You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by et...@apache.org on 2008/05/10 04:54:18 UTC
svn commit: r655007 - in /incubator/shindig/trunk/java:
gadgets/src/main/java/org/apache/shindig/common/
gadgets/src/main/java/org/apache/shindig/gadgets/
gadgets/src/main/java/org/apache/shindig/gadgets/http/
social-api/src/main/java/org/apache/shindi...
Author: etnu
Date: Fri May 9 19:54:17 2008
New Revision: 655007
URL: http://svn.apache.org/viewvc?rev=655007&view=rev
Log:
Added a new exception type (SecurityTokenException) as a part of the ongoing effort to move common components out of the gadgets artifact.
The only remaining task now is moving this code into src/common, but that will be left until other common components, such as RemoteContentFetcher, are complete.
Added:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/SecurityTokenException.java
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/SecurityTokenDecoder.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetException.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpGadgetContext.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/ProxyHandler.java
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/GadgetDataServlet.java
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java?rev=655007&r1=655006&r2=655007&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/BasicSecurityTokenDecoder.java Fri May 9 19:54:17 2008
@@ -18,8 +18,6 @@
*/
package org.apache.shindig.common;
-import org.apache.shindig.gadgets.GadgetException;
-import org.apache.shindig.gadgets.GadgetException.Code;
import org.apache.shindig.util.BlobCrypterException;
import java.io.UnsupportedEncodingException;
@@ -43,7 +41,8 @@
*
* Returns a token with some faked out values.
*/
- public SecurityToken createToken(String stringToken) throws GadgetException {
+ public SecurityToken createToken(String stringToken)
+ throws SecurityTokenException {
try {
String[] tokens = stringToken.split(":");
return new BasicSecurityToken(
@@ -54,9 +53,9 @@
URLDecoder.decode(tokens[APP_URL_INDEX], "UTF-8"),
URLDecoder.decode(tokens[MODULE_ID_INDEX], "UTF-8"));
} catch (BlobCrypterException e) {
- throw new GadgetException(GadgetException.Code.INVALID_GADGET_TOKEN, e);
+ throw new SecurityTokenException(e);
} catch (UnsupportedEncodingException e) {
- throw new GadgetException(GadgetException.Code.INVALID_GADGET_TOKEN, e);
+ throw new SecurityTokenException(e);
}
}
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/SecurityTokenDecoder.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/SecurityTokenDecoder.java?rev=655007&r1=655006&r2=655007&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/SecurityTokenDecoder.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/SecurityTokenDecoder.java Fri May 9 19:54:17 2008
@@ -18,8 +18,6 @@
*/
package org.apache.shindig.common;
-import org.apache.shindig.gadgets.GadgetException;
-
/**
* Handles verification of gadget security tokens.
*/
@@ -27,10 +25,11 @@
/**
* Decrypts and verifies a gadget security token to return a gadget token.
- *
+ *
* @param tokenString String representation of the token to be created.
* @return The token representation of the input data.
- * @throws GadgetException If tokenString is not a valid token
+ * @throws SecurityTokenException If tokenString is not a valid token
*/
- public SecurityToken createToken(String tokenString) throws GadgetException;
+ public SecurityToken createToken(String tokenString)
+ throws SecurityTokenException;
}
Added: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/SecurityTokenException.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/SecurityTokenException.java?rev=655007&view=auto
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/SecurityTokenException.java (added)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/common/SecurityTokenException.java Fri May 9 19:54:17 2008
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.shindig.common;
+
+/**
+ * Exceptions thrown by SecurityTokenDecoder implementations.
+ */
+public class SecurityTokenException extends Exception {
+ public SecurityTokenException(String message) {
+ super(message);
+ }
+ public SecurityTokenException(Exception cause) {
+ super(cause);
+ }
+ public SecurityTokenException(String message, Exception cause) {
+ super(message, cause);
+ }
+}
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetException.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetException.java?rev=655007&r1=655006&r2=655007&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetException.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetException.java Fri May 9 19:54:17 2008
@@ -33,7 +33,7 @@
// User-data related errors.
INVALID_USER_DATA,
- INVALID_GADGET_TOKEN,
+ INVALID_SECURITY_TOKEN,
// General xml
EMPTY_XML_DOCUMENT,
@@ -64,11 +64,11 @@
// Blacklisting
BLACKLISTED_GADGET,
-
+
// OAuth
OAUTH_STORAGE_ERROR,
OAUTH_APPROVAL_NEEDED,
-
+
// Signed fetch
REQUEST_SIGNING_FAILURE,
}
@@ -83,7 +83,7 @@
super(cause);
this.code = code;
}
-
+
public GadgetException(Code code, String msg, Throwable cause) {
super(msg, cause);
this.code = code;
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpGadgetContext.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpGadgetContext.java?rev=655007&r1=655006&r2=655007&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpGadgetContext.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpGadgetContext.java Fri May 9 19:54:17 2008
@@ -21,6 +21,7 @@
import org.apache.shindig.common.SecurityToken;
import org.apache.shindig.common.SecurityTokenDecoder;
+import org.apache.shindig.common.SecurityTokenException;
import org.apache.shindig.gadgets.GadgetContext;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.RenderingContext;
@@ -260,7 +261,12 @@
if (tokenString == null || tokenString.length() == 0) {
return super.getToken();
} else {
- return tokenDecoder.createToken(tokenString);
+ try {
+ return tokenDecoder.createToken(tokenString);
+ } catch (SecurityTokenException e) {
+ throw new GadgetException(
+ GadgetException.Code.INVALID_SECURITY_TOKEN, e);
+ }
}
}
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/ProxyHandler.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/ProxyHandler.java?rev=655007&r1=655006&r2=655007&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/ProxyHandler.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/ProxyHandler.java Fri May 9 19:54:17 2008
@@ -20,6 +20,7 @@
import org.apache.shindig.common.SecurityToken;
import org.apache.shindig.common.SecurityTokenDecoder;
+import org.apache.shindig.common.SecurityTokenException;
import org.apache.shindig.gadgets.ContentFetcher;
import org.apache.shindig.gadgets.ContentFetcherFactory;
import org.apache.shindig.gadgets.GadgetException;
@@ -30,11 +31,12 @@
import org.apache.shindig.gadgets.spec.Auth;
import org.apache.shindig.gadgets.spec.Preload;
import org.apache.shindig.util.InputStreamConsumer;
-import org.json.JSONException;
-import org.json.JSONObject;
import com.google.inject.Inject;
+import org.json.JSONException;
+import org.json.JSONObject;
+
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
@@ -65,7 +67,7 @@
public static final String URL_PARAM = "url";
private static final String REFRESH_PARAM = "refresh";
- private static final Logger logger =
+ private static final Logger logger =
Logger.getLogger(ProxyHandler.class.getPackage().getName());
@@ -226,17 +228,21 @@
String authzType = getParameter(request, Preload.AUTHZ_ATTR, "");
Auth auth = Auth.parse(authzType);
- switch (auth) {
- case NONE:
- return contentFetcherFactory.get();
- case SIGNED:
- return contentFetcherFactory
- .getSigningFetcher(extractAndValidateToken(request));
- case AUTHENTICATED:
- return contentFetcherFactory.getOAuthFetcher(
- extractAndValidateToken(request), new OAuthRequestParams(request));
- default:
- return contentFetcherFactory.get();
+ try {
+ switch (auth) {
+ case NONE:
+ return contentFetcherFactory.get();
+ case SIGNED:
+ return contentFetcherFactory
+ .getSigningFetcher(extractAndValidateToken(request));
+ case AUTHENTICATED:
+ return contentFetcherFactory.getOAuthFetcher(
+ extractAndValidateToken(request), new OAuthRequestParams(request));
+ default:
+ return contentFetcherFactory.get();
+ }
+ } catch (SecurityTokenException e) {
+ throw new GadgetException(GadgetException.Code.INVALID_SECURITY_TOKEN, e);
}
}
@@ -248,7 +254,7 @@
RemoteContent results) {
try {
JSONObject resp = new JSONObject();
-
+
resp.put("body", results.getResponseAsString());
resp.put("rc", results.getHttpStatusCode());
@@ -288,7 +294,7 @@
logger.info(msg);
throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, msg);
}
-
+
if (request.getHeader("If-Modified-Since") != null) {
response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
return;
@@ -380,7 +386,7 @@
* @throws GadgetException
*/
private SecurityToken extractAndValidateToken(HttpServletRequest request)
- throws GadgetException {
+ throws SecurityTokenException {
String token = getParameter(request, SECURITY_TOKEN_PARAM, "");
return securityTokenDecoder.createToken(token);
}
Modified: incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/GadgetDataServlet.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/GadgetDataServlet.java?rev=655007&r1=655006&r2=655007&view=diff
==============================================================================
--- incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/GadgetDataServlet.java (original)
+++ incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/GadgetDataServlet.java Fri May 9 19:54:17 2008
@@ -19,7 +19,7 @@
import org.apache.shindig.common.SecurityToken;
import org.apache.shindig.common.SecurityTokenDecoder;
-import org.apache.shindig.gadgets.GadgetException;
+import org.apache.shindig.common.SecurityTokenException;
import org.apache.shindig.gadgets.http.InjectedServlet;
import org.apache.shindig.social.opensocial.util.BeanJsonConverter;
@@ -90,7 +90,7 @@
response = new DataResponse(createResponse(requestParam, token));
} catch (JSONException e) {
response = new DataResponse(ResponseError.BAD_REQUEST);
- } catch (GadgetException e) {
+ } catch (SecurityTokenException e) {
logger.info("Request was made with invalid security token: " + token);
response = new DataResponse(ResponseError.BAD_REQUEST);
}
@@ -101,9 +101,9 @@
}
private List<ResponseItem> createResponse(String requestParam, String token)
- throws JSONException, GadgetException {
+ throws JSONException, SecurityTokenException {
if (token == null || token.trim().length() == 0) {
- throw new GadgetException(GadgetException.Code.INVALID_GADGET_TOKEN);
+ throw new SecurityTokenException("Missing security token");
}
SecurityToken securityToken = securityTokenDecoder.createToken(token);