You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by kr...@apache.org on 2010/04/10 08:50:12 UTC
svn commit: r932672 - in /camel/trunk/examples/camel-example-gauth/src/main:
java/org/apache/camel/example/gauth/ webapp/WEB-INF/
Author: krasserm
Date: Sat Apr 10 06:50:11 2010
New Revision: 932672
URL: http://svn.apache.org/viewvc?rev=932672&view=rev
Log:
added javadocs and removed unnecessary servlet mapping.
Modified:
camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialController.java
camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialRouteBuilder.java
camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialService.java
camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialTokenProcessor.java
camel/trunk/examples/camel-example-gauth/src/main/webapp/WEB-INF/web.xml
Modified: camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialController.java
URL: http://svn.apache.org/viewvc/camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialController.java?rev=932672&r1=932671&r2=932672&view=diff
==============================================================================
--- camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialController.java (original)
+++ camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialController.java Sat Apr 10 06:50:11 2010
@@ -29,6 +29,19 @@ import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+/**
+ * Single controller for the demo application that handles GET requests. Obtains OAuth access
+ * token and access token secret from cookies and uses them to obtain calendar names from the
+ * Google Calendar API. If the interaction with the calendar API fails due to invalid or non-
+ * existing OAuth tokens an error message is displayed in authorize.jsp. If it succeeds the
+ * calendar names are displayed in calendar.jsp.
+ * <p>
+ * In production systems it is <em>not</em> recommended to store access tokens in cookies. The
+ * recommended approach is to store them in a database. The demo application is only doing that
+ * to keep the example as simple as possible. However, an attacker could not use an access token
+ * alone to get access to a user's calendar data because the application's consumer secret is
+ * necessary for that as well. The consumer secret never leaves the demo application.
+ */
@Controller
@RequestMapping("/calendar")
public class TutorialController {
@@ -44,7 +57,8 @@ public class TutorialController {
ModelMap model) throws Exception {
List<String> calendarNames = null;
-
+
+ // Get OAuth tokens from cookies
String accessToken = getAccessToken(request);
String accessTokenSecret = getAccessTokenSecret(request);
@@ -54,6 +68,7 @@ public class TutorialController {
}
try {
+ // Get calendar names from Google Calendar API
calendarNames = service.getCalendarNames(accessToken, accessTokenSecret);
} catch (AuthenticationException e) {
model.put("message", "OAuth access token invalid");
Modified: camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialRouteBuilder.java
URL: http://svn.apache.org/viewvc/camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialRouteBuilder.java?rev=932672&r1=932671&r2=932672&view=diff
==============================================================================
--- camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialRouteBuilder.java (original)
+++ camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialRouteBuilder.java Sat Apr 10 06:50:11 2010
@@ -20,10 +20,18 @@ import java.net.URLEncoder;
import org.apache.camel.builder.RouteBuilder;
+/**
+ * Builds the OAuth-specific routes (implements the OAuth integration layer) of the demo application.
+ */
public class TutorialRouteBuilder extends RouteBuilder {
private String application;
+ /**
+ * Sets the name of the GAE application.
+ *
+ * @param application a GAE application name.
+ */
public void setApplication(String application) {
this.application = application;
}
@@ -31,12 +39,22 @@ public class TutorialRouteBuilder extend
@Override
public void configure() throws Exception {
+ // Callback URL for sending back an authorized access token.
String encodedCallback = URLEncoder.encode(String.format("https://%s.appspot.com/camel/handler", application), "UTF-8");
+ // Google should issue an access token that is scoped to calendar feeds.
String encodedScope = URLEncoder.encode("http://www.google.com/calendar/feeds/", "UTF-8");
+ // Route for obtaining an unauthorized request token from Google Accounts. The
+ // response redirects the browser to an authorization page provided by Google.
from("ghttp:///authorize")
.to("gauth:authorize?callback=" + encodedCallback + "&scope=" + encodedScope);
+
+ // Handles callbacks from Google Accounts which contain an authorized request token.
+ // The authorized request token is upgraded to an access token which is stored in
+ // the response message header. The TutorialTokenProcessor is application-specific
+ // and stores the access token (plus access token secret) is cookies. It further
+ // redirects the user to the application's main location (/oauth/calendar).
from("ghttp:///handler")
.to("gauth:upgrade")
.process(new TutorialTokenProcessor());
Modified: camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialService.java
URL: http://svn.apache.org/viewvc/camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialService.java?rev=932672&r1=932671&r2=932672&view=diff
==============================================================================
--- camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialService.java (original)
+++ camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialService.java Sat Apr 10 06:50:11 2010
@@ -27,14 +27,31 @@ import com.google.gdata.client.calendar.
import com.google.gdata.data.calendar.CalendarEntry;
import com.google.gdata.data.calendar.CalendarFeed;
+/**
+ * Facade for getting calendar names from the Google Calendar API. The access is made on
+ * behalf of a user by providing an OAuth access token and access token secret.
+ */
public class TutorialService {
private Properties credentials;
-
+
+ /**
+ * Sets properties that contains the application's consumer key and consumer secret.
+ *
+ * @param credentials consumer key and consumer secret.
+ */
public void setCredentials(Properties credentials) {
this.credentials = credentials;
}
-
+
+ /**
+ * Obtains a list of names of a user's public and private calendars from the Google
+ * Calendar API.
+ *
+ * @param accessToken OAuth access token.
+ * @param accessTokenSecret OAuth access token secret.
+ * @return list of names of a user's public and private calendars.
+ */
public List<String> getCalendarNames(String accessToken, String accessTokenSecret) throws Exception {
CalendarService calendarService = new CalendarService("apache-camel-2.3");
OAuthParameters params = getOAuthParams(accessToken, accessTokenSecret);
Modified: camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialTokenProcessor.java
URL: http://svn.apache.org/viewvc/camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialTokenProcessor.java?rev=932672&r1=932671&r2=932672&view=diff
==============================================================================
--- camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialTokenProcessor.java (original)
+++ camel/trunk/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialTokenProcessor.java Sat Apr 10 06:50:11 2010
@@ -25,6 +25,19 @@ import org.apache.camel.Processor;
import static org.apache.camel.component.gae.auth.GAuthUpgradeBinding.GAUTH_ACCESS_TOKEN;
import static org.apache.camel.component.gae.auth.GAuthUpgradeBinding.GAUTH_ACCESS_TOKEN_SECRET;
+/**
+ * Reads an OAuth access token plus access token secret from a Camel message and stores them in
+ * cookies. These cookies are needed by {@link org.apache.camel.example.gauth.TutorialController}
+ * for accessing a user's calendar via the Google Calendar API. The cookies are valid for one
+ * hour. Finally, it generates an HTTP 302 response that redirects the user to the application's
+ * main location (/oauth/calendar).
+ * <p>
+ * In production systems it is <em>not</em> recommended to store access tokens in cookies. The
+ * recommended approach is to store them in a database. The demo application is only doing that
+ * to keep the example as simple as possible. However, an attacker could not use an access token
+ * alone to get access to a user's calendar data because the application's consumer secret is
+ * necessary for that as well. The consumer secret never leaves the demo application.
+ */
public class TutorialTokenProcessor implements Processor {
private static final int ONE_HOUR = 3600;
Modified: camel/trunk/examples/camel-example-gauth/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/camel/trunk/examples/camel-example-gauth/src/main/webapp/WEB-INF/web.xml?rev=932672&r1=932671&r2=932672&view=diff
==============================================================================
--- camel/trunk/examples/camel-example-gauth/src/main/webapp/WEB-INF/web.xml (original)
+++ camel/trunk/examples/camel-example-gauth/src/main/webapp/WEB-INF/web.xml Sat Apr 10 06:50:11 2010
@@ -51,10 +51,6 @@ http://java.sun.com/xml/ns/javaee/web-ap
<servlet-name>CamelServlet</servlet-name>
<url-pattern>/camel/*</url-pattern>
</servlet-mapping>
- <servlet-mapping>
- <servlet-name>CamelServlet</servlet-name>
- <url-pattern>/worker/*</url-pattern>
- </servlet-mapping>
-
+
</web-app>