You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by do...@apache.org on 2008/06/21 03:00:35 UTC
svn commit: r670110 - in /incubator/shindig/trunk/java:
server/src/main/webapp/WEB-INF/ social-api/
social-api/src/main/java/org/apache/shindig/social/oauth/
social-api/src/test/java/org/apache/shindig/social/oauth/
Author: doll
Date: Fri Jun 20 18:00:35 2008
New Revision: 670110
URL: http://svn.apache.org/viewvc?rev=670110&view=rev
Log:
SHINDIG-290
Patch from Dirk Balfanz. First impl of some basic oauth code. These classes still need to be filled in, this is just a start.
Added:
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java
Modified:
incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml
incubator/shindig/trunk/java/social-api/pom.xml
Modified: incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml?rev=670110&r1=670109&r2=670110&view=diff
==============================================================================
--- incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml (original)
+++ incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml Fri Jun 20 18:00:35 2008
@@ -29,6 +29,16 @@
<param-value>org.apache.shindig.common.CommonGuiceModule:org.apache.shindig.social.SocialApiGuiceModule</param-value>
</context-param>
+ <filter>
+ <filter-name>oauthFilter</filter-name>
+ <filter-class>org.apache.shindig.social.oauth.OAuthServletFilter</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>oauthFilter</filter-name>
+ <url-pattern>/social/*</url-pattern>
+ </filter-mapping>
+
<listener>
<listener-class>org.apache.shindig.common.servlet.GuiceServletContextListener</listener-class>
</listener>
Modified: incubator/shindig/trunk/java/social-api/pom.xml
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/pom.xml?rev=670110&r1=670109&r2=670110&view=diff
==============================================================================
--- incubator/shindig/trunk/java/social-api/pom.xml (original)
+++ incubator/shindig/trunk/java/social-api/pom.xml Fri Jun 20 18:00:35 2008
@@ -100,5 +100,10 @@
<artifactId>jetty</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>net.oauth</groupId>
+ <artifactId>core</artifactId>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
</project>
Added: incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java?rev=670110&view=auto
==============================================================================
--- incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java (added)
+++ incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java Fri Jun 20 18:00:35 2008
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package org.apache.shindig.social.oauth;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * A class that encapsulates the OAuth-related authentication information about
+ * an HTTP request. If a servlet requires that a request was made by a specific
+ * client, it could to the following:
+ *
+ * public void doGet(HttpServletRequest req, HttpServletResponse resp) {
+ * ...
+ * OAuthContext authContext = OAuthContext.forRequest(req);
+ * if (authContext.getAuthMethod() == OAuthContext.AuthMethod.NONE) {
+ * respondWithError();
+ * } else {
+ * String consumer = authContext.getConsumerKey();
+ * if (clientIsAllowed(consumer)) {
+ * handleRequest(req, resp);
+ * } else {
+ * respondWithError():
+ * }
+ * }
+ */
+public class OAuthContext {
+
+ /*
+ * The different authentication methods.
+ */
+ public enum AuthMethod {
+ NONE, // no authentication attempted, or authentication failed
+
+ OAUTH, // OAuth succeeded, which means we'll have a consumer key and an
+ // OAuth token
+
+ SIGNED // SignedFetch succeeded, in which case we'll just have a consumer
+ // key
+ }
+
+ static final String OAUTH_CONTEXT =
+ "org.apache.shindig.social.oauth.context";
+
+ private AuthMethod authMethod;
+ private String consumerKey;
+ private String oauthToken;
+
+ /**
+ * Returns the OAuth context object for this http request. If no OAuth
+ * context object exists, then a newly-created context object for this
+ * request is returned.
+ */
+ public static OAuthContext fromRequest(HttpServletRequest req) {
+ OAuthContext result = (OAuthContext)req.getAttribute(OAUTH_CONTEXT);
+ return (result == null)
+ ? newContextForRequest(req)
+ : result;
+ }
+
+ /**
+ * Makes a new OAuth context object and stores it in the HttpServletRequest
+ * @param req
+ * @return the newly-created object.
+ */
+ static OAuthContext newContextForRequest(HttpServletRequest req) {
+ OAuthContext context = new OAuthContext();
+ req.setAttribute(OAUTH_CONTEXT, context);
+ return context;
+ }
+
+ // newly-created contexts know of no authentication
+ OAuthContext() {
+ this.authMethod = AuthMethod.NONE;
+ this.consumerKey = null;
+ this.oauthToken = null;
+ }
+
+ /**
+ * Returns the method of authentication used by the client.
+ */
+ public AuthMethod getAuthMethod() {
+ return authMethod;
+ }
+
+ public void setAuthMethod(AuthMethod method) {
+ authMethod = method;
+ }
+
+ /**
+ * Returns the consumer key that was authenticated by the server. This value
+ * should only be trusted if getAuthMethod() returns OAUTH or SIGNED.
+ */
+ public String getConsumerKey() {
+ return consumerKey;
+ }
+
+ public void setConsumerKey(String key) {
+ consumerKey = key;
+ }
+
+ /**
+ * Returns the OAuth token that was authenticated by the server. This value
+ * should only be trusted if getAuthMethod() return OAUTH.
+ */
+ public String getOAuthToken() {
+ return oauthToken;
+ }
+
+ public void setOAuthToken(String token) {
+ oauthToken = token;
+ }
+}
Added: incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java?rev=670110&view=auto
==============================================================================
--- incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java (added)
+++ incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java Fri Jun 20 18:00:35 2008
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package org.apache.shindig.social.oauth;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthMessage;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.commons.lang.NotImplementedException;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class OAuthServletFilter implements Filter {
+
+
+ public void init(FilterConfig filterConfig) {
+ }
+
+ public void destroy() {
+ }
+
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws IOException, ServletException {
+
+ if (!(request instanceof HttpServletRequest)) {
+ throw new ServletException("OAuth filter can only handle HTTP");
+ }
+
+ if (!(response instanceof HttpServletResponse)) {
+ throw new ServletException("OAuth filter can only handle HTTP");
+ }
+
+ HttpServletRequest req = (HttpServletRequest)request;
+ HttpServletResponse res = (HttpServletResponse)response;
+ OAuthContext authContext = OAuthContext.newContextForRequest(req);
+
+ OAuthMessage requestMessage = OAuthServlet.getMessage(req, null);
+
+ if (requestMessage.getParameter(OAuth.OAUTH_SIGNATURE) == null) {
+ // doesn't seem to be an OAuth request
+ chain.doFilter(request, response);
+ return;
+ }
+
+ if (requestMessage.getToken() == null) {
+ handleSignedFetch(requestMessage, authContext);
+ } else {
+ handleFullOAuth(requestMessage, authContext);
+ }
+
+ chain.doFilter(request, response);
+ }
+
+ private void handleFullOAuth(OAuthMessage requestMessage,
+ OAuthContext authContext) {
+ throw new NotImplementedException("full OAuth support not yet implemented");
+ }
+
+ private void handleSignedFetch(OAuthMessage requestMessage,
+ OAuthContext context) {
+ // TODO implement this method
+ }
+}
Added: incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java?rev=670110&view=auto
==============================================================================
--- incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java (added)
+++ incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java Fri Jun 20 18:00:35 2008
@@ -0,0 +1,303 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package org.apache.shindig.social.oauth;
+
+import junit.framework.TestCase;
+
+import org.apache.shindig.social.oauth.OAuthContext.AuthMethod;
+
+import java.io.BufferedReader;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+public class OAuthContextTest extends TestCase {
+
+ public void testGettersAndSetters() throws Exception {
+ OAuthContext context = new OAuthContext();
+
+ // first, make sure it's constructed in the right state
+ assertEquals(OAuthContext.AuthMethod.NONE, context.getAuthMethod());
+ assertNull(context.getConsumerKey());
+ assertNull(context.getOAuthToken());
+
+ // then, test the getters and setters
+ context.setAuthMethod(AuthMethod.OAUTH);
+ assertEquals(OAuthContext.AuthMethod.OAUTH, context.getAuthMethod());
+
+ context.setConsumerKey("consumer");
+ assertEquals("consumer", context.getConsumerKey());
+
+ context.setOAuthToken("token");
+ assertEquals("token", context.getOAuthToken());
+ }
+
+ public void testCreationAndOverriding() throws Exception {
+
+ HttpServletRequest request = new FakeHttpServletRequest();
+
+ // make sure that we always get a OAuthContext object
+ OAuthContext context = OAuthContext.fromRequest(request);
+
+ assertNotNull(context);
+
+ // make sure that we can override existing contexts
+ OAuthContext context2 = OAuthContext.newContextForRequest(request);
+
+ assertNotSame(context, context2);
+ assertEquals(OAuthContext.AuthMethod.NONE, context2.getAuthMethod());
+
+ OAuthContext context3 = OAuthContext.fromRequest(request);
+ assertSame(context2, context3);
+ }
+
+ public static class FakeHttpServletRequest implements HttpServletRequest {
+
+ private HashMap<String, Object> attributes = new HashMap<String, Object>();
+
+ public String getAuthType() {
+ return null;
+ }
+
+ public String getContextPath() {
+ return null;
+ }
+
+ public Cookie[] getCookies() {
+ return null;
+ }
+
+ public long getDateHeader(String name) {
+ return 0;
+ }
+
+ public String getHeader(String name) {
+ return null;
+ }
+
+ @SuppressWarnings("unchecked")
+ public Enumeration getHeaderNames() {
+ return null;
+ }
+
+ @SuppressWarnings("unchecked")
+ public Enumeration getHeaders(String name) {
+ return null;
+ }
+
+ public int getIntHeader(String name) {
+ return 0;
+ }
+
+ public String getMethod() {
+ return null;
+ }
+
+ public String getPathInfo() {
+ return null;
+ }
+
+ public String getPathTranslated() {
+ return null;
+ }
+
+ public String getQueryString() {
+ return null;
+ }
+
+ public String getRemoteUser() {
+ return null;
+ }
+
+ public String getRequestURI() {
+ return null;
+ }
+
+ public StringBuffer getRequestURL() {
+ return new StringBuffer("http://foo.com/bar");
+ }
+
+ public String getRequestedSessionId() {
+ return null;
+ }
+
+ public String getServletPath() {
+ return null;
+ }
+
+ public HttpSession getSession() {
+ return null;
+ }
+
+ public HttpSession getSession(boolean create) {
+ return null;
+ }
+
+ public Principal getUserPrincipal() {
+ return null;
+ }
+
+ public boolean isRequestedSessionIdFromCookie() {
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromURL() {
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromUrl() {
+ return false;
+ }
+
+ public boolean isRequestedSessionIdValid() {
+ return false;
+ }
+
+ public boolean isUserInRole(String role) {
+ return false;
+ }
+
+ public Object getAttribute(String name) {
+ return attributes.get(name);
+ }
+
+ @SuppressWarnings("unchecked")
+ public Enumeration getAttributeNames() {
+ return Collections.enumeration(attributes.keySet());
+ }
+
+ public String getCharacterEncoding() {
+ return null;
+ }
+
+ public int getContentLength() {
+ return 0;
+ }
+
+ public String getContentType() {
+ return null;
+ }
+
+ public ServletInputStream getInputStream() {
+ return null;
+ }
+
+ public String getLocalAddr() {
+ return null;
+ }
+
+ public String getLocalName() {
+ return null;
+ }
+
+ public int getLocalPort() {
+ return 0;
+ }
+
+ public Locale getLocale() {
+ return null;
+ }
+
+ @SuppressWarnings("unchecked")
+ public Enumeration getLocales() {
+ return null;
+ }
+
+ public String getParameter(String name) {
+ return null;
+ }
+
+ @SuppressWarnings("unchecked")
+ public Map getParameterMap() {
+ return new HashMap();
+ }
+
+ @SuppressWarnings("unchecked")
+ public Enumeration getParameterNames() {
+ return null;
+ }
+
+ public String[] getParameterValues(String name) {
+ return new String[0];
+ }
+
+ public String getProtocol() {
+ return null;
+ }
+
+ public BufferedReader getReader() {
+ return null;
+ }
+
+ public String getRealPath(String path) {
+ return null;
+ }
+
+ public String getRemoteAddr() {
+ return null;
+ }
+
+ public String getRemoteHost() {
+ return null;
+ }
+
+ public int getRemotePort() {
+ return 0;
+ }
+
+ public RequestDispatcher getRequestDispatcher(String path) {
+ return null;
+ }
+
+ public String getScheme() {
+ return null;
+ }
+
+ public String getServerName() {
+ return null;
+ }
+
+ public int getServerPort() {
+ return 0;
+ }
+
+ public boolean isSecure() {
+ return false;
+ }
+
+ public void removeAttribute(String name) {
+ attributes.remove(name);
+ }
+
+ public void setAttribute(String name, Object o) {
+ attributes.put(name, o);
+ }
+
+ public void setCharacterEncoding(String env) {
+ }
+ }
+}
Added: incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java?rev=670110&view=auto
==============================================================================
--- incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java (added)
+++ incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java Fri Jun 20 18:00:35 2008
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package org.apache.shindig.social.oauth;
+
+import org.apache.shindig.social.EasyMockTestCase;
+import org.apache.shindig.social.oauth.OAuthContextTest.FakeHttpServletRequest;
+
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletResponse;
+
+public class OAuthServletFilterTest extends EasyMockTestCase {
+
+ private FakeHttpServletRequest request;
+ private HttpServletResponse response;
+ private FilterChain chain;
+
+ private OAuthServletFilter filter;
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ request = new FakeHttpServletRequest();
+ response = mock(HttpServletResponse.class);
+ chain = mock(FilterChain.class);
+
+ filter = new OAuthServletFilter();
+ }
+
+ public void testUnauthenticated() throws Exception {
+ filter.doFilter(request, response, chain);
+
+ assertEquals(OAuthContext.AuthMethod.NONE,
+ OAuthContext.fromRequest(request).getAuthMethod());
+ }
+
+
+}
Re: svn commit: r670110 - in /incubator/shindig/trunk/java: server/src/main/webapp/WEB-INF/ social-api/ social-api/src/main/java/org/apache/shindig/social/oauth/ social-api/src/test/java/org/apache/shindig/social/oauth/
Posted by Kevin Brown <et...@google.com>.
I dropped some useful servlet testing stuff into gadgets.testing last week
-- we can pull this up into common and it would probably make some of the
servlet handling stuff here cleaner as well.
On Fri, Jun 20, 2008 at 6:00 PM, <do...@apache.org> wrote:
> Author: doll
> Date: Fri Jun 20 18:00:35 2008
> New Revision: 670110
>
> URL: http://svn.apache.org/viewvc?rev=670110&view=rev
> Log:
> SHINDIG-290
> Patch from Dirk Balfanz. First impl of some basic oauth code. These classes
> still need to be filled in, this is just a start.
>
>
> Added:
>
> incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/
>
> incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java
>
> incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java
>
> incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/
>
> incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java
>
> incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java
> Modified:
>
> incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml
> incubator/shindig/trunk/java/social-api/pom.xml
>
> Modified:
> incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml?rev=670110&r1=670109&r2=670110&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml
> (original)
> +++
> incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml
> Fri Jun 20 18:00:35 2008
> @@ -29,6 +29,16 @@
>
> <param-value>org.apache.shindig.common.CommonGuiceModule:org.apache.shindig.social.SocialApiGuiceModule</param-value>
> </context-param>
>
> + <filter>
> + <filter-name>oauthFilter</filter-name>
> +
> <filter-class>org.apache.shindig.social.oauth.OAuthServletFilter</filter-class>
> + </filter>
> +
> + <filter-mapping>
> + <filter-name>oauthFilter</filter-name>
> + <url-pattern>/social/*</url-pattern>
> + </filter-mapping>
> +
> <listener>
>
> <listener-class>org.apache.shindig.common.servlet.GuiceServletContextListener</listener-class>
> </listener>
>
> Modified: incubator/shindig/trunk/java/social-api/pom.xml
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/pom.xml?rev=670110&r1=670109&r2=670110&view=diff
>
> ==============================================================================
> --- incubator/shindig/trunk/java/social-api/pom.xml (original)
> +++ incubator/shindig/trunk/java/social-api/pom.xml Fri Jun 20 18:00:35
> 2008
> @@ -100,5 +100,10 @@
> <artifactId>jetty</artifactId>
> <scope>test</scope>
> </dependency>
> + <dependency>
> + <groupId>net.oauth</groupId>
> + <artifactId>core</artifactId>
> + <scope>compile</scope>
> + </dependency>
> </dependencies>
> </project>
>
> Added:
> incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java?rev=670110&view=auto
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java
> (added)
> +++
> incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java
> Fri Jun 20 18:00:35 2008
> @@ -0,0 +1,127 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements. See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership. The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License. You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied. See the License for the
> + * specific language governing permissions and limitations under the
> License.
> + */
> +package org.apache.shindig.social.oauth;
> +
> +import javax.servlet.http.HttpServletRequest;
> +
> +/**
> + * A class that encapsulates the OAuth-related authentication information
> about
> + * an HTTP request. If a servlet requires that a request was made by a
> specific
> + * client, it could to the following:
> + *
> + * public void doGet(HttpServletRequest req, HttpServletResponse resp) {
> + * ...
> + * OAuthContext authContext = OAuthContext.forRequest(req);
> + * if (authContext.getAuthMethod() == OAuthContext.AuthMethod.NONE) {
> + * respondWithError();
> + * } else {
> + * String consumer = authContext.getConsumerKey();
> + * if (clientIsAllowed(consumer)) {
> + * handleRequest(req, resp);
> + * } else {
> + * respondWithError():
> + * }
> + * }
> + */
> +public class OAuthContext {
> +
> + /*
> + * The different authentication methods.
> + */
> + public enum AuthMethod {
> + NONE, // no authentication attempted, or authentication failed
> +
> + OAUTH, // OAuth succeeded, which means we'll have a consumer key and
> an
> + // OAuth token
> +
> + SIGNED // SignedFetch succeeded, in which case we'll just have a
> consumer
> + // key
> + }
> +
> + static final String OAUTH_CONTEXT =
> + "org.apache.shindig.social.oauth.context";
> +
> + private AuthMethod authMethod;
> + private String consumerKey;
> + private String oauthToken;
> +
> + /**
> + * Returns the OAuth context object for this http request. If no OAuth
> + * context object exists, then a newly-created context object for this
> + * request is returned.
> + */
> + public static OAuthContext fromRequest(HttpServletRequest req) {
> + OAuthContext result = (OAuthContext)req.getAttribute(OAUTH_CONTEXT);
> + return (result == null)
> + ? newContextForRequest(req)
> + : result;
> + }
> +
> + /**
> + * Makes a new OAuth context object and stores it in the
> HttpServletRequest
> + * @param req
> + * @return the newly-created object.
> + */
> + static OAuthContext newContextForRequest(HttpServletRequest req) {
> + OAuthContext context = new OAuthContext();
> + req.setAttribute(OAUTH_CONTEXT, context);
> + return context;
> + }
> +
> + // newly-created contexts know of no authentication
> + OAuthContext() {
> + this.authMethod = AuthMethod.NONE;
> + this.consumerKey = null;
> + this.oauthToken = null;
> + }
> +
> + /**
> + * Returns the method of authentication used by the client.
> + */
> + public AuthMethod getAuthMethod() {
> + return authMethod;
> + }
> +
> + public void setAuthMethod(AuthMethod method) {
> + authMethod = method;
> + }
> +
> + /**
> + * Returns the consumer key that was authenticated by the server. This
> value
> + * should only be trusted if getAuthMethod() returns OAUTH or SIGNED.
> + */
> + public String getConsumerKey() {
> + return consumerKey;
> + }
> +
> + public void setConsumerKey(String key) {
> + consumerKey = key;
> + }
> +
> + /**
> + * Returns the OAuth token that was authenticated by the server. This
> value
> + * should only be trusted if getAuthMethod() return OAUTH.
> + */
> + public String getOAuthToken() {
> + return oauthToken;
> + }
> +
> + public void setOAuthToken(String token) {
> + oauthToken = token;
> + }
> +}
>
> Added:
> incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java?rev=670110&view=auto
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java
> (added)
> +++
> incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java
> Fri Jun 20 18:00:35 2008
> @@ -0,0 +1,87 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements. See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership. The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License. You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied. See the License for the
> + * specific language governing permissions and limitations under the
> License.
> + */
> +package org.apache.shindig.social.oauth;
> +
> +import net.oauth.OAuth;
> +import net.oauth.OAuthMessage;
> +import net.oauth.server.OAuthServlet;
> +
> +import org.apache.commons.lang.NotImplementedException;
> +
> +import java.io.IOException;
> +
> +import javax.servlet.Filter;
> +import javax.servlet.FilterChain;
> +import javax.servlet.FilterConfig;
> +import javax.servlet.ServletException;
> +import javax.servlet.ServletRequest;
> +import javax.servlet.ServletResponse;
> +import javax.servlet.http.HttpServletRequest;
> +import javax.servlet.http.HttpServletResponse;
> +
> +public class OAuthServletFilter implements Filter {
> +
> +
> + public void init(FilterConfig filterConfig) {
> + }
> +
> + public void destroy() {
> + }
> +
> + public void doFilter(ServletRequest request, ServletResponse response,
> + FilterChain chain) throws IOException, ServletException {
> +
> + if (!(request instanceof HttpServletRequest)) {
> + throw new ServletException("OAuth filter can only handle HTTP");
> + }
> +
> + if (!(response instanceof HttpServletResponse)) {
> + throw new ServletException("OAuth filter can only handle HTTP");
> + }
> +
> + HttpServletRequest req = (HttpServletRequest)request;
> + HttpServletResponse res = (HttpServletResponse)response;
> + OAuthContext authContext = OAuthContext.newContextForRequest(req);
> +
> + OAuthMessage requestMessage = OAuthServlet.getMessage(req, null);
> +
> + if (requestMessage.getParameter(OAuth.OAUTH_SIGNATURE) == null) {
> + // doesn't seem to be an OAuth request
> + chain.doFilter(request, response);
> + return;
> + }
> +
> + if (requestMessage.getToken() == null) {
> + handleSignedFetch(requestMessage, authContext);
> + } else {
> + handleFullOAuth(requestMessage, authContext);
> + }
> +
> + chain.doFilter(request, response);
> + }
> +
> + private void handleFullOAuth(OAuthMessage requestMessage,
> + OAuthContext authContext) {
> + throw new NotImplementedException("full OAuth support not yet
> implemented");
> + }
> +
> + private void handleSignedFetch(OAuthMessage requestMessage,
> + OAuthContext context) {
> + // TODO implement this method
> + }
> +}
>
> Added:
> incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java?rev=670110&view=auto
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java
> (added)
> +++
> incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java
> Fri Jun 20 18:00:35 2008
> @@ -0,0 +1,303 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements. See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership. The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License. You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied. See the License for the
> + * specific language governing permissions and limitations under the
> License.
> + */
> +package org.apache.shindig.social.oauth;
> +
> +import junit.framework.TestCase;
> +
> +import org.apache.shindig.social.oauth.OAuthContext.AuthMethod;
> +
> +import java.io.BufferedReader;
> +import java.security.Principal;
> +import java.util.Collections;
> +import java.util.Enumeration;
> +import java.util.HashMap;
> +import java.util.Locale;
> +import java.util.Map;
> +
> +import javax.servlet.RequestDispatcher;
> +import javax.servlet.ServletInputStream;
> +import javax.servlet.http.Cookie;
> +import javax.servlet.http.HttpServletRequest;
> +import javax.servlet.http.HttpSession;
> +
> +public class OAuthContextTest extends TestCase {
> +
> + public void testGettersAndSetters() throws Exception {
> + OAuthContext context = new OAuthContext();
> +
> + // first, make sure it's constructed in the right state
> + assertEquals(OAuthContext.AuthMethod.NONE, context.getAuthMethod());
> + assertNull(context.getConsumerKey());
> + assertNull(context.getOAuthToken());
> +
> + // then, test the getters and setters
> + context.setAuthMethod(AuthMethod.OAUTH);
> + assertEquals(OAuthContext.AuthMethod.OAUTH, context.getAuthMethod());
> +
> + context.setConsumerKey("consumer");
> + assertEquals("consumer", context.getConsumerKey());
> +
> + context.setOAuthToken("token");
> + assertEquals("token", context.getOAuthToken());
> + }
> +
> + public void testCreationAndOverriding() throws Exception {
> +
> + HttpServletRequest request = new FakeHttpServletRequest();
> +
> + // make sure that we always get a OAuthContext object
> + OAuthContext context = OAuthContext.fromRequest(request);
> +
> + assertNotNull(context);
> +
> + // make sure that we can override existing contexts
> + OAuthContext context2 = OAuthContext.newContextForRequest(request);
> +
> + assertNotSame(context, context2);
> + assertEquals(OAuthContext.AuthMethod.NONE, context2.getAuthMethod());
> +
> + OAuthContext context3 = OAuthContext.fromRequest(request);
> + assertSame(context2, context3);
> + }
> +
> + public static class FakeHttpServletRequest implements HttpServletRequest
> {
> +
> + private HashMap<String, Object> attributes = new HashMap<String,
> Object>();
> +
> + public String getAuthType() {
> + return null;
> + }
> +
> + public String getContextPath() {
> + return null;
> + }
> +
> + public Cookie[] getCookies() {
> + return null;
> + }
> +
> + public long getDateHeader(String name) {
> + return 0;
> + }
> +
> + public String getHeader(String name) {
> + return null;
> + }
> +
> + @SuppressWarnings("unchecked")
> + public Enumeration getHeaderNames() {
> + return null;
> + }
> +
> + @SuppressWarnings("unchecked")
> + public Enumeration getHeaders(String name) {
> + return null;
> + }
> +
> + public int getIntHeader(String name) {
> + return 0;
> + }
> +
> + public String getMethod() {
> + return null;
> + }
> +
> + public String getPathInfo() {
> + return null;
> + }
> +
> + public String getPathTranslated() {
> + return null;
> + }
> +
> + public String getQueryString() {
> + return null;
> + }
> +
> + public String getRemoteUser() {
> + return null;
> + }
> +
> + public String getRequestURI() {
> + return null;
> + }
> +
> + public StringBuffer getRequestURL() {
> + return new StringBuffer("http://foo.com/bar");
> + }
> +
> + public String getRequestedSessionId() {
> + return null;
> + }
> +
> + public String getServletPath() {
> + return null;
> + }
> +
> + public HttpSession getSession() {
> + return null;
> + }
> +
> + public HttpSession getSession(boolean create) {
> + return null;
> + }
> +
> + public Principal getUserPrincipal() {
> + return null;
> + }
> +
> + public boolean isRequestedSessionIdFromCookie() {
> + return false;
> + }
> +
> + public boolean isRequestedSessionIdFromURL() {
> + return false;
> + }
> +
> + public boolean isRequestedSessionIdFromUrl() {
> + return false;
> + }
> +
> + public boolean isRequestedSessionIdValid() {
> + return false;
> + }
> +
> + public boolean isUserInRole(String role) {
> + return false;
> + }
> +
> + public Object getAttribute(String name) {
> + return attributes.get(name);
> + }
> +
> + @SuppressWarnings("unchecked")
> + public Enumeration getAttributeNames() {
> + return Collections.enumeration(attributes.keySet());
> + }
> +
> + public String getCharacterEncoding() {
> + return null;
> + }
> +
> + public int getContentLength() {
> + return 0;
> + }
> +
> + public String getContentType() {
> + return null;
> + }
> +
> + public ServletInputStream getInputStream() {
> + return null;
> + }
> +
> + public String getLocalAddr() {
> + return null;
> + }
> +
> + public String getLocalName() {
> + return null;
> + }
> +
> + public int getLocalPort() {
> + return 0;
> + }
> +
> + public Locale getLocale() {
> + return null;
> + }
> +
> + @SuppressWarnings("unchecked")
> + public Enumeration getLocales() {
> + return null;
> + }
> +
> + public String getParameter(String name) {
> + return null;
> + }
> +
> + @SuppressWarnings("unchecked")
> + public Map getParameterMap() {
> + return new HashMap();
> + }
> +
> + @SuppressWarnings("unchecked")
> + public Enumeration getParameterNames() {
> + return null;
> + }
> +
> + public String[] getParameterValues(String name) {
> + return new String[0];
> + }
> +
> + public String getProtocol() {
> + return null;
> + }
> +
> + public BufferedReader getReader() {
> + return null;
> + }
> +
> + public String getRealPath(String path) {
> + return null;
> + }
> +
> + public String getRemoteAddr() {
> + return null;
> + }
> +
> + public String getRemoteHost() {
> + return null;
> + }
> +
> + public int getRemotePort() {
> + return 0;
> + }
> +
> + public RequestDispatcher getRequestDispatcher(String path) {
> + return null;
> + }
> +
> + public String getScheme() {
> + return null;
> + }
> +
> + public String getServerName() {
> + return null;
> + }
> +
> + public int getServerPort() {
> + return 0;
> + }
> +
> + public boolean isSecure() {
> + return false;
> + }
> +
> + public void removeAttribute(String name) {
> + attributes.remove(name);
> + }
> +
> + public void setAttribute(String name, Object o) {
> + attributes.put(name, o);
> + }
> +
> + public void setCharacterEncoding(String env) {
> + }
> + }
> +}
>
> Added:
> incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java?rev=670110&view=auto
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java
> (added)
> +++
> incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java
> Fri Jun 20 18:00:35 2008
> @@ -0,0 +1,53 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements. See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership. The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License. You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied. See the License for the
> + * specific language governing permissions and limitations under the
> License.
> + */
> +package org.apache.shindig.social.oauth;
> +
> +import org.apache.shindig.social.EasyMockTestCase;
> +import
> org.apache.shindig.social.oauth.OAuthContextTest.FakeHttpServletRequest;
> +
> +import javax.servlet.FilterChain;
> +import javax.servlet.http.HttpServletResponse;
> +
> +public class OAuthServletFilterTest extends EasyMockTestCase {
> +
> + private FakeHttpServletRequest request;
> + private HttpServletResponse response;
> + private FilterChain chain;
> +
> + private OAuthServletFilter filter;
> +
> + @Override
> + protected void setUp() throws Exception {
> + super.setUp();
> +
> + request = new FakeHttpServletRequest();
> + response = mock(HttpServletResponse.class);
> + chain = mock(FilterChain.class);
> +
> + filter = new OAuthServletFilter();
> + }
> +
> + public void testUnauthenticated() throws Exception {
> + filter.doFilter(request, response, chain);
> +
> + assertEquals(OAuthContext.AuthMethod.NONE,
> + OAuthContext.fromRequest(request).getAuthMethod());
> + }
> +
> +
> +}
>
>
>