this.accessTokenService = service;
- }
-
- public void setRequestTokenservice(RequestTokenService service) {
- this.requestTokenService = service;
- }
-
- @POST
- @Path("/initiate")
- @Produces("application/x-www-form-urlencoded")
- public Response getRequestToken() {
- return requestTokenService.getRequestToken();
- }
-
- @GET
- @Path("/initiate")
- @Produces("application/x-www-form-urlencoded")
- public Response getRequestTokenWithGET() {
- return requestTokenService.getRequestToken();
- }
-
- @GET
- @Path("/authorize")
- @Produces({"application/xhtml+xml", "text/html", "application/xml", "application/json" })
- public Response authorize() {
- return authorizeService.authorize();
- }
-
- @GET
- @Path("/authorize/decision")
- public Response authorizeDecision() {
- return authorizeService.authorizeDecision();
- }
-
- @POST
- @Path("/authorize/decision")
- @Consumes("application/x-www-form-urlencoded")
- public Response authorizeDecisionForm() {
- return authorizeService.authorizeDecision();
- }
-
- @GET
- @Path("/token")
- @Produces("application/x-www-form-urlencoded")
- public Response getAccessTokenWithGET() {
- return accessTokenService.getAccessToken();
- }
-
- @POST
- @Path("/token")
- @Produces("application/x-www-form-urlencoded")
- public Response getAccessToken() {
- return accessTokenService.getAccessToken();
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
deleted file mode 100644
index 4b3378a..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.services;
-
-import javax.xml.bind.annotation.XmlRootElement;
-
-@XmlRootElement
-public class OOBAuthorizationResponse {
- private String requestToken;
- private String verifier;
- private String state;
- public String getRequestToken() {
- return requestToken;
- }
- public void setRequestToken(String requestToken) {
- this.requestToken = requestToken;
- }
- public String getVerifier() {
- return verifier;
- }
- public void setVerifier(String verifier) {
- this.verifier = verifier;
- }
- public String getState() {
- return state;
- }
- public void setState(String state) {
- this.state = state;
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBResponseProvider.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBResponseProvider.java
deleted file mode 100644
index 705b72b..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBResponseProvider.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.oauth.services;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.lang.annotation.Annotation;
-import java.lang.reflect.Type;
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.Produces;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Form;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.ext.MessageBodyReader;
-import javax.ws.rs.ext.MessageBodyWriter;
-import javax.ws.rs.ext.Provider;
-
-import net.oauth.OAuth;
-import org.apache.cxf.jaxrs.impl.MetadataMap;
-import org.apache.cxf.jaxrs.provider.FormEncodingProvider;
-import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
-
-@Produces({"application/x-www-form-urlencoded" })
-@Consumes({"application/x-www-form-urlencoded" })
-@Provider
-public class OOBResponseProvider implements
- MessageBodyReader<OOBAuthorizationResponse>, MessageBodyWriter<OOBAuthorizationResponse> {
-
- private FormEncodingProvider<Form> formProvider = new FormEncodingProvider<>();
-
- public boolean isReadable(Class<?> type, Type genericType,
- Annotation[] annotations, MediaType mt) {
- return OOBAuthorizationResponse.class.isAssignableFrom(type);
- }
-
- public OOBAuthorizationResponse readFrom(
- Class<OOBAuthorizationResponse> clazz, Type genericType, Annotation[] annotations, MediaType mt,
- MultivaluedMap<String, String> headers, InputStream is) throws IOException {
- Form form = formProvider.readFrom(Form.class, Form.class, annotations, mt, headers, is);
- MultivaluedMap<String, String> data = form.asMap();
- OOBAuthorizationResponse resp = new OOBAuthorizationResponse();
-
- resp.setRequestToken(data.getFirst(OAuth.OAUTH_TOKEN));
- resp.setVerifier(data.getFirst(OAuth.OAUTH_VERIFIER));
- resp.setState(data.getFirst(OAuthConstants.X_OAUTH_STATE));
-
- return resp;
- }
-
-
- public long getSize(OOBAuthorizationResponse t, Class<?> type,
- Type genericType, Annotation[] annotations,
- MediaType mediaType) {
- return -1;
- }
-
- public boolean isWriteable(Class<?> type, Type genericType, Annotation[] annotations,
- MediaType mt) {
- return OOBAuthorizationResponse.class.isAssignableFrom(type);
- }
-
- public void writeTo(OOBAuthorizationResponse obj, Class<?> c, Type t,
- Annotation[] anns,
- MediaType mt, MultivaluedMap<String, Object> headers, OutputStream os)
- throws IOException, WebApplicationException {
-
- Form form = new Form(new MetadataMap<String, String>());
- form.param(OAuth.OAUTH_VERIFIER, obj.getVerifier());
- form.param(OAuth.OAUTH_TOKEN, obj.getRequestToken());
- if (obj.getState() != null) {
- form.param(OAuthConstants.X_OAUTH_STATE, obj.getState());
- }
- formProvider.writeTo(form, Form.class, Form.class, anns, mt, headers, os);
- }
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
deleted file mode 100644
index fdfc4ad..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
+++ /dev/null
@@ -1,157 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.services;
-
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.core.Response;
-
-import net.oauth.OAuth;
-import net.oauth.OAuthMessage;
-import net.oauth.OAuthProblemException;
-import net.oauth.OAuthValidator;
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.rs.security.oauth.data.Client;
-import org.apache.cxf.rs.security.oauth.data.RequestToken;
-import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
-import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
-import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
-import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
-
-public class RequestTokenHandler {
-
- private static final Logger LOG = LogUtils.getL7dLogger(RequestTokenHandler.class);
- private static final String[] REQUIRED_PARAMETERS =
- new String[] {
- OAuth.OAUTH_CONSUMER_KEY,
- OAuth.OAUTH_SIGNATURE_METHOD,
- OAuth.OAUTH_SIGNATURE,
- OAuth.OAUTH_TIMESTAMP,
- OAuth.OAUTH_NONCE,
- OAuth.OAUTH_CALLBACK
- };
-
- private long tokenLifetime = 3600L;
- private String defaultScope;
-
- public Response handle(MessageContext mc,
- OAuthDataProvider dataProvider,
- OAuthValidator validator) {
- try {
- OAuthMessage oAuthMessage =
- OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);
-
- Client client = dataProvider
- .getClient(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));
- //client credentials not found
- if (client == null) {
- throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
- }
-
- OAuthUtils.validateMessage(oAuthMessage, client, null,
- dataProvider, validator);
-
- String callback = oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK);
- validateCallbackURL(client, callback);
-
- List<String> scopes = OAuthUtils.parseParamValue(
- oAuthMessage.getParameter(OAuthConstants.X_OAUTH_SCOPE), defaultScope);
-
- RequestTokenRegistration reg = new RequestTokenRegistration();
- reg.setClient(client);
- reg.setCallback(callback);
- reg.setState(oAuthMessage.getParameter(OAuthConstants.X_OAUTH_STATE));
- reg.setScopes(scopes);
- reg.setLifetime(tokenLifetime);
- reg.setIssuedAt(System.currentTimeMillis() / 1000);
-
- RequestToken requestToken = dataProvider.createRequestToken(reg);
-
- if (LOG.isLoggable(Level.FINE)) {
- LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
- }
- //create response
- Map<String, Object> responseParams = new HashMap<>();
- responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenKey());
- responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
- responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);
-
- String responseBody = OAuth.formEncode(responseParams.entrySet());
-
- return Response.ok(responseBody).build();
- } catch (OAuthProblemException e) {
- LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
- int code = e.getHttpStatusCode();
- if (code == HttpServletResponse.SC_OK) {
- code = OAuth.Problems.CONSUMER_KEY_UNKNOWN.equals(e.getProblem())
- ? 401 : 400;
- }
- return OAuthUtils.handleException(mc, e, code);
- } catch (OAuthServiceException e) {
- return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_BAD_REQUEST);
- } catch (Exception e) {
- LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
- new Object[] {e.fillInStackTrace()});
- return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- }
- }
-
- protected void validateCallbackURL(Client client,
- String oauthCallback) throws OAuthProblemException {
- // the callback must not be empty or null, and it should either match
- // the registered callback URI or have the common root with the
- // the registered application URI (but only if no callback was registered)
- if (!StringUtils.isEmpty(oauthCallback)) {
- boolean registeredCallbackIsEmpty = StringUtils.isEmpty(client.getCallbackURI());
- if (!registeredCallbackIsEmpty
- && oauthCallback.equals(client.getCallbackURI())) {
- return;
- }
- if (registeredCallbackIsEmpty
- && !StringUtils.isEmpty(client.getApplicationURI())
- && oauthCallback.startsWith(client.getApplicationURI())) {
- return;
- }
-
- }
- OAuthProblemException problemEx = new OAuthProblemException(
- OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK);
- problemEx
- .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
- HttpServletResponse.SC_BAD_REQUEST);
- throw problemEx;
- }
-
- public void setTokenLifetime(long tokenLifetime) {
- this.tokenLifetime = tokenLifetime;
- }
-
- public void setDefaultScope(String defaultScope) {
- this.defaultScope = defaultScope;
- }
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java
deleted file mode 100644
index 8e75f87..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.oauth.services;
-
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Response;
-
-
-/**
- * This resource issues a temporary request token to the Client
- * which will be later authorised and exchanged for the access token
- */
-@Path("/initiate")
-public class RequestTokenService extends AbstractOAuthService {
-
- private RequestTokenHandler handler = new RequestTokenHandler();
-
- public void setRequestTokenHandler(RequestTokenHandler h) {
- this.handler = h;
- }
-
- @GET
- @Produces("application/x-www-form-urlencoded")
- public Response getRequestTokenWithGET() {
- return getRequestToken();
- }
-
- @POST
- @Produces("application/x-www-form-urlencoded")
- public Response getRequestToken() {
- return handler.handle(getMessageContext(),
- getDataProvider(),
- getValidator());
- }
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
deleted file mode 100644
index 1b6a5c0..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.oauth.utils;
-
-/**
- * Miscellaneous constants
- */
-public final class OAuthConstants {
-
- public static final String OAUTH_DATA_PROVIDER_CLASS = "oauth.data.provider-class";
- public static final String OAUTH_VALIDATOR_CLASS = "oauth.data.validator-class";
- public static final String OAUTH_DATA_PROVIDER_INSTANCE_KEY = "oauth.data.provider-instance.key";
- public static final String OAUTH_VALIDATOR_INSTANCE_KEY = "oauth.data.validator-instance.key";
-
- public static final String VERIFIER_INVALID = "verifier_invalid";
-
- public static final String AUTHENTICITY_TOKEN = "session_authenticity_token";
-
- public static final String AUTHORIZATION_DECISION_KEY = "oauthDecision";
- public static final String AUTHORIZATION_DECISION_ALLOW = "allow";
- public static final String AUTHORIZATION_DECISION_DENY = "deny";
-
- public static final String X_OAUTH_SCOPE = "scope";
- public static final String X_OAUTH_STATE = "state";
- public static final String OAUTH_CONSUMER_SECRET = "oauth_consumer_secret";
-
- public static final String OAUTH_CALLBACK_OOB = "oob";
-
- private OAuthConstants() {
-
- }
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
deleted file mode 100644
index 6c8f372..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
+++ /dev/null
@@ -1,287 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.utils;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.StandardCharsets;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.StringTokenizer;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.ResponseBuilder;
-
-import net.oauth.OAuth;
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
-import net.oauth.OAuthMessage;
-import net.oauth.OAuthProblemException;
-import net.oauth.OAuthValidator;
-import net.oauth.server.OAuthServlet;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.util.PropertyUtils;
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.jaxrs.impl.MetadataMap;
-import org.apache.cxf.jaxrs.model.URITemplate;
-import org.apache.cxf.jaxrs.utils.FormUtils;
-import org.apache.cxf.phase.PhaseInterceptorChain;
-import org.apache.cxf.rs.security.oauth.data.Client;
-import org.apache.cxf.rs.security.oauth.data.RequestToken;
-import org.apache.cxf.rs.security.oauth.data.Token;
-import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
-import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
-
-/**
- * Various utility methods
- */
-public final class OAuthUtils {
- public static final String REPORT_FAILURE_DETAILS = "report.failure.details";
- public static final String REPORT_FAILURE_DETAILS_AS_HEADER = "report.failure.details.as.header";
-
- private OAuthUtils() {
- }
-
- public static boolean checkRequestURI(String servletPath, String uri) {
- boolean wildcard = uri.endsWith("*");
- String theURI = wildcard ? uri.substring(0, uri.length() - 1) : uri;
- try {
- URITemplate template = new URITemplate(theURI);
- MultivaluedMap<String, String> map = new MetadataMap<>();
- if (template.match(servletPath, map)) {
- String finalGroup = map.getFirst(URITemplate.FINAL_MATCH_GROUP);
- if (wildcard || StringUtils.isEmpty(finalGroup) || "/".equals(finalGroup)) {
- return true;
- }
- }
- } catch (Exception ex) {
- // ignore
- }
- return false;
- }
-
- public static void validateMessage(OAuthMessage oAuthMessage,
- Client client,
- Token token,
- OAuthDataProvider provider,
- OAuthValidator validator)
- throws Exception {
- OAuthConsumer consumer = new OAuthConsumer(null, client.getConsumerKey(),
- client.getSecretKey(), null);
- OAuthAccessor accessor = new OAuthAccessor(consumer);
- if (token != null) {
- if (token instanceof RequestToken) {
- accessor.requestToken = token.getTokenKey();
- } else {
- accessor.accessToken = token.getTokenKey();
- }
- accessor.tokenSecret = token.getTokenSecret();
- }
- try {
- validator.validateMessage(oAuthMessage, accessor);
- } catch (Exception ex) {
- if (token != null) {
- provider.removeToken(token);
- }
- throw ex;
- }
- if (token != null && validator instanceof DefaultOAuthValidator) {
- ((DefaultOAuthValidator)validator).validateToken(token, provider);
- }
- }
-
- public static OAuthMessage getOAuthMessage(MessageContext mc,
- HttpServletRequest request,
- String[] requiredParams) throws Exception {
- OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
- OAuthUtils.addParametersIfNeeded(mc, request, oAuthMessage);
- oAuthMessage.requireParameters(requiredParams);
- return oAuthMessage;
- }
-
- public static void addParametersIfNeeded(MessageContext mc,
- HttpServletRequest request,
- OAuthMessage oAuthMessage) throws IOException {
- List<Entry<String, String>> params = oAuthMessage.getParameters();
- String enc = oAuthMessage.getBodyEncoding();
- enc = enc == null ? StandardCharsets.UTF_8.name() : enc;
-
- if (params.isEmpty()
- && MediaType.APPLICATION_FORM_URLENCODED_TYPE.isCompatible(
- MediaType.valueOf(oAuthMessage.getBodyType()))) {
- InputStream stream = mc != null
- ? mc.getContent(InputStream.class) : oAuthMessage.getBodyAsStream();
- String body = FormUtils.readBody(stream, enc);
- MultivaluedMap<String, String> map = new MetadataMap<>();
- FormUtils.populateMapFromString(map, PhaseInterceptorChain.getCurrentMessage(), body, enc, true,
- request);
- for (String key : map.keySet()) {
- oAuthMessage.addParameter(key, map.getFirst(key));
- }
- } else {
- // This path will most likely work only for the AuthorizationRequestService
- // when processing a user confirmation with only 3 parameters expected
- String ct = request.getContentType();
- if (MediaType.APPLICATION_FORM_URLENCODED.equals(ct)) {
- Map<String, List<String>> map = new HashMap<>();
- for (Entry<String, String> param : params) {
- map.put(param.getKey(), Collections.singletonList(param.getValue()));
- }
- FormUtils.logRequestParametersIfNeeded(map, enc);
- }
- }
- }
-
-
- public static Response handleException(MessageContext mc,
- Exception e,
- int status) {
- ResponseBuilder builder = Response.status(status);
- if (PropertyUtils.isTrue(mc.getContextualProperty(REPORT_FAILURE_DETAILS))) {
- boolean asHeader = PropertyUtils.isTrue(
- mc.getContextualProperty(REPORT_FAILURE_DETAILS_AS_HEADER));
- String text = null;
- if (e instanceof OAuthProblemException) {
- OAuthProblemException problem = (OAuthProblemException)e;
- if (asHeader && problem.getProblem() != null) {
- text = problem.getProblem();
- }
- }
- if (text == null) {
- text = e.getMessage();
- }
- if (asHeader) {
- builder.header("oauth_problem", text);
- } else {
- builder.entity(e.getMessage());
- }
- }
- return builder.build();
- }
-
- public static List<String> parseParamValue(String paramValue, String defaultValue)
- throws IOException {
-
- List<String> scopeList = new ArrayList<>();
-
- if (!StringUtils.isEmpty(paramValue)) {
- StringTokenizer tokenizer = new StringTokenizer(paramValue, " ");
-
- while (tokenizer.hasMoreTokens()) {
- String token = tokenizer.nextToken();
- scopeList.add(token);
- }
- }
- if (defaultValue != null && !scopeList.contains(defaultValue)) {
- scopeList.add(defaultValue);
- }
- return scopeList;
- }
-
-
- public static RequestToken handleTokenRejectedException() throws OAuthProblemException {
- OAuthProblemException problemEx = new OAuthProblemException(
- OAuth.Problems.TOKEN_REJECTED);
- problemEx
- .setParameter(OAuthProblemException.HTTP_STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);
- throw problemEx;
- }
-
- public static Object instantiateClass(String className) throws Exception {
- Class<?> clazz = ClassLoaderUtils.loadClass(className, OAuthUtils.class);
- return clazz.newInstance();
- }
-
- public static synchronized OAuthDataProvider getOAuthDataProvider(
- OAuthDataProvider provider,
- ServletContext servletContext) {
- if (provider != null) {
- return provider;
- }
- return getOAuthDataProvider(servletContext);
- }
-
- public static synchronized OAuthDataProvider getOAuthDataProvider(
- ServletContext servletContext) {
- OAuthDataProvider dataProvider = (OAuthDataProvider) servletContext
- .getAttribute(OAuthConstants.OAUTH_DATA_PROVIDER_INSTANCE_KEY);
-
- if (dataProvider == null) {
- String dataProviderClassName = servletContext
- .getInitParameter(OAuthConstants.OAUTH_DATA_PROVIDER_CLASS);
-
- if (StringUtils.isEmpty(dataProviderClassName)) {
- throw new RuntimeException(
- "There should be provided [ " + OAuthConstants.OAUTH_DATA_PROVIDER_CLASS
- + " ] context init param in web.xml");
- }
-
- try {
- dataProvider = (OAuthDataProvider) OAuthUtils
- .instantiateClass(dataProviderClassName);
-
- servletContext
- .setAttribute(OAuthConstants.OAUTH_DATA_PROVIDER_INSTANCE_KEY, dataProvider);
- } catch (Exception e) {
- throw new RuntimeException(
- "Cannot instantiate OAuth Data Provider class: " + dataProviderClassName, e);
- }
- }
-
- return dataProvider;
- }
-
- public static synchronized OAuthValidator getOAuthValidator(ServletContext servletContext) {
-
- OAuthValidator dataProvider = (OAuthValidator) servletContext
- .getAttribute(OAuthConstants.OAUTH_VALIDATOR_INSTANCE_KEY);
-
- if (dataProvider == null) {
- String dataProviderClassName = servletContext
- .getInitParameter(OAuthConstants.OAUTH_VALIDATOR_CLASS);
-
- if (!StringUtils.isEmpty(dataProviderClassName)) {
-
- try {
- dataProvider = (OAuthValidator) OAuthUtils
- .instantiateClass(dataProviderClassName);
-
- servletContext
- .setAttribute(OAuthConstants.OAUTH_VALIDATOR_INSTANCE_KEY, dataProvider);
- } catch (Exception e) {
- throw new RuntimeException(
- "Cannot instantiate OAuthValidator class: " + dataProviderClassName, e);
- }
- }
- }
-
- return dataProvider == null ? new DefaultOAuthValidator() : dataProvider;
- }
-
-}
diff --git a/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtilsTest.java b/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtilsTest.java
deleted file mode 100644
index f13b80a..0000000
--- a/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtilsTest.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth.utils;
-
-import org.junit.Test;
-
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-public class OAuthUtilsTest {
-
- @Test
- public void testCheckRequestURI() throws Exception {
- assertTrue(OAuthUtils.checkRequestURI("/a", "/a"));
- assertTrue(OAuthUtils.checkRequestURI("/a/", "/a/"));
- assertFalse(OAuthUtils.checkRequestURI("/a/b", "/a"));
- assertFalse(OAuthUtils.checkRequestURI("/a/b", "/a/b/c"));
- assertTrue(OAuthUtils.checkRequestURI("/a", "/a*"));
- assertTrue(OAuthUtils.checkRequestURI("/a/b/c", "/a*"));
- assertTrue(OAuthUtils.checkRequestURI("/a/1/c", "/a/{id}/c"));
- }
-}
\ No newline at end of file
diff --git a/rt/rs/security/oauth-parent/pom.xml b/rt/rs/security/oauth-parent/pom.xml
index a17ac71..3767704 100644
--- a/rt/rs/security/oauth-parent/pom.xml
+++ b/rt/rs/security/oauth-parent/pom.xml
@@ -31,7 +31,6 @@
<relativePath>../../../../parent/pom.xml</relativePath>
</parent>
<modules>
- <module>oauth</module>
<module>oauth2</module>
<module>oauth2-saml</module>
</modules>
diff --git a/systests/rs-security/pom.xml b/systests/rs-security/pom.xml
index cdb6a8f..0b4773b 100644
--- a/systests/rs-security/pom.xml
+++ b/systests/rs-security/pom.xml
@@ -31,7 +31,6 @@
<description>Apache CXF JAX-RS System Advanced Security Tests</description>
<url>https://cxf.apache.org</url>
<properties>
- <oauth.version>20100527</oauth.version>
<cxf.module.name>org.apache.cxf.systests.security</cxf.module.name>
</properties>
<dependencies>
@@ -51,11 +50,6 @@
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-rs-security-oauth</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-security-oauth2-saml</artifactId>
<version>${project.version}</version>
</dependency>
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/MemoryOAuthDataProvider.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/MemoryOAuthDataProvider.java
deleted file mode 100644
index 2e57342..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/MemoryOAuthDataProvider.java
+++ /dev/null
@@ -1,168 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oauth;
-
-import java.nio.charset.StandardCharsets;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
-import java.util.concurrent.ConcurrentHashMap;
-
-import org.apache.cxf.jaxrs.impl.MetadataMap;
-import org.apache.cxf.rs.security.oauth.data.AccessToken;
-import org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration;
-import org.apache.cxf.rs.security.oauth.data.AuthorizationInput;
-import org.apache.cxf.rs.security.oauth.data.Client;
-import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
-import org.apache.cxf.rs.security.oauth.data.RequestToken;
-import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
-import org.apache.cxf.rs.security.oauth.data.Token;
-import org.apache.cxf.rs.security.oauth.provider.MD5SequenceGenerator;
-import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
-
-public class MemoryOAuthDataProvider implements OAuthDataProvider {
-
- private static final ConcurrentHashMap<String, OAuthPermission> AVAILABLE_PERMISSIONS =
- new ConcurrentHashMap<>();
-
- static {
- AVAILABLE_PERMISSIONS
- .put("read_info", new OAuthPermission("read_info", "Read your personal information",
- Collections.singletonList("ROLE_USER")));
- AVAILABLE_PERMISSIONS.put("modify_info",
- new OAuthPermission("modify_info", "Modify your personal information",
- Collections.singletonList("ROLE_ADMIN")));
- }
-
- protected ConcurrentHashMap<String, Client> clientAuthInfo = new ConcurrentHashMap<>();
-
- protected MetadataMap<String, String> userRegisteredClients = new MetadataMap<>();
-
- protected MetadataMap<String, String> userAuthorizedClients = new MetadataMap<>();
-
- protected ConcurrentHashMap<String, Token> oauthTokens = new ConcurrentHashMap<>();
-
- protected MD5SequenceGenerator tokenGenerator =
- new MD5SequenceGenerator();
-
- public MemoryOAuthDataProvider() {
- Client client = new Client(OAuthTestUtils.CLIENT_ID,
- OAuthTestUtils.CLIENT_SECRET,
- OAuthTestUtils.APPLICATION_NAME,
- OAuthTestUtils.CALLBACK);
- clientAuthInfo.put(OAuthTestUtils.CLIENT_ID, client);
- }
-
- private List<OAuthPermission> getPermissionsInfo(List<String> requestPermissions) {
- List<OAuthPermission> permissions = new ArrayList<>();
- for (String requestScope : requestPermissions) {
- OAuthPermission oAuthPermission = AVAILABLE_PERMISSIONS.get(requestScope);
- permissions.add(oAuthPermission);
- }
-
- return permissions;
- }
-
- public Client getClient(String consumerKey) {
- return clientAuthInfo.get(consumerKey);
- }
-
- public RequestToken createRequestToken(RequestTokenRegistration reg) throws OAuthServiceException {
- String token = generateToken();
- String tokenSecret = generateToken();
-
- RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret,
- reg.getLifetime(), reg.getIssuedAt());
- reqToken.setScopes(getPermissionsInfo(reg.getScopes()));
-
- oauthTokens.put(token, reqToken);
- return reqToken;
- }
-
- public RequestToken getRequestToken(String tokenString) throws OAuthServiceException {
-
- return (RequestToken)oauthTokens.get(tokenString);
- }
-
- public String finalizeAuthorization(AuthorizationInput input) throws
- OAuthServiceException {
- RequestToken requestToken = input.getToken();
- requestToken.setVerifier(generateToken());
- return requestToken.getVerifier();
- }
-
- public AccessToken createAccessToken(AccessTokenRegistration reg) throws
- OAuthServiceException {
-
- RequestToken requestToken = reg.getRequestToken();
-
- Client client = requestToken.getClient();
- requestToken = getRequestToken(requestToken.getTokenKey());
-
- String accessTokenString = generateToken();
- String tokenSecretString = generateToken();
-
- AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString,
- 3600, System.currentTimeMillis() / 1000);
-
- accessToken.setScopes(requestToken.getScopes());
-
- synchronized (oauthTokens) {
- oauthTokens.remove(requestToken.getTokenKey());
- oauthTokens.put(accessTokenString, accessToken);
- synchronized (userAuthorizedClients) {
- userAuthorizedClients.add(client.getConsumerKey(), client.getConsumerKey());
- }
- }
-
- return accessToken;
- }
-
- public AccessToken getAccessToken(String accessToken) throws OAuthServiceException {
- return (AccessToken)oauthTokens.get(accessToken);
- }
-
- public void removeToken(Token t) {
-
- for (Token token : oauthTokens.values()) {
- Client authNInfo = token.getClient();
- if (t.getClient().getConsumerKey().equals(authNInfo.getConsumerKey())) {
- oauthTokens.remove(token.getTokenKey());
- break;
- }
- }
-
- }
-
- protected String generateToken() throws OAuthServiceException {
- try {
- return tokenGenerator.generate(UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8));
- } catch (Exception e) {
- throw new OAuthServiceException("Unable to create token ", e.getCause());
- }
- }
-
- public void setClientAuthInfo(Map<String, Client> clientAuthInfo) {
- this.clientAuthInfo.putAll(clientAuthInfo);
- }
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/OAuthServer.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/OAuthServer.java
deleted file mode 100644
index 05c607e..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/OAuthServer.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oauth;
-
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-import org.apache.cxf.testutil.common.TestUtil;
-import org.eclipse.jetty.server.Handler;
-import org.eclipse.jetty.server.handler.DefaultHandler;
-import org.eclipse.jetty.server.handler.HandlerCollection;
-import org.eclipse.jetty.util.resource.Resource;
-import org.eclipse.jetty.webapp.WebAppContext;
-
-
-public class OAuthServer extends AbstractBusTestServerBase {
-
- public static final int PORT = Integer.valueOf(TestUtil.getPortNumber("oauth-test"));
- private static final String RESOURCE_PATH =
- "/org/apache/cxf/systest/jaxrs/oauth/server";
- private org.eclipse.jetty.server.Server server;
-
-
- protected void run() {
-
- server = new org.eclipse.jetty.server.Server(PORT);
-
- WebAppContext webappcontext = new WebAppContext();
- webappcontext.setContextPath("/");
- webappcontext.setBaseResource(Resource.newClassPathResource(RESOURCE_PATH));
-
- HandlerCollection handlers = new HandlerCollection();
- handlers.setHandlers(new Handler[] {webappcontext, new DefaultHandler()});
-
- server.setHandler(handlers);
- try {
- server.start();
-
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
-
- public void tearDown() throws Exception {
- super.tearDown();
- if (server != null) {
- server.stop();
- server.destroy();
- server = null;
- }
- }
-
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/OAuthTestUtils.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/OAuthTestUtils.java
deleted file mode 100644
index c62f5a3..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/OAuthTestUtils.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.systest.jaxrs.security.oauth;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.util.List;
-
-import net.oauth.OAuth;
-import net.oauth.OAuthMessage;
-
-public final class OAuthTestUtils {
-
- public static final String CALLBACK = "http://www.example.com/callback";
- public static final String APPLICATION_NAME = "Test Oauth 1.0 application";
- public static final String CLIENT_ID = "12345678";
- public static final String CLIENT_SECRET = "secret";
-
-
- private OAuthTestUtils() {
- }
-
-
- public static String readBody(OAuthMessage msg) throws IOException {
- StringBuilder body = new StringBuilder();
- try (InputStream responseBody = msg.getBodyAsStream()) {
- if (responseBody != null) {
- try (BufferedReader br = new BufferedReader(new InputStreamReader(responseBody))) {
- String buf;
- while ((buf = br.readLine()) != null) {
- body.append(buf);
- }
- }
- }
- }
-
- return body.toString().trim();
- }
-
- public static OAuth.Parameter findOAuthParameter(List<OAuth.Parameter> list, String key) {
- for (OAuth.Parameter parameter : list) {
- if (key.equals(parameter.getKey())) {
- return parameter;
- }
- }
- return null;
- }
-
- public static List<OAuth.Parameter> getResponseParams(OAuthMessage message) throws IOException {
- String body = OAuthTestUtils.readBody(message);
- return OAuth.decodeForm(body);
- }
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
deleted file mode 100644
index f185059..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.systest.jaxrs.security.oauth;
-
-import java.net.URI;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.UUID;
-
-import net.oauth.OAuth;
-import org.apache.cxf.jaxrs.client.WebClient;
-import org.apache.cxf.rs.security.oauth.client.OAuthClientUtils;
-import org.apache.cxf.rs.security.oauth.client.OAuthClientUtils.Token;
-import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-
-public class TemporaryCredentialServiceTest extends AbstractBusClientServerTestBase {
-
- public static final String TEMPORARY_CREDENTIALS_URL = "/a/oauth/initiate";
- public static final String HOST = "http://localhost:";
-
- @BeforeClass
- public static void startServers() throws Exception {
- assertTrue("server did not launch correctly",
- launchServer(OAuthServer.class, true));
- }
-
-
- @Test
- public void testGetTemporaryCredentialsURIQuery() throws Exception {
- Map<String, String> parameters = new HashMap<>();
-
- parameters.put(OAuth.OAUTH_SIGNATURE_METHOD, "HMAC-SHA1");
- parameters.put(OAuth.OAUTH_NONCE, UUID.randomUUID().toString());
- parameters.put(OAuth.OAUTH_TIMESTAMP, String.valueOf(System.currentTimeMillis() / 1000));
-
- String uri = HOST + OAuthServer.PORT + TEMPORARY_CREDENTIALS_URL;
- WebClient wc = WebClient.create(uri);
-
- Token t = OAuthClientUtils.getRequestToken(wc,
- new OAuthClientUtils.Consumer(OAuthTestUtils.CLIENT_ID, OAuthTestUtils.CLIENT_SECRET),
- URI.create(OAuthTestUtils.CALLBACK),
- parameters);
- assertNotNull(t);
- assertNotNull(t.getToken());
- assertNotNull(t.getSecret());
-
- }
-
-}