You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by li...@apache.org on 2010/05/15 02:03:57 UTC
svn commit: r944523 -
/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
Author: lindner
Date: Sat May 15 00:03:57 2010
New Revision: 944523
URL: http://svn.apache.org/viewvc?rev=944523&view=rev
Log:
Allow oauth2 authorization headers
Modified:
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
Modified: shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java?rev=944523&r1=944522&r2=944523&view=diff
==============================================================================
--- shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java (original)
+++ shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java Sat May 15 00:03:57 2010
@@ -19,8 +19,15 @@ package org.apache.shindig.auth;
import com.google.common.collect.Maps;
import com.google.inject.Inject;
+import net.oauth.OAuth;
+import net.oauth.OAuthMessage;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
@@ -63,16 +70,40 @@ public class UrlParameterAuthenticationH
return this.securityTokenDecoder;
}
+ // From OAuthMessage
+ private static final Pattern AUTHORIZATION = Pattern.compile("\\s*(\\w*)\\s+(.*)");
+ private static final Pattern NVP = Pattern.compile("(\\S*)\\s*\\=\\s*\"([^\"]*)\"");
+
protected Map<String, String> getMappedParameters(final HttpServletRequest request) {
Map<String, String> params = Maps.newHashMap();
+ String token = null;
+
+ // old style security token
+ if (token == null) {
+ token = request.getParameter(SECURITY_TOKEN_PARAM);
+ }
- String oauth_token_value = request.getParameter(OAUTH2_TOKEN_PARAM);
+ // OAuth token as a param
+ if (token == null && request.isSecure()) {
+ token = request.getParameter(OAUTH2_TOKEN_PARAM);
+ }
- if (request.isSecure() && oauth_token_value != null) {
- params.put(SecurityTokenDecoder.SECURITY_TOKEN_NAME, oauth_token_value);
- } else {
- params.put(SecurityTokenDecoder.SECURITY_TOKEN_NAME, request.getParameter(SECURITY_TOKEN_PARAM));
+ // token in authorization header
+ if (token == null) {
+ for (Enumeration<String> headers = request.getHeaders("Authorization"); headers != null && headers.hasMoreElements();) {
+ Matcher m = AUTHORIZATION.matcher(headers.nextElement());
+ if (m.matches() && "Token".equalsIgnoreCase(m.group(1))) {
+ for (String nvp : m.group(2).split("\\s*,\\s*")) {
+ m = NVP.matcher(nvp);
+ if (m.matches() && "token".equals(m.group(1))) {
+ token = OAuth.decodePercent(m.group(2));
+ }
+ }
+ }
+ }
}
+
+ params.put(SecurityTokenDecoder.SECURITY_TOKEN_NAME, token);
params.put(SecurityTokenDecoder.ACTIVE_URL_NAME, getActiveUrl(request));
return params;
}