You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by li...@apache.org on 2009/02/23 17:52:16 UTC

svn commit: r747078 - /incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java

Author: lindner
Date: Mon Feb 23 16:52:15 2009
New Revision: 747078

URL: http://svn.apache.org/viewvc?rev=747078&view=rev
Log:
throw 401s when we have invalid OAuth credentials instead of falling through

Modified:
    incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java

Modified: incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java?rev=747078&r1=747077&r2=747078&view=diff
==============================================================================
--- incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java (original)
+++ incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java Mon Feb 23 16:52:15 2009
@@ -59,26 +59,17 @@
     OAuthMessage message = OAuthServlet.getMessage(request, null);
     OAuthEntry entry;
 
-
     try {
-      // no token available...
+      // We only return null if this request 
       if (message.getToken() == null) return null;
+      // no token available...
 
       entry = store.getEntry(message.getToken());
     } catch (IOException e) {
       return null;
     }
 
-    if (!isValidOAuthRequest(message, entry)) {
-      return null;
-    }
-
-    return new OAuthSecurityToken(entry.userId, entry.callbackUrl, entry.appId,
-        entry.domain, entry.container);
-  }
-
-  private boolean isValidOAuthRequest(OAuthMessage message, OAuthEntry entry) {
-    if (entry == null) 
+    if (entry == null)
       throw new InvalidAuthenticationException("access token not found.", null);
     if (entry.type != OAuthEntry.Type.ACCESS)
       throw new InvalidAuthenticationException("token is not an access token.", null);
@@ -97,11 +88,12 @@
     } catch (OAuthException e) {
       throw new InvalidAuthenticationException(e.getMessage(), e);
     } catch (IOException e) {
-      return false;
+      throw new InvalidAuthenticationException(e.getMessage(), e);
     } catch (URISyntaxException e) {
-      return false;
+      throw new InvalidAuthenticationException(e.getMessage(), e);
     }
 
-    return true;
+    return new OAuthSecurityToken(entry.userId, entry.callbackUrl, entry.appId,
+        entry.domain, entry.container);
   }
 }