You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by li...@apache.org on 2010/05/15 02:03:57 UTC

svn commit: r944523 - /shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java

Author: lindner
Date: Sat May 15 00:03:57 2010
New Revision: 944523

URL: http://svn.apache.org/viewvc?rev=944523&view=rev
Log:
Allow oauth2 authorization headers

Modified:
    shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java

Modified: shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java?rev=944523&r1=944522&r2=944523&view=diff
==============================================================================
--- shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java (original)
+++ shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java Sat May 15 00:03:57 2010
@@ -19,8 +19,15 @@ package org.apache.shindig.auth;
 
 import com.google.common.collect.Maps;
 import com.google.inject.Inject;
+import net.oauth.OAuth;
+import net.oauth.OAuthMessage;
 
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
 import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -63,16 +70,40 @@ public class UrlParameterAuthenticationH
     return this.securityTokenDecoder;
   }
 
+  // From OAuthMessage
+  private static final Pattern AUTHORIZATION = Pattern.compile("\\s*(\\w*)\\s+(.*)");
+  private static final Pattern NVP = Pattern.compile("(\\S*)\\s*\\=\\s*\"([^\"]*)\"");
+
   protected Map<String, String> getMappedParameters(final HttpServletRequest request) {
     Map<String, String> params = Maps.newHashMap();
+    String token = null;
+
+    // old style security token
+    if (token == null) {
+      token = request.getParameter(SECURITY_TOKEN_PARAM);
+    }
 
-    String oauth_token_value = request.getParameter(OAUTH2_TOKEN_PARAM);
+    // OAuth token as a param
+    if (token == null && request.isSecure()) {
+      token = request.getParameter(OAUTH2_TOKEN_PARAM);
+    }
 
-    if (request.isSecure() && oauth_token_value != null) {
-      params.put(SecurityTokenDecoder.SECURITY_TOKEN_NAME, oauth_token_value);
-    } else {
-      params.put(SecurityTokenDecoder.SECURITY_TOKEN_NAME, request.getParameter(SECURITY_TOKEN_PARAM));
+    // token in authorization header
+    if (token == null) {
+      for (Enumeration<String> headers = request.getHeaders("Authorization"); headers != null && headers.hasMoreElements();) {
+        Matcher m = AUTHORIZATION.matcher(headers.nextElement());
+        if (m.matches() && "Token".equalsIgnoreCase(m.group(1))) {
+          for (String nvp : m.group(2).split("\\s*,\\s*")) {
+            m = NVP.matcher(nvp);
+            if (m.matches() && "token".equals(m.group(1))) {
+              token = OAuth.decodePercent(m.group(2));
+            }
+          }
+        }
+      }
     }
+
+    params.put(SecurityTokenDecoder.SECURITY_TOKEN_NAME, token);
     params.put(SecurityTokenDecoder.ACTIVE_URL_NAME, getActiveUrl(request));
     return params;
   }