You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by lm...@apache.org on 2010/08/04 00:05:20 UTC
svn commit: r982045 [1/2] - in /cxf/sandbox/oauth_1.0a:
distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/
distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/
rt/rs/oauth/ rt/rs/oauth/src/main/...
Author: lmoren
Date: Tue Aug 3 22:05:18 2010
New Revision: 982045
URL: http://svn.apache.org/viewvc?rev=982045&view=rev
Log:
- added gae configuration files
- added possibility to configure oauth module through servlets
Added:
cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/appengine-web.xml (with props)
cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/appengine-web.xml (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java (contents, props changed)
- copied, changed from r979824, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialService.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java (contents, props changed)
- copied, changed from r981471, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceImpl.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/DefaultOAuthRequestHandler.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java (contents, props changed)
- copied, changed from r981471, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AccessTokenServlet.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AuthorizationServlet.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/ConfirmationServlet.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthAbstractServlet.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthRequestFilter.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/TemporaryCredentialsServlet.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/AccessToken.java (contents, props changed)
- copied, changed from r981471, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/AccessToken.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/RequestToken.java (contents, props changed)
- copied, changed from r981471, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/RequestToken.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/Token.java (contents, props changed)
- copied, changed from r981471, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Token.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidator.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/OAuthTestUtils.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/servlets/
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/servlets/ServletsTest.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/servlets/TemporaryCredentialsServletTest.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/servlets/TestMemoryOAuthDataProvider.java (with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/servlet/
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/servlet/WEB-INF/
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/servlet/WEB-INF/web.xml (with props)
Removed:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialService.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceImpl.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/AccessToken.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/RequestToken.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Token.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidatorWrapperImpl.java
Modified:
cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml
cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthzConfirmationServiceImpl.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityInterceptor.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/JUnit4SpringContextTests.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceTest.java
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/oauth-beans.xml
Added: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/appengine-web.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/appengine-web.xml?rev=982045&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/appengine-web.xml (added)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/appengine-web.xml Tue Aug 3 22:05:18 2010
@@ -0,0 +1,24 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<?xml version="1.0" encoding="utf-8"?>
+<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
+ <application><!-- type appliation name here --></application>
+ <sessions-enabled>true</sessions-enabled>
+ <version>1</version>
+</appengine-web-app>
Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/appengine-web.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/appengine-web.xml
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/appengine-web.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Added: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/appengine-web.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/appengine-web.xml?rev=982045&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/appengine-web.xml (added)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/appengine-web.xml Tue Aug 3 22:05:18 2010
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<?xml version="1.0" encoding="utf-8"?>
+<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
+ <application><!-- type appliation name here --></application>
+ <sessions-enabled>true</sessions-enabled>
+ <version>1</version>
+</appengine-web-app>
Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/appengine-web.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/appengine-web.xml
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/appengine-web.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml?rev=982045&r1=982044&r2=982045&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml Tue Aug 3 22:05:18 2010
@@ -79,30 +79,37 @@
<!-- Intercept request to OAuth protected resources -->
<bean id="oauthSecurityInterceptor"
class="org.apache.cxf.auth.oauth.interceptors.OAuthSecurityInterceptor">
- <property name="oAuthDataProvider" ref="oauthDataProvider"/>
+ <property name="handler" ref="requestHandler"/>
</bean>
<!--OAuth data provider -->
- <bean id="oauthDataProvider" class="org.apache.cxf.auth.oauth.provider.OAuthDataProviderImpl"/>
+ <bean id="oauthDataProvider" class="org.apache.cxf.auth.oauth.provider.MemoryOauthDataProvider"/>
+
+ <bean id="requestHandler" class="org.apache.cxf.auth.oauth.handlers.DefaultOAuthRequestHandler">
+ <property name="OAuthValidator" ref="validator"/>
+ <property name="OAuthDataProvider" ref="oauthDataProvider"/>
+ </bean>
+
+ <bean id="validator" class="org.apache.cxf.auth.oauth.validation.OAuthMessageValidator"/>
<!--Definitions of OAuth module endpoints-->
<bean id="resourceOwnerAuthorizationEndpoint"
class="org.apache.cxf.auth.oauth.endpoints.AuthorizationServiceImpl">
- <property name="oAuthDataProvider" ref="oauthDataProvider"/>
+ <property name="handler" ref="requestHandler"/>
</bean>
<bean id="confirmationService"
class="org.apache.cxf.auth.oauth.endpoints.AuthzConfirmationServiceImpl">
- <property name="oAuthDataProvider" ref="oauthDataProvider"/>
+ <property name="handler" ref="requestHandler"/>
</bean>
<bean id="tokenService"
class="org.apache.cxf.auth.oauth.endpoints.TokenCredentialsServiceImpl">
- <property name="oAuthDataProvider" ref="oauthDataProvider"/>
+ <property name="handler" ref="requestHandler"/>
</bean>
<bean id="temporaryCredentialService"
- class="org.apache.cxf.auth.oauth.endpoints.TemporaryCredentialServiceImpl">
- <property name="oAuthDataProvider" ref="oauthDataProvider"/>
+ class="org.apache.cxf.auth.oauth.endpoints.TemporaryCredentialsServiceImpl">
+ <property name="handler" ref="requestHandler"/>
</bean>
</beans>
\ No newline at end of file
Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml?rev=982045&r1=982044&r2=982045&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml Tue Aug 3 22:05:18 2010
@@ -39,7 +39,7 @@
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
<version>${project.version}</version>
- </dependency>
+ </dependency>
<dependency>
<groupId>${servlet-api.group}</groupId>
<artifactId>${servlet-api.artifact}</artifactId>
@@ -49,7 +49,7 @@
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http-jetty</artifactId>
</dependency>
-
+
<dependency>
<groupId>net.oauth.core</groupId>
<artifactId>oauth-provider</artifactId>
@@ -62,6 +62,27 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-server</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-webapp</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-servlet</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.easymock</groupId>
+ <artifactId>easymock</artifactId>
+ <version>2.0</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.springframework</groupId>
<artifactId>${spring.mock}</artifactId>
<version>${spring.version}</version>
@@ -79,6 +100,12 @@
<version>${project.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>net.oauth.core</groupId>
+ <artifactId>oauth-consumer</artifactId>
+ <version>${oauth.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<repositories>
Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java?rev=982045&r1=982044&r2=982045&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java Tue Aug 3 22:05:18 2010
@@ -19,6 +19,7 @@
package org.apache.cxf.auth.oauth.endpoints;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
@@ -35,5 +36,5 @@ public interface AuthorizationService {
@GET
@Path("/")
- Response authorizeUser(@Context HttpServletRequest request);
+ Response authorizeUser(@Context HttpServletRequest request, @Context HttpServletResponse response);
}
\ No newline at end of file
Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java?rev=982045&r1=982044&r2=982045&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java Tue Aug 3 22:05:18 2010
@@ -29,87 +29,45 @@ import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
-import net.oauth.OAuth;
import net.oauth.OAuthException;
-import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
-import net.oauth.server.OAuthServlet;
import org.apache.cxf.auth.oauth.provider.OAuthAuthorizationData;
-import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.auth.oauth.provider.RequestToken;
import org.apache.cxf.auth.oauth.utils.OAuthUtils;
-import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
import org.apache.cxf.common.logging.LogUtils;
-
/**
* @author Lukasz Moren
*/
@Path("/")
-public class AuthorizationServiceImpl implements AuthorizationService {
+public class AuthorizationServiceImpl extends OAuthAbstractService implements AuthorizationService {
private static final Logger LOG = LogUtils.getL7dLogger(AuthorizationServiceImpl.class);
- private OAuthDataProvider oAuthDataProvider;
-
- private OAuthMessageValidator oAuthValidator = new OAuthMessageValidator();
-
@GET
@Path("/")
- public Response authorizeUser(@Context HttpServletRequest request) {
- LOG.log(Level.INFO, "Resource Owner Authorization Endpoint invoked");
-
- //create security token that is passed to sign in page and validate it in confirmation service
- OAuthAuthorizationData secData = new OAuthAuthorizationData();
+ public Response authorizeUser(@Context HttpServletRequest request,
+ @Context HttpServletResponse response) {
try {
-
- OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
- oAuthMessage.requireParameters(OAuth.OAUTH_TOKEN);
-
- oAuthValidator.validateSingleParameters(oAuthMessage);
-
- RequestToken token = oAuthDataProvider.saveSecurityToken(oAuthMessage.getToken());
-
- //user credentials not found
- if (token == null) {
- if (LOG.isLoggable(Level.WARNING)) {
- LOG.log(Level.WARNING, "Request token was not found customer key was not found");
- }
- return Response.ok(secData).build();
- }
-
- addAdditionalParams(secData, token);
- return Response.ok(secData).build();
-
-
+ OAuthAuthorizationData oauthData = handler.handleAuthorization(request, response, "");
+ return Response.ok(oauthData).build();
} catch (OAuthProblemException e) {
if (LOG.isLoggable(Level.WARNING)) {
LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[] {e.toString()});
}
- throw OAuthUtils.handleException(e, e.getHttpStatusCode());
+ OAuthUtils.handleException(response, e, e.getHttpStatusCode());
} catch (IOException e) {
if (LOG.isLoggable(Level.SEVERE)) {
LOG.log(Level.SEVERE, "OAuth module exception: {0}", new Object[] {e.toString()});
}
- throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ OAuthUtils.handleException(response, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} catch (OAuthException e) {
if (LOG.isLoggable(Level.SEVERE)) {
LOG.log(Level.SEVERE, "OAuth library exception: {0}", new Object[] {e.toString()});
}
- throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ OAuthUtils.handleException(response, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
+ return null;
}
-
- protected void addAdditionalParams(OAuthAuthorizationData secData, RequestToken token) {
- secData.setOauthToken(token.getTokenString());
- secData.setSecurityToken(token.getSecurityToken());
- secData.setApplicationName(token.getClientAuthenticationInfo().getApplicationName());
- }
-
- public void setoAuthDataProvider(OAuthDataProvider provider) {
- this.oAuthDataProvider = provider;
- }
-
}
Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthzConfirmationServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthzConfirmationServiceImpl.java?rev=982045&r1=982044&r2=982045&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthzConfirmationServiceImpl.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthzConfirmationServiceImpl.java Tue Aug 3 22:05:18 2010
@@ -19,7 +19,6 @@
package org.apache.cxf.auth.oauth.endpoints;
import java.io.IOException;
-import java.net.URI;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
@@ -30,14 +29,8 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
-import net.oauth.OAuth;
-import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
-import net.oauth.server.OAuthServlet;
-import org.apache.cxf.auth.oauth.provider.ClientAuthNInfo;
-import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.auth.oauth.provider.RequestToken;
import org.apache.cxf.auth.oauth.utils.OAuthUtils;
import org.apache.cxf.common.logging.LogUtils;
@@ -47,38 +40,19 @@ import org.apache.cxf.common.logging.Log
* @author Lukasz Moren
*/
@Path("/confirm")
-public class AuthzConfirmationServiceImpl implements AuthzConfirmationService {
+public class AuthzConfirmationServiceImpl extends OAuthAbstractService implements AuthzConfirmationService {
private static final Logger LOG = LogUtils
.getL7dLogger(AuthzConfirmationServiceImpl.class);
- private OAuthDataProvider oAuthDataProvider;
-
@GET
@Produces("application/x-www-form-urlencoded")
public Response confirmUserDecision(@Context HttpServletRequest request) {
// service called from confirmation page
try {
- OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
- oAuthMessage.requireParameters(OAuth.OAUTH_TOKEN, AuthorizationService.SEC_TOKEN);
+ return handler.handleConfirmation(request);
- // todo how long oauth verifier?, it SHOULD be suitable for manual entry acording to spec
- // generate oauth verifier
- RequestToken requestToken = oAuthDataProvider
- .validateRequestToken(oAuthMessage.getToken(), oAuthMessage
- .getParameter(AuthorizationService.SEC_TOKEN));
-
- ClientAuthNInfo clientInfo = requestToken.getClientAuthenticationInfo();
- StringBuffer callback = new StringBuffer(clientInfo.getCallbackURL()).append("?oauth_token=")
- .append(oAuthMessage.getToken()).append("&oauth_verifier=").append(
- requestToken
- .getOauthVerifier());
-
- return Response.status(HttpServletResponse.SC_MOVED_TEMPORARILY).location(
- URI.create(callback
- .toString()))
- .build();
} catch (OAuthProblemException e) {
if (LOG.isLoggable(Level.WARNING)) {
LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {
@@ -95,8 +69,4 @@ public class AuthzConfirmationServiceImp
throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
-
- public void setoAuthDataProvider(OAuthDataProvider provider) {
- this.oAuthDataProvider = provider;
- }
}
Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java?rev=982045&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java Tue Aug 3 22:05:18 2010
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.endpoints;
+
+import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
+
+/**
+ * @author Lukasz Moren
+ */
+public abstract class OAuthAbstractService {
+ protected OAuthRequestHandler handler;
+
+ public void setHandler(OAuthRequestHandler handler) {
+ this.handler = handler;
+ }
+}
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Copied: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java (from r979824, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialService.java)
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java?p2=cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java&p1=cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialService.java&r1=979824&r2=982045&rev=982045&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialService.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java Tue Aug 3 22:05:18 2010
@@ -19,8 +19,7 @@
package org.apache.cxf.auth.oauth.endpoints;
import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.GET;
+import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
@@ -32,10 +31,9 @@ import javax.ws.rs.core.Response;
* @author Lukasz Moren
*/
@Path("/initiate")
-public interface TemporaryCredentialService {
+public interface TemporaryCredentialsService {
@POST
- @GET
@Produces("application/x-www-form-urlencoded")
- @Consumes("*/*")
- Response getTemporaryCredentials(@Context HttpServletRequest request);
+ Response getTemporaryCredentials(@Context HttpServletRequest request,
+ @Context HttpServletResponse response);
}
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Copied: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java (from r981471, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceImpl.java)
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java?p2=cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java&p1=cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceImpl.java&r1=981471&r2=982045&rev=982045&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceImpl.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java Tue Aug 3 22:05:18 2010
@@ -19,112 +19,44 @@
package org.apache.cxf.auth.oauth.endpoints;
-import java.util.HashMap;
-import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
-import net.oauth.OAuth;
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
import net.oauth.OAuthException;
-import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
-import net.oauth.server.OAuthServlet;
-import org.apache.cxf.auth.oauth.provider.ClientAuthNInfo;
-import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.auth.oauth.provider.RequestToken;
import org.apache.cxf.auth.oauth.utils.OAuthUtils;
-import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
import org.apache.cxf.common.logging.LogUtils;
/**
* @author Lukasz Moren
*/
@Path("/initiate")
-public class TemporaryCredentialServiceImpl implements TemporaryCredentialService {
+public class TemporaryCredentialsServiceImpl extends OAuthAbstractService
+ implements TemporaryCredentialsService {
- private static final Logger LOG = LogUtils.getL7dLogger(TemporaryCredentialServiceImpl.class);
-
- private OAuthDataProvider oAuthDataProvider;
-
- private OAuthMessageValidator oAuthValidator = new OAuthMessageValidator();
+ private static final Logger LOG = LogUtils.getL7dLogger(TemporaryCredentialsServiceImpl.class);
+ {
+ LOG.log(Level.INFO, "Initializing: {0}", TemporaryCredentialsServiceImpl.class.getName());
+ }
@POST
- @GET
@Produces("application/x-www-form-urlencoded")
- @Consumes("*/*")
- public Response getTemporaryCredentials(@Context HttpServletRequest request) {
+ public Response getTemporaryCredentials(@Context HttpServletRequest request,
+ @Context HttpServletResponse response) {
//todo add realm optional parameter
//todo check if entity-body single part?
- try {
- if (LOG.isLoggable(Level.FINE)) {
- LOG.log(Level.FINE, "Temporary Service Credentials service invoked by host: {0}",
- new Object[] {request.getRemoteHost()});
- }
- OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
-
- oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
- OAuth.OAUTH_SIGNATURE_METHOD,
- OAuth.OAUTH_SIGNATURE,
- OAuth.OAUTH_TIMESTAMP,
- OAuth.OAUTH_NONCE,
- OAuth.OAUTH_CALLBACK);
-
- if (LOG.isLoggable(Level.FINE)) {
- LOG.log(Level.FINE, "All required OAuth parameters are present");
- }
-
- ClientAuthNInfo authNInfo = oAuthDataProvider
- .getClientAuthenticationInfo(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));
-
- //client credentials not found
- if (authNInfo == null) {
- OAuthProblemException problemEx = new OAuthProblemException(
- OAuth.Problems.CONSUMER_KEY_UNKNOWN);
- problemEx
- .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
- HttpServletResponse.SC_UNAUTHORIZED);
- throw problemEx;
- }
-
- OAuthConsumer consumer = new OAuthConsumer(oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK),
- authNInfo.getConsumerKey(), authNInfo.getSecretKey(), null);
-
- OAuthAccessor accessor = new OAuthAccessor(consumer);
-
- //validate message
- oAuthValidator.validateMessage(oAuthMessage, accessor);
-
- //set callback url from request, or use preregistered one
- authNInfo = setCallbackURL(authNInfo,
- oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK));
-
- RequestToken requestToken = oAuthDataProvider.generateRequestToken(authNInfo);
-
- if (LOG.isLoggable(Level.FINE)) {
- LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
- }
- //create response
- Map<String, Object> responseParams = new HashMap<String, Object>();
- responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenString());
- responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
- responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);
-
- String response = OAuth.formEncode(responseParams.entrySet());
- return Response.ok(response).build();
+ try {
+ return handler.handleTemporaryCredentials(request);
} catch (OAuthProblemException e) {
if (LOG.isLoggable(Level.WARNING)) {
LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
@@ -142,19 +74,6 @@ public class TemporaryCredentialServiceI
}
throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
- }
-
- protected ClientAuthNInfo setCallbackURL(ClientAuthNInfo authNInfo,
- String oauthCallback) {
-
- if (!oauthCallback.equals(ClientAuthNInfo.OAUTH_OOB)) {
- authNInfo.setCallbackURL(oauthCallback);
- }
-
- return authNInfo;
- }
- public void setoAuthDataProvider(OAuthDataProvider provider) {
- this.oAuthDataProvider = provider;
}
}
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java?rev=982045&r1=982044&r2=982045&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java Tue Aug 3 22:05:18 2010
@@ -20,9 +20,6 @@
package org.apache.cxf.auth.oauth.endpoints;
import java.io.IOException;
-import java.net.URISyntaxException;
-import java.util.HashMap;
-import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
@@ -33,65 +30,25 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
-import net.oauth.OAuth;
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
import net.oauth.OAuthException;
-import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
-import net.oauth.server.OAuthServlet;
-import org.apache.cxf.auth.oauth.provider.AccessToken;
-import org.apache.cxf.auth.oauth.provider.ClientAuthNInfo;
-import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.auth.oauth.provider.RequestToken;
import org.apache.cxf.auth.oauth.utils.OAuthUtils;
-import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
import org.apache.cxf.common.logging.LogUtils;
/**
* @author Lukasz Moren
*/
@Path("/token")
-public class TokenCredentialsServiceImpl implements TokenCredentialsService {
+public class TokenCredentialsServiceImpl extends OAuthAbstractService implements TokenCredentialsService {
private static final Logger LOG = LogUtils.getL7dLogger(TokenCredentialsServiceImpl.class);
- private OAuthDataProvider oAuthDataProvider;
- private OAuthMessageValidator oAuthValidator = new OAuthMessageValidator();
-
@GET
@Produces("application/x-www-form-urlencoded")
public Response getTokenCredentials(@Context HttpServletRequest request) {
try {
- OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
-
- oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
- OAuth.OAUTH_TOKEN,
- OAuth.OAUTH_SIGNATURE_METHOD,
- OAuth.OAUTH_SIGNATURE,
- OAuth.OAUTH_TIMESTAMP,
- OAuth.OAUTH_NONCE,
- OAuth.OAUTH_VERIFIER);
-
- RequestToken token = oAuthDataProvider
- .getRequestToken(oAuthMessage.getToken(), oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER));
-
- ClientAuthNInfo authInfo = token.getClientAuthenticationInfo();
- OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
- authInfo.getSecretKey(), null);
- OAuthAccessor accessor = new OAuthAccessor(consumer);
- oAuthValidator.validateMessage(oAuthMessage, accessor);
-
- AccessToken accessToken = oAuthDataProvider.generateAccessToken(token);
-
- //create response
- Map<String, Object> responseParams = new HashMap<String, Object>();
- responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenString());
- responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
-
- String response = OAuth.formEncode(responseParams.entrySet());
- return Response.ok(response).build();
+ return handler.handleAccessToken(request);
} catch (OAuthProblemException e) {
if (LOG.isLoggable(Level.WARNING)) {
@@ -108,16 +65,6 @@ public class TokenCredentialsServiceImpl
LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
}
throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- } catch (URISyntaxException e) {
- if (LOG.isLoggable(Level.WARNING)) {
- LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
- }
- throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
-
- }
-
- public void setoAuthDataProvider(OAuthDataProvider provider) {
- this.oAuthDataProvider = provider;
}
}
Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/DefaultOAuthRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/DefaultOAuthRequestHandler.java?rev=982045&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/DefaultOAuthRequestHandler.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/DefaultOAuthRequestHandler.java Tue Aug 3 22:05:18 2010
@@ -0,0 +1,273 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.handlers;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.auth.oauth.endpoints.AuthorizationService;
+import org.apache.cxf.auth.oauth.provider.ClientAuthNInfo;
+import org.apache.cxf.auth.oauth.provider.OAuthAuthorizationData;
+import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.auth.oauth.tokens.AccessToken;
+import org.apache.cxf.auth.oauth.tokens.RequestToken;
+import org.apache.cxf.auth.oauth.validation.OAuthValidator;
+import org.apache.cxf.common.logging.LogUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+public class DefaultOAuthRequestHandler implements OAuthRequestHandler {
+ private static final Logger LOG = LogUtils.getL7dLogger(DefaultOAuthRequestHandler.class);
+
+ private OAuthDataProvider dataProvider;
+ private OAuthValidator validator;
+
+ public Response handleTemporaryCredentials(HttpServletRequest request)
+ throws IOException, ServletException, OAuthException {
+ //todo add realm optional parameter
+ //todo check if entity-body single part?
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.log(Level.FINE, "Temporary Service Credentials service invoked by host: {0}",
+ new Object[] {request.getRemoteHost()});
+ }
+ OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+
+ oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
+ OAuth.OAUTH_SIGNATURE_METHOD,
+ OAuth.OAUTH_SIGNATURE,
+ OAuth.OAUTH_TIMESTAMP,
+ OAuth.OAUTH_NONCE,
+ OAuth.OAUTH_CALLBACK);
+
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.log(Level.FINE, "All required OAuth parameters are present");
+ }
+
+ ClientAuthNInfo authNInfo = dataProvider
+ .getClientAuthenticationInfo(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));
+
+ //client credentials not found
+ if (authNInfo == null) {
+ OAuthProblemException problemEx = new OAuthProblemException(
+ OAuth.Problems.CONSUMER_KEY_UNKNOWN);
+ problemEx
+ .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
+ HttpServletResponse.SC_UNAUTHORIZED);
+ throw problemEx;
+ }
+
+ OAuthConsumer consumer = new OAuthConsumer(oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK),
+ authNInfo.getConsumerKey(), authNInfo.getSecretKey(), null);
+
+ OAuthAccessor accessor = new OAuthAccessor(consumer);
+
+ //validate message
+ try {
+ validator.validateMessage(oAuthMessage, accessor);
+ } catch (URISyntaxException e) {
+ throw new OAuthException(e);
+ }
+
+ //set callback url from request, or use preregistered one
+ authNInfo = setCallbackURL(authNInfo,
+ oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK));
+
+ RequestToken requestToken = dataProvider.generateRequestToken(authNInfo);
+
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
+ }
+ //create response
+ Map<String, Object> responseParams = new HashMap<String, Object>();
+ responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenString());
+ responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
+ responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);
+
+ String responseBody = OAuth.formEncode(responseParams.entrySet());
+
+ return Response.ok(responseBody).build();
+
+ }
+
+ public OAuthAuthorizationData handleAuthorization(HttpServletRequest request,
+ HttpServletResponse response,
+ String oAuthCredentialsPage)
+ throws OAuthException, IOException {
+ LOG.log(Level.INFO, "Resource Owner Authorization Endpoint invoked");
+
+ //create security token that is passed to sign in page and validate it in confirmation service
+ OAuthAuthorizationData secData = new OAuthAuthorizationData();
+
+ OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+ oAuthMessage.requireParameters(OAuth.OAUTH_TOKEN);
+
+ try {
+ validator.checkParameters(oAuthMessage);
+ } catch (URISyntaxException e) {
+ throw new OAuthException(e);
+ }
+
+ RequestToken token = dataProvider.saveSecurityToken(oAuthMessage.getToken());
+
+ //user credentials not found
+ if (token == null) {
+ if (LOG.isLoggable(Level.WARNING)) {
+ LOG.log(Level.WARNING, "Request token was not found customer key was not found");
+ }
+ return secData;
+ }
+
+ addAdditionalParams(secData, token);
+ return secData;
+ }
+
+
+ public Response handleConfirmation(HttpServletRequest request) throws IOException, OAuthProblemException {
+ OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+ oAuthMessage.requireParameters(OAuth.OAUTH_TOKEN, AuthorizationService.SEC_TOKEN);
+
+ // todo how long oauth verifier?, it SHOULD be suitable for manual entry acording to spec
+ // generate oauth verifier
+ RequestToken requestToken = dataProvider
+ .validateRequestToken(oAuthMessage.getToken(), oAuthMessage
+ .getParameter(AuthorizationService.SEC_TOKEN));
+
+ ClientAuthNInfo clientInfo = requestToken.getClientAuthenticationInfo();
+ StringBuffer callback = new StringBuffer(clientInfo.getCallbackURL()).append("?oauth_token=")
+ .append(oAuthMessage.getToken()).append("&oauth_verifier=").append(
+ requestToken
+ .getOauthVerifier());
+
+ return Response.status(HttpServletResponse.SC_MOVED_TEMPORARILY).location(
+ URI.create(callback
+ .toString()))
+ .build();
+ }
+
+
+ public Response handleAccessToken(HttpServletRequest request)
+ throws IOException, OAuthException {
+ OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+
+ oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
+ OAuth.OAUTH_TOKEN,
+ OAuth.OAUTH_SIGNATURE_METHOD,
+ OAuth.OAUTH_SIGNATURE,
+ OAuth.OAUTH_TIMESTAMP,
+ OAuth.OAUTH_NONCE,
+ OAuth.OAUTH_VERIFIER);
+
+ RequestToken token = dataProvider
+ .getRequestToken(oAuthMessage.getToken(), oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER));
+
+ ClientAuthNInfo authInfo = token.getClientAuthenticationInfo();
+ OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
+ authInfo.getSecretKey(), null);
+ OAuthAccessor accessor = new OAuthAccessor(consumer);
+ try {
+ validator.validateMessage(oAuthMessage, accessor);
+ } catch (URISyntaxException e) {
+ throw new OAuthException(e);
+ }
+
+ AccessToken accessToken = dataProvider.generateAccessToken(token);
+
+ //create response
+ Map<String, Object> responseParams = new HashMap<String, Object>();
+ responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenString());
+ responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
+
+ String response = OAuth.formEncode(responseParams.entrySet());
+ return Response.ok(response).build();
+ }
+
+
+ public void handleAuthenticatedRequest(HttpServletRequest request)
+ throws IOException, OAuthException {
+ OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+
+ oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
+ OAuth.OAUTH_TOKEN,
+ OAuth.OAUTH_SIGNATURE_METHOD,
+ OAuth.OAUTH_SIGNATURE,
+ OAuth.OAUTH_TIMESTAMP,
+ OAuth.OAUTH_NONCE);
+
+ AccessToken accessToken = dataProvider.getAccessToken(oAuthMessage.getToken());
+ ClientAuthNInfo authInfo = accessToken.getClientAuthenticationInfo();
+
+
+ OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
+ authInfo.getSecretKey(), null);
+
+ OAuthAccessor accessor = new OAuthAccessor(consumer);
+
+ try {
+ validator.validateMessage(oAuthMessage, accessor);
+ } catch (URISyntaxException e) {
+ throw new OAuthException(e);
+ }
+ }
+
+
+ protected void addAdditionalParams(OAuthAuthorizationData secData, RequestToken token) {
+ secData.setOauthToken(token.getTokenString());
+ secData.setSecurityToken(token.getSecurityToken());
+ secData.setApplicationName(token.getClientAuthenticationInfo().getApplicationName());
+ }
+
+ //todo check if this same as registered
+
+ protected ClientAuthNInfo setCallbackURL(ClientAuthNInfo authNInfo,
+ String oauthCallback) {
+
+ if (!oauthCallback.equals(ClientAuthNInfo.OAUTH_OOB)) {
+ authNInfo.setCallbackURL(oauthCallback);
+ }
+
+ return authNInfo;
+ }
+
+
+ public void setOAuthValidator(OAuthValidator oAuthValidator) {
+ this.validator = oAuthValidator;
+ }
+
+ public void setOAuthDataProvider(OAuthDataProvider provider) {
+ this.dataProvider = provider;
+ }
+}
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/DefaultOAuthRequestHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/DefaultOAuthRequestHandler.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java?rev=982045&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java Tue Aug 3 22:05:18 2010
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.handlers;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuthException;
+import net.oauth.OAuthProblemException;
+
+import org.apache.cxf.auth.oauth.provider.OAuthAuthorizationData;
+import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.auth.oauth.validation.OAuthValidator;
+
+/**
+ * @author Lukasz Moren
+ */
+public interface OAuthRequestHandler {
+ String OAUTH_REQUEST_HANDLER_CLASS_NAME = "oauthRequestHandlerClassName";
+ String OAUTH_REQUEST_HANDLER = "oauthRequestHandler";
+
+ String OAUTH_AUTH_DATA = "oauthauthorizationdata";
+ String OAUTH_CREDENTIALS_PAGE = "oAuthCredentialsPage";
+
+
+ Response handleTemporaryCredentials(HttpServletRequest request)
+ throws IOException, ServletException, OAuthException;
+
+ OAuthAuthorizationData handleAuthorization(HttpServletRequest request, HttpServletResponse response,
+ String oAuthCredentialsPage)
+ throws OAuthException, IOException;
+
+ Response handleConfirmation(HttpServletRequest request) throws IOException, OAuthProblemException;
+
+ Response handleAccessToken(HttpServletRequest request)
+ throws IOException, OAuthException;
+
+ void handleAuthenticatedRequest(HttpServletRequest request)
+ throws IOException, OAuthException;
+
+
+ void setOAuthValidator(OAuthValidator oAuthValidator);
+
+ void setOAuthDataProvider(OAuthDataProvider provider);
+
+}
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityInterceptor.java?rev=982045&r1=982044&r2=982045&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityInterceptor.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityInterceptor.java Tue Aug 3 22:05:18 2010
@@ -23,19 +23,11 @@ import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import net.oauth.OAuth;
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
import net.oauth.OAuthException;
-import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
-import net.oauth.server.OAuthServlet;
-import org.apache.cxf.auth.oauth.provider.AccessToken;
-import org.apache.cxf.auth.oauth.provider.ClientAuthNInfo;
-import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
import org.apache.cxf.auth.oauth.utils.OAuthUtils;
-import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
@@ -49,8 +41,7 @@ import org.apache.cxf.transport.http.Abs
public class OAuthSecurityInterceptor extends AbstractPhaseInterceptor<Message> {
private static final Logger LOG = LogUtils.getL7dLogger(OAuthSecurityInterceptor.class);
- private OAuthDataProvider oAuthDataProvider;
- private OAuthMessageValidator oAuthValidator = new OAuthMessageValidator();
+ private OAuthRequestHandler handler;
public OAuthSecurityInterceptor() {
super(Phase.RECEIVE);
@@ -64,27 +55,8 @@ public class OAuthSecurityInterceptor ex
HttpServletRequest request = (HttpServletRequest)message.get(AbstractHTTPDestination.HTTP_REQUEST);
HttpServletResponse response = (HttpServletResponse)message
.get(AbstractHTTPDestination.HTTP_RESPONSE);
-
- OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
-
try {
- oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
- OAuth.OAUTH_TOKEN,
- OAuth.OAUTH_SIGNATURE_METHOD,
- OAuth.OAUTH_SIGNATURE,
- OAuth.OAUTH_TIMESTAMP,
- OAuth.OAUTH_NONCE);
-
- AccessToken accessToken = oAuthDataProvider.getAccessToken(oAuthMessage.getToken());
- ClientAuthNInfo authInfo = accessToken.getClientAuthenticationInfo();
-
-
- OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
- authInfo.getSecretKey(), null);
-
- OAuthAccessor accessor = new OAuthAccessor(consumer);
-
- oAuthValidator.validateMessage(oAuthMessage, accessor);
+ handler.handleAuthenticatedRequest(request);
} catch (OAuthProblemException e) {
if (LOG.isLoggable(Level.WARNING)) {
@@ -109,7 +81,7 @@ public class OAuthSecurityInterceptor ex
m.getInterceptorChain().abort();
}
- public void setoAuthDataProvider(OAuthDataProvider provider) {
- this.oAuthDataProvider = provider;
+ public void setHandler(OAuthRequestHandler handler) {
+ this.handler = handler;
}
}
Copied: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java (from r981471, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java)
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java?p2=cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java&p1=cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java&r1=981471&r2=982045&rev=982045&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java Tue Aug 3 22:05:18 2010
@@ -29,6 +29,9 @@ import javax.servlet.http.HttpServletRes
import net.oauth.OAuth;
import net.oauth.OAuthProblemException;
+import org.apache.cxf.auth.oauth.tokens.AccessToken;
+import org.apache.cxf.auth.oauth.tokens.RequestToken;
+import org.apache.cxf.auth.oauth.tokens.Token;
import org.apache.cxf.auth.oauth.utils.OAuthUtils;
import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
import org.apache.cxf.jaxrs.impl.MetadataMap;
@@ -36,15 +39,15 @@ import org.apache.cxf.jaxrs.impl.Metadat
/**
* @author Lukasz Moren
*/
-public class OAuthDataProviderImpl implements OAuthDataProvider {
+public class MemoryOauthDataProvider implements OAuthDataProvider {
- private ConcurrentHashMap<String, ClientAuthNInfo> clientAuthInfo
+ protected ConcurrentHashMap<String, ClientAuthNInfo> clientAuthInfo
= new ConcurrentHashMap<String, ClientAuthNInfo>();
- private MetadataMap<Object, String> userRegisteredApps
+ protected MetadataMap<Object, String> userRegisteredApps
= new MetadataMap<Object, String>();
- private ConcurrentHashMap<String, Token> oauthTokens
+ protected ConcurrentHashMap<String, Token> oauthTokens
= new ConcurrentHashMap<String, Token>();
public ClientAuthNInfo getClientAuthenticationInfo(String consumerKey) {
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java?rev=982045&r1=982044&r2=982045&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java Tue Aug 3 22:05:18 2010
@@ -23,11 +23,16 @@ import java.util.Set;
import net.oauth.OAuthProblemException;
+import org.apache.cxf.auth.oauth.tokens.AccessToken;
+import org.apache.cxf.auth.oauth.tokens.RequestToken;
+
/**
* @author Lukasz Moren
*/
//todo add client credentials checking
public interface OAuthDataProvider {
+ String OAUTH_DATA_PROVIDER_CLASS_NAME = "oauthDataProviderClassName";
+
ClientAuthNInfo getClientAuthenticationInfo(String consumerKey);
RequestToken generateRequestToken(ClientAuthNInfo authInfo);
Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AccessTokenServlet.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AccessTokenServlet.java?rev=982045&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AccessTokenServlet.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AccessTokenServlet.java Tue Aug 3 22:05:18 2010
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.servlets;
+
+import java.io.IOException;
+import java.util.logging.Level;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthException;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+public class AccessTokenServlet extends OAuthAbstractServlet {
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ try {
+ Response response = handler.handleAccessToken(req);
+ Object entity = response.getEntity();
+ OAuthUtils.prepareHttpServletResponse(resp, entity, response.getStatus(), OAuth.FORM_ENCODED);
+
+ } catch (OAuthProblemException e) {
+ if (LOG.isLoggable(Level.WARNING)) {
+ LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
+ }
+ OAuthServlet.handleException(resp, e, "", true);
+ } catch (OAuthException e) {
+ if (LOG.isLoggable(Level.WARNING)) {
+ LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
+ }
+ throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ }
+ }
+}
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AccessTokenServlet.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AccessTokenServlet.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AuthorizationServlet.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AuthorizationServlet.java?rev=982045&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AuthorizationServlet.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AuthorizationServlet.java Tue Aug 3 22:05:18 2010
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.servlets;
+
+import java.io.IOException;
+import java.util.logging.Level;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import net.oauth.OAuthException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
+import org.apache.cxf.auth.oauth.provider.OAuthAuthorizationData;
+import org.apache.cxf.common.util.StringUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+public class AuthorizationServlet extends OAuthAbstractServlet {
+
+ private String oAuthCredentialsPage;
+
+ public void init(ServletConfig config) throws ServletException {
+ super.init(config);
+ oAuthCredentialsPage = config.getInitParameter(OAuthRequestHandler.OAUTH_CREDENTIALS_PAGE);
+ if (StringUtils.isEmpty(oAuthCredentialsPage)) {
+ throw new ServletException(
+ "Please provide servlet init parameter: " + OAuthRequestHandler.OAUTH_CREDENTIALS_PAGE);
+ }
+ }
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ try {
+ OAuthAuthorizationData oAuthAutzData = handler.handleAuthorization(req, resp, "");
+
+ req.setAttribute(OAuthRequestHandler.OAUTH_AUTH_DATA, oAuthAutzData);
+ RequestDispatcher rd = req.getRequestDispatcher(oAuthCredentialsPage);
+ rd.forward(req, resp);
+ } catch (OAuthException e) {
+ if (LOG.isLoggable(Level.SEVERE)) {
+ LOG.log(Level.SEVERE, "OAuth library exception: {0}", new Object[] {e.toString()});
+ }
+ OAuthServlet.handleException(resp, e, "", true);
+ }
+ }
+}
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AuthorizationServlet.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/AuthorizationServlet.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/ConfirmationServlet.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/ConfirmationServlet.java?rev=982045&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/ConfirmationServlet.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/ConfirmationServlet.java Tue Aug 3 22:05:18 2010
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.servlets;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+public class ConfirmationServlet extends OAuthAbstractServlet {
+ public void init(ServletConfig config) throws ServletException {
+ super.init(config);
+ }
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ try {
+ Response response = handler.handleConfirmation(req);
+ String location = String.valueOf(response.getMetadata().getFirst(HttpHeaders.CONTENT_LOCATION));
+
+ Map<String, String> headers = new HashMap<String, String>();
+ headers.put(HttpHeaders.CONTENT_LOCATION, location);
+
+ OAuthUtils.prepareHttpServletResponse(resp, response.getStatus(), headers);
+ } catch (OAuthProblemException e) {
+ if (LOG.isLoggable(Level.WARNING)) {
+ LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
+ }
+ OAuthServlet.handleException(resp, e, "", true);
+ }
+ }
+}
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/ConfirmationServlet.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/ConfirmationServlet.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthAbstractServlet.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthAbstractServlet.java?rev=982045&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthAbstractServlet.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthAbstractServlet.java Tue Aug 3 22:05:18 2010
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.servlets;
+
+import java.util.logging.Logger;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+
+import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.common.logging.LogUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+public abstract class OAuthAbstractServlet extends HttpServlet {
+ protected static final Logger LOG = LogUtils.getL7dLogger(OAuthAbstractServlet.class);
+
+ protected OAuthRequestHandler handler;
+
+ public void init(ServletConfig config) throws ServletException {
+ super.init(config);
+ handler = OAuthUtils.initiateServletContext(config.getServletContext(), LOG);
+ }
+}
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthAbstractServlet.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthAbstractServlet.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthRequestFilter.java?rev=982045&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthRequestFilter.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthRequestFilter.java Tue Aug 3 22:05:18 2010
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.servlets;
+
+import java.io.IOException;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import net.oauth.OAuthException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.common.logging.LogUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+public class OAuthRequestFilter implements Filter {
+ protected static final Logger LOG = LogUtils.getL7dLogger(OAuthAbstractServlet.class);
+
+ protected OAuthRequestHandler handler;
+
+ public void init(FilterConfig config) throws ServletException {
+ handler = OAuthUtils.initiateServletContext(config.getServletContext(), LOG);
+ }
+
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ HttpServletRequest req = (HttpServletRequest)request;
+ HttpServletResponse resp = (HttpServletResponse)response;
+
+ doFilter(request, response, chain);
+
+ try {
+ handler.handleAuthenticatedRequest(req);
+ } catch (OAuthException e) {
+ if (LOG.isLoggable(Level.WARNING)) {
+ LOG.log(Level.WARNING, "OAuth exception: {0}", new Object[] {e.toString()});
+ }
+ OAuthServlet.handleException(resp, e, "", true);
+ }
+ }
+
+ public void destroy() {
+ }
+}
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthRequestFilter.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/OAuthRequestFilter.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/TemporaryCredentialsServlet.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/TemporaryCredentialsServlet.java?rev=982045&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/TemporaryCredentialsServlet.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/TemporaryCredentialsServlet.java Tue Aug 3 22:05:18 2010
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.servlets;
+
+import java.io.IOException;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthException;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.common.logging.LogUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+public class TemporaryCredentialsServlet extends OAuthAbstractServlet {
+
+ private static final Logger LOG = LogUtils.getL7dLogger(TemporaryCredentialsServlet.class);
+
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ try {
+ Response response = handler.handleTemporaryCredentials(req);
+ Object entity = response.getEntity();
+ OAuthUtils.prepareHttpServletResponse(resp, entity, response.getStatus(), OAuth.FORM_ENCODED);
+
+
+ } catch (OAuthProblemException e) {
+ if (LOG.isLoggable(Level.WARNING)) {
+ LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
+ }
+ OAuthServlet.handleException(resp, e, "", true);
+ } catch (OAuthException e) {
+ if (LOG.isLoggable(Level.SEVERE)) {
+ LOG.log(Level.SEVERE, "OAuth library exception: {0}", new Object[] {e.toString()});
+ }
+ OAuthServlet.handleException(resp, e, "", true);
+ } catch (Exception e) {
+ if (LOG.isLoggable(Level.SEVERE)) {
+ LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
+ new Object[] {e.toString()});
+ }
+ OAuthServlet.handleException(resp, e, "", true);
+ }
+ }
+}
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/TemporaryCredentialsServlet.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/TemporaryCredentialsServlet.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java?rev=982045&r1=982044&r2=982045&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java Tue Aug 3 22:05:18 2010
@@ -23,6 +23,7 @@ import net.oauth.OAuthException;
/**
* @author Lukasz Moren
*/
+//todo cahnge token generation
public interface TokenGenerator {
String generateToken(byte[] input) throws OAuthException;
}