You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oltu.apache.org by as...@apache.org on 2012/01/25 10:01:51 UTC
svn commit: r1235697 - in /incubator/amber/trunk/oauth-2.0:
oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/
oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/
oauth2-authzserver/src/test/java/org/apache/amber/oa...
Author: asanso
Date: Wed Jan 25 09:01:50 2012
New Revision: 1235697
URL: http://svn.apache.org/viewvc?rev=1235697&view=rev
Log:
AMBER-42 : Update amber based on the latest oauth 2.0 draft v22 . Apply patch from Raymond Feng. Thanks!
Added:
incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/ClientCredentialValidator.java
Removed:
incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/AccessTokenAssertion.java
Modified:
incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthAuthzRequest.java
incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthRequest.java
incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthTokenRequest.java
incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/AuthorizationCodeValidator.java
incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeTokenValidator.java
incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeValidator.java
incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/PasswordValidator.java
incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/RefreshTokenValidator.java
incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/TokenValidator.java
incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/test/java/org/apache/amber/oauth2/as/OAuthRequestTest.java
incubator/amber/trunk/oauth-2.0/oauth2-client/src/main/java/org/apache/amber/oauth2/client/request/OAuthClientRequest.java
incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java
incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/error/OAuthError.java
incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/GrantType.java
incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/ResponseType.java
incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/utils/OAuthUtils.java
incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/AccessTokenTestAuthCodeTest.java
incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/AuthzEndpoint.java
incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/TokenEndpoint.java
incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java
incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java
Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthAuthzRequest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthAuthzRequest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthAuthzRequest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthAuthzRequest.java Wed Jan 25 09:01:50 2012
@@ -44,19 +44,20 @@ public class OAuthAuthzRequest extends O
}
@Override
- protected OAuthValidator initValidator() throws OAuthProblemException, OAuthSystemException {
+ protected OAuthValidator<HttpServletRequest> initValidator() throws OAuthProblemException, OAuthSystemException {
//end user authorization validators
validators.put(ResponseType.CODE.toString(), CodeValidator.class);
validators.put(ResponseType.TOKEN.toString(), TokenValidator.class);
+
String requestTypeValue = getParam(OAuth.OAUTH_RESPONSE_TYPE);
if (OAuthUtils.isEmpty(requestTypeValue)) {
throw OAuthUtils.handleOAuthProblemException("Missing response_type parameter value");
}
- Class clazz = validators.get(requestTypeValue);
+ Class<? extends OAuthValidator<HttpServletRequest>> clazz = validators.get(requestTypeValue);
if (clazz == null) {
throw OAuthUtils.handleOAuthProblemException("Invalid response_type parameter value");
}
- return (OAuthValidator)OAuthUtils.instantiateClass(clazz);
+ return OAuthUtils.instantiateClass(clazz);
}
@@ -64,4 +65,8 @@ public class OAuthAuthzRequest extends O
return getParam(OAuth.OAUTH_STATE);
}
+ public String getResponseType() {
+ return getParam(OAuth.OAUTH_RESPONSE_TYPE);
+ }
+
}
Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthRequest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthRequest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthRequest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthRequest.java Wed Jan 25 09:01:50 2012
@@ -24,6 +24,7 @@ package org.apache.amber.oauth2.as.reque
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
+
import javax.servlet.http.HttpServletRequest;
import org.apache.amber.oauth2.common.OAuth;
@@ -44,8 +45,9 @@ public abstract class OAuthRequest {
private Logger log = LoggerFactory.getLogger(OAuthRequest.class);
protected HttpServletRequest request;
- protected OAuthValidator validator;
- protected Map<String, Class> validators = new HashMap<String, Class>();
+ protected OAuthValidator<HttpServletRequest> validator;
+ protected Map<String, Class<? extends OAuthValidator<HttpServletRequest>>> validators =
+ new HashMap<String, Class<? extends OAuthValidator<HttpServletRequest>>>();
public OAuthRequest(HttpServletRequest request) throws OAuthSystemException, OAuthProblemException {
this.request = request;
@@ -69,8 +71,7 @@ public abstract class OAuthRequest {
}
} catch (Exception ex) {
if (log.isDebugEnabled()) {
- log.debug("Cannot read redirect_url from the request: {}",
- new String[] {ex.getMessage()});
+ log.debug("Cannot read redirect_url from the request: {}", new String[] {ex.getMessage()});
}
}
@@ -79,16 +80,13 @@ public abstract class OAuthRequest {
}
- protected abstract OAuthValidator initValidator() throws OAuthProblemException, OAuthSystemException;
+ protected abstract OAuthValidator<HttpServletRequest> initValidator() throws OAuthProblemException,
+ OAuthSystemException;
public String getParam(String name) {
return request.getParameter(name);
}
- public String getRefreshToken() {
- return getParam(OAuth.OAUTH_REFRESH_TOKEN);
- }
-
public String getClientId() {
return getParam(OAuth.OAUTH_CLIENT_ID);
}
Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthTokenRequest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthTokenRequest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthTokenRequest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthTokenRequest.java Wed Jan 25 09:01:50 2012
@@ -24,7 +24,7 @@ package org.apache.amber.oauth2.as.reque
import javax.servlet.http.HttpServletRequest;
import org.apache.amber.oauth2.as.validator.AuthorizationCodeValidator;
-import org.apache.amber.oauth2.as.validator.AssertionValidator;
+import org.apache.amber.oauth2.as.validator.ClientCredentialValidator;
import org.apache.amber.oauth2.as.validator.PasswordValidator;
import org.apache.amber.oauth2.as.validator.RefreshTokenValidator;
import org.apache.amber.oauth2.common.OAuth;
@@ -48,20 +48,20 @@ public class OAuthTokenRequest extends O
}
@Override
- protected OAuthValidator initValidator() throws OAuthProblemException, OAuthSystemException {
+ protected OAuthValidator<HttpServletRequest> initValidator() throws OAuthProblemException, OAuthSystemException {
validators.put(GrantType.PASSWORD.toString(), PasswordValidator.class);
- validators.put(GrantType.ASSERTION.toString(), AssertionValidator.class);
+ validators.put(GrantType.CLIENT_CREDENTIALS.toString(), ClientCredentialValidator.class);
validators.put(GrantType.AUTHORIZATION_CODE.toString(), AuthorizationCodeValidator.class);
validators.put(GrantType.REFRESH_TOKEN.toString(), RefreshTokenValidator.class);
String requestTypeValue = getParam(OAuth.OAUTH_GRANT_TYPE);
if (OAuthUtils.isEmpty(requestTypeValue)) {
throw OAuthUtils.handleOAuthProblemException("Missing grant_type parameter value");
}
- Class clazz = validators.get(requestTypeValue);
+ Class<? extends OAuthValidator<HttpServletRequest>> clazz = validators.get(requestTypeValue);
if (clazz == null) {
throw OAuthUtils.handleOAuthProblemException("Invalid grant_type parameter value");
}
- return (OAuthValidator)OAuthUtils.instantiateClass(clazz);
+ return OAuthUtils.instantiateClass(clazz);
}
public String getPassword() {
@@ -72,14 +72,10 @@ public class OAuthTokenRequest extends O
return getParam(OAuth.OAUTH_USERNAME);
}
- public String getAssertion() {
- return getParam(OAuth.OAUTH_ASSERTION);
+ public String getRefreshToken() {
+ return getParam(OAuth.OAUTH_REFRESH_TOKEN);
}
-
- public String getAssertionType() {
- return getParam(OAuth.OAUTH_ASSERTION_TYPE);
- }
-
+
public String getCode() {
return getParam(OAuth.OAUTH_CODE);
}
Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/AuthorizationCodeValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/AuthorizationCodeValidator.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/AuthorizationCodeValidator.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/AuthorizationCodeValidator.java Wed Jan 25 09:01:50 2012
@@ -21,6 +21,8 @@
package org.apache.amber.oauth2.as.validator;
+import javax.servlet.http.HttpServletRequest;
+
import org.apache.amber.oauth2.common.OAuth;
import org.apache.amber.oauth2.common.validators.AbstractValidator;
@@ -29,7 +31,7 @@ import org.apache.amber.oauth2.common.va
* @author Lukasz Moren (lukasz.moren@ncl.ac.uk)
* @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
*/
-public class AuthorizationCodeValidator extends AbstractValidator {
+public class AuthorizationCodeValidator extends AbstractValidator<HttpServletRequest> {
public AuthorizationCodeValidator() {
requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
Added: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/ClientCredentialValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/ClientCredentialValidator.java?rev=1235697&view=auto
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/ClientCredentialValidator.java (added)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/ClientCredentialValidator.java Wed Jan 25 09:01:50 2012
@@ -0,0 +1,33 @@
+/**
+ * Copyright 2010 Newcastle University
+ *
+ * http://research.ncl.ac.uk/smart/
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.amber.oauth2.as.validator;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.amber.oauth2.common.OAuth;
+import org.apache.amber.oauth2.common.validators.AbstractValidator;
+
+public class ClientCredentialValidator extends AbstractValidator<HttpServletRequest> {
+ public ClientCredentialValidator() {
+ requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
+ }
+}
Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeTokenValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeTokenValidator.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeTokenValidator.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeTokenValidator.java Wed Jan 25 09:01:50 2012
@@ -0,0 +1,59 @@
+
+/**
+ * Copyright 2010 Newcastle University
+ *
+ * http://research.ncl.ac.uk/smart/
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.amber.oauth2.as.validator;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.amber.oauth2.common.OAuth;
+import org.apache.amber.oauth2.common.error.OAuthError;
+import org.apache.amber.oauth2.common.exception.OAuthProblemException;
+import org.apache.amber.oauth2.common.validators.AbstractValidator;
+
+
+/**
+ * @author Maciej Machulak (m.p.machulak@ncl.ac.uk)
+ * @author Lukasz Moren (lukasz.moren@ncl.ac.uk)
+ * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
+ */
+public class CodeTokenValidator extends AbstractValidator<HttpServletRequest> {
+
+ public CodeTokenValidator() {
+ requiredParams.add(OAuth.OAUTH_RESPONSE_TYPE);
+ requiredParams.add(OAuth.OAUTH_CLIENT_ID);
+ requiredParams.add(OAuth.OAUTH_REDIRECT_URI);
+ }
+
+ @Override
+ public void validateMethod(HttpServletRequest request) throws OAuthProblemException {
+ String method = request.getMethod();
+ if (!method.equals(OAuth.HttpMethod.GET) && !method.equals(OAuth.HttpMethod.POST)) {
+ throw OAuthProblemException.error(OAuthError.CodeResponse.INVALID_REQUEST)
+ .description("Method not correct.");
+ }
+ }
+
+ @Override
+ public void validateContentType(HttpServletRequest request) throws OAuthProblemException {
+ }
+}
+
Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeValidator.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeValidator.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeValidator.java Wed Jan 25 09:01:50 2012
@@ -34,7 +34,7 @@ import org.apache.amber.oauth2.common.va
* @author Lukasz Moren (lukasz.moren@ncl.ac.uk)
* @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
*/
-public class CodeValidator extends AbstractValidator {
+public class CodeValidator extends AbstractValidator<HttpServletRequest> {
public CodeValidator() {
requiredParams.add(OAuth.OAUTH_RESPONSE_TYPE);
Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/PasswordValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/PasswordValidator.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/PasswordValidator.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/PasswordValidator.java Wed Jan 25 09:01:50 2012
@@ -21,6 +21,8 @@
package org.apache.amber.oauth2.as.validator;
+import javax.servlet.http.HttpServletRequest;
+
import org.apache.amber.oauth2.common.OAuth;
import org.apache.amber.oauth2.common.validators.AbstractValidator;
@@ -29,7 +31,7 @@ import org.apache.amber.oauth2.common.va
* @author Lukasz Moren (lukasz.moren@ncl.ac.uk)
* @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
*/
-public class PasswordValidator extends AbstractValidator {
+public class PasswordValidator extends AbstractValidator<HttpServletRequest> {
public PasswordValidator() {
Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/RefreshTokenValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/RefreshTokenValidator.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/RefreshTokenValidator.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/RefreshTokenValidator.java Wed Jan 25 09:01:50 2012
@@ -22,6 +22,8 @@
package org.apache.amber.oauth2.as.validator;
+import javax.servlet.http.HttpServletRequest;
+
import org.apache.amber.oauth2.common.OAuth;
import org.apache.amber.oauth2.common.validators.AbstractValidator;
@@ -30,7 +32,7 @@ import org.apache.amber.oauth2.common.va
* @author Lukasz Moren (lukasz.moren@ncl.ac.uk)
* @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
*/
-public class RefreshTokenValidator extends AbstractValidator {
+public class RefreshTokenValidator extends AbstractValidator<HttpServletRequest> {
public RefreshTokenValidator() {
requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/TokenValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/TokenValidator.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/TokenValidator.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/TokenValidator.java Wed Jan 25 09:01:50 2012
@@ -33,7 +33,7 @@ import org.apache.amber.oauth2.common.va
* @author Lukasz Moren (lukasz.moren@ncl.ac.uk)
* @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
*/
-public class TokenValidator extends AbstractValidator {
+public class TokenValidator extends AbstractValidator<HttpServletRequest> {
public TokenValidator() {
requiredParams.add(OAuth.OAUTH_RESPONSE_TYPE);
Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/test/java/org/apache/amber/oauth2/as/OAuthRequestTest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/test/java/org/apache/amber/oauth2/as/OAuthRequestTest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/test/java/org/apache/amber/oauth2/as/OAuthRequestTest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/test/java/org/apache/amber/oauth2/as/OAuthRequestTest.java Wed Jan 25 09:01:50 2012
@@ -21,7 +21,15 @@
package org.apache.amber.oauth2.as;
+import static org.easymock.EasyMock.createMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.reset;
+import static org.easymock.EasyMock.verify;
+import static org.junit.Assert.fail;
+
import java.util.Set;
+
import javax.servlet.http.HttpServletRequest;
import junit.framework.Assert;
@@ -36,13 +44,6 @@ import org.apache.amber.oauth2.common.me
import org.apache.amber.oauth2.common.message.types.ResponseType;
import org.junit.Test;
-import static org.easymock.EasyMock.createMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.reset;
-import static org.easymock.EasyMock.verify;
-import static org.junit.Assert.fail;
-
/**
* @author Maciej Machulak (m.p.machulak@ncl.ac.uk)
@@ -225,13 +226,12 @@ public class OAuthRequestTest {
verify(request);
reset(request);
- expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
- .andStubReturn(GrantType.ASSERTION.toString());
expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.GET);
expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
+ expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE)).andStubReturn("authorization_code");
replay(request);
try {
@@ -281,7 +281,7 @@ public class OAuthRequestTest {
reset(request);
expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
- .andStubReturn(GrantType.NONE.toString());
+ .andStubReturn(null);
expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.GET);
expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
@@ -321,13 +321,13 @@ public class OAuthRequestTest {
verify(request);
reset(request);
- expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
- .andStubReturn(GrantType.ASSERTION.toString());
expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
expect(request.getContentType()).andStubReturn(OAuth.ContentType.JSON);
expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
+ expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE)).andStubReturn("authorization_code");
+
replay(request);
try {
@@ -382,7 +382,7 @@ public class OAuthRequestTest {
reset(request);
expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
- .andStubReturn(GrantType.NONE.toString());
+ .andStubReturn(null);
expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
expect(request.getContentType()).andStubReturn(OAuth.ContentType.JSON);
@@ -535,70 +535,6 @@ public class OAuthRequestTest {
verify(request);
}
- @Test
- public void testTokenAssertionRequestMissingParameter() throws Exception {
- HttpServletRequest request = createMock(HttpServletRequest.class);
- expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
- .andStubReturn(GrantType.ASSERTION.toString());
- expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
- expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
- expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://www.example.com/red");
-
- expect(request.getParameter(OAuth.OAUTH_ASSERTION)).andStubReturn(null);
- expect(request.getParameter(OAuth.OAUTH_ASSERTION_TYPE)).andStubReturn("test_type");
- replay(request);
-
- try {
- new OAuthTokenRequest(request);
- fail("Exception expected");
- } catch (OAuthProblemException e) {
- Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
- }
-
- verify(request);
-
- reset(request);
-
- expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
- .andStubReturn(GrantType.ASSERTION.toString());
- expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
- expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
- expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://www.example.com/red");
-
- expect(request.getParameter(OAuth.OAUTH_ASSERTION)).andStubReturn("test_assertion");
- expect(request.getParameter(OAuth.OAUTH_ASSERTION_TYPE)).andStubReturn(null);
- replay(request);
-
- try {
- new OAuthTokenRequest(request);
- fail("Exception expected");
- } catch (OAuthProblemException e) {
- Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
- }
-
- verify(request);
-
- reset(request);
-
- expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
- .andStubReturn(GrantType.ASSERTION.toString());
- expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
- expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
- expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://www.example.com/red");
-
- expect(request.getParameter(OAuth.OAUTH_ASSERTION)).andStubReturn("");
- expect(request.getParameter(OAuth.OAUTH_ASSERTION_TYPE)).andStubReturn("");
- replay(request);
-
- try {
- new OAuthTokenRequest(request);
- fail("Exception expected");
- } catch (OAuthProblemException e) {
- Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
- }
-
- verify(request);
- }
@Test
public void testRefreshTokenRequestMissingParameter() throws Exception {
@@ -720,13 +656,10 @@ public class OAuthRequestTest {
verify(request);
reset(request);
- expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
- .andStubReturn(GrantType.ASSERTION.toString());
expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
- expect(request.getParameter(OAuth.OAUTH_ASSERTION)).andStubReturn("test_assertion");
- expect(request.getParameter(OAuth.OAUTH_ASSERTION_TYPE)).andStubReturn("test_type");
+ expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE)).andStubReturn(GrantType.CLIENT_CREDENTIALS.toString());
replay(request);
try {
@@ -735,8 +668,8 @@ public class OAuthRequestTest {
} catch (OAuthProblemException e) {
fail("Exception not expected");
}
- Assert.assertEquals("test_assertion", req.getAssertion());
- Assert.assertEquals("test_type", req.getAssertionType());
+// Assert.assertEquals("test_assertion", req.getAssertion());
+// Assert.assertEquals("test_type", req.getAssertionType());
verify(request);
reset(request);
Modified: incubator/amber/trunk/oauth-2.0/oauth2-client/src/main/java/org/apache/amber/oauth2/client/request/OAuthClientRequest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-client/src/main/java/org/apache/amber/oauth2/client/request/OAuthClientRequest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-client/src/main/java/org/apache/amber/oauth2/client/request/OAuthClientRequest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-client/src/main/java/org/apache/amber/oauth2/client/request/OAuthClientRequest.java Wed Jan 25 09:01:50 2012
@@ -27,10 +27,10 @@ import java.util.Map;
import org.apache.amber.oauth2.common.OAuth;
import org.apache.amber.oauth2.common.exception.OAuthSystemException;
import org.apache.amber.oauth2.common.message.OAuthMessage;
-import org.apache.amber.oauth2.common.parameters.OAuthParametersApplier;
-import org.apache.amber.oauth2.common.parameters.QueryParameterApplier;
import org.apache.amber.oauth2.common.message.types.GrantType;
import org.apache.amber.oauth2.common.parameters.BodyURLEncodedParametersApplier;
+import org.apache.amber.oauth2.common.parameters.OAuthParametersApplier;
+import org.apache.amber.oauth2.common.parameters.QueryParameterApplier;
/**
* OAuth Client Request
@@ -169,7 +169,7 @@ public class OAuthClientRequest implemen
}
public TokenRequestBuilder setGrantType(GrantType grantType) {
- this.parameters.put(OAuth.OAUTH_GRANT_TYPE, grantType.toString());
+ this.parameters.put(OAuth.OAUTH_GRANT_TYPE, grantType == null ? null : grantType.toString());
return this;
}
Modified: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java Wed Jan 25 09:01:50 2012
@@ -77,6 +77,7 @@ public final class OAuth {
public static final String OAUTH_TOKEN = "oauth_token";
public static final String OAUTH_TOKEN_DRAFT_0 = "access_token";
+ public static final String OAUTH_BEARER_TOKEN = "access_token";
public static final ParameterStyle DEFAULT_PARAMETER_STYLE = ParameterStyle.HEADER;
public static final String OAUTH_VERSION_DIFFER = "oauth_signature_method";
Modified: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/error/OAuthError.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/error/OAuthError.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/error/OAuthError.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/error/OAuthError.java Wed Jan 25 09:01:50 2012
@@ -34,22 +34,104 @@ public abstract class OAuthError {
public static final String OAUTH_ERROR_URI = "error_uri";
public static final class CodeResponse {
+ /**
+ * The request is missing a required parameter, includes an
+ unsupported parameter value, or is otherwise malformed.
+ */
public static final String INVALID_REQUEST = "invalid_request";
+
public static final String INVALID_CLIENT = "invalid_client";
+
+ /**
+ * The client is not authorized to request an authorization
+ code using this method.
+ */
public static final String UNAUTHORIZED_CLIENT = "unauthorized_client";
public static final String REDIRECT_URI_MISMATCH = "redirect_uri_mismatch";
+
+ /**
+ * The resource owner or authorization server denied the
+ request.
+ */
public static final String ACCESS_DENIED = "access_denied";
+
+ /**
+ * The authorization server does not support obtaining an
+ authorization code using this method.
+ */
public static final String UNSUPPORTED_RESPONSE_TYPE = "unsupported_response_type";
+
+ /**
+ * The requested scope is invalid, unknown, or malformed.
+ */
public static final String INVALID_SCOPE = "invalid_scope";
+
+ /**
+ * The authorization server encountered an unexpected
+ condition which prevented it from fulfilling the request.
+ */
+ public static final String SERVER_ERROR = "server_error";
+
+ /**
+ * The authorization server is currently unable to handle
+ the request due to a temporary overloading or maintenance
+ of the server.
+ */
+ public static final String TEMPORARILY_UNAVAILABLE = "temporarily_unavailable";
+
}
public static final class TokenResponse {
+ /**
+ The request is missing a required parameter, includes an
+ unsupported parameter value, repeats a parameter,
+ includes multiple credentials, utilizes more than one
+ mechanism for authenticating the client, or is otherwise
+ malformed.
+ */
+
public static final String INVALID_REQUEST = "invalid_request";
+ /**
+ Client authentication failed (e.g. unknown client, no
+ client authentication included, or unsupported
+ authentication method). The authorization server MAY
+ return an HTTP 401 (Unauthorized) status code to indicate
+ which HTTP authentication schemes are supported. If the
+ client attempted to authenticate via the "Authorization"
+ request header field, the authorization server MUST
+ respond with an HTTP 401 (Unauthorized) status code, and
+ include the "WWW-Authenticate" response header field
+ matching the authentication scheme used by the client.
+ */
public static final String INVALID_CLIENT = "invalid_client";
- public static final String UNAUTHORIZED_CLIENT = "unauthorized_client";
+
+ /**
+ The provided authorization grant (e.g. authorization
+ code, resource owner credentials, client credentials) is
+ invalid, expired, revoked, does not match the redirection
+ URI used in the authorization request, or was issued to
+ another client.
+ */
public static final String INVALID_GRANT = "invalid_grant";
+
+ /**
+ The authenticated client is not authorized to use this
+ authorization grant type.
+ */
+ public static final String UNAUTHORIZED_CLIENT = "unauthorized_client";
+
+ /**
+ The authorization grant type is not supported by the
+ authorization server.
+ */
public static final String UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type";
+
+ /**
+ * The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.
+ */
+
public static final String INVALID_SCOPE = "invalid_scope";
+ public static final String REDIRECT_URI_MISMATCH = "redirect_uri_mismatch";
}
public static final class ResourceResponse {
Modified: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/GrantType.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/GrantType.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/GrantType.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/GrantType.java Wed Jan 25 09:01:50 2012
@@ -27,13 +27,11 @@ package org.apache.amber.oauth2.common.m
* @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
*/
public enum GrantType {
+ // NONE("none"),
AUTHORIZATION_CODE("authorization_code"),
PASSWORD("password"),
- @Deprecated
- ASSERTION("assertion"),
REFRESH_TOKEN("refresh_token"),
- CLIENT_CREDENTIALS("client_credentials"),
- NONE("none");
+ CLIENT_CREDENTIALS("client_credentials");
private String grantType;
Modified: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/ResponseType.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/ResponseType.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/ResponseType.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/ResponseType.java Wed Jan 25 09:01:50 2012
@@ -29,9 +29,7 @@ package org.apache.amber.oauth2.common.m
public enum ResponseType {
CODE("code"),
- TOKEN("token"),
- @Deprecated
- CODE_AND_TOKEN("code_and_token");
+ TOKEN("token");
private String code;
Modified: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/utils/OAuthUtils.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/utils/OAuthUtils.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/utils/OAuthUtils.java Wed Jan 25 09:01:50 2012
@@ -39,6 +39,7 @@ import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+
import javax.servlet.http.HttpServletRequest;
import org.apache.amber.oauth2.common.OAuth;
@@ -289,9 +290,9 @@ public final class OAuthUtils {
return false;
}
- public static Object instantiateClass(Class clazz) throws OAuthSystemException {
+ public static <T> T instantiateClass(Class<T> clazz) throws OAuthSystemException {
try {
- return (Object)clazz.newInstance();
+ return (T)clazz.newInstance();
} catch (Exception e) {
throw new OAuthSystemException(e);
}
Modified: incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/AccessTokenTestAuthCodeTest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/AccessTokenTestAuthCodeTest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/AccessTokenTestAuthCodeTest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/AccessTokenTestAuthCodeTest.java Wed Jan 25 09:01:50 2012
@@ -83,7 +83,7 @@ public class AccessTokenTestAuthCodeTest
public void testNoneGrantType() throws Exception {
OAuthClientRequest request = OAuthClientRequest
.tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
- .setGrantType(GrantType.NONE)
+ .setGrantType(null)
.setClientId(Common.CLIENT_ID)
.buildBodyMessage();
Modified: incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/AuthzEndpoint.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/AuthzEndpoint.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/AuthzEndpoint.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/AuthzEndpoint.java Wed Jan 25 09:01:50 2012
@@ -23,6 +23,7 @@ package org.apache.amber.oauth2.integrat
import java.net.URI;
import java.net.URISyntaxException;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
@@ -32,15 +33,15 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.amber.oauth2.as.issuer.MD5Generator;
+import org.apache.amber.oauth2.as.issuer.OAuthIssuerImpl;
import org.apache.amber.oauth2.as.request.OAuthAuthzRequest;
import org.apache.amber.oauth2.as.response.OAuthASResponse;
+import org.apache.amber.oauth2.common.OAuth;
import org.apache.amber.oauth2.common.exception.OAuthProblemException;
-import org.apache.amber.oauth2.common.message.types.ResponseType;
import org.apache.amber.oauth2.common.exception.OAuthSystemException;
-import org.apache.amber.oauth2.common.utils.OAuthUtils;
-import org.apache.amber.oauth2.as.issuer.OAuthIssuerImpl;
-import org.apache.amber.oauth2.common.OAuth;
import org.apache.amber.oauth2.common.message.OAuthResponse;
+import org.apache.amber.oauth2.common.message.types.ResponseType;
+import org.apache.amber.oauth2.common.utils.OAuthUtils;
/**
* @author Maciej Machulak (m.p.machulak@ncl.ac.uk)
Modified: incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/TokenEndpoint.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/TokenEndpoint.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/TokenEndpoint.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/TokenEndpoint.java Wed Jan 25 09:01:50 2012
@@ -63,17 +63,14 @@ public class TokenEndpoint {
try {
oauthRequest = new OAuthTokenRequest(request);
-
+
//check if clientid is valid
- if (!GrantType.ASSERTION.toString().equals(oauthRequest.getGrantType())) {
- if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) {
- OAuthResponse response = OAuthASResponse
- .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
- .setError(OAuthError.TokenResponse.INVALID_CLIENT)
- .setErrorDescription("client_id not found")
+ if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) {
+ OAuthResponse response =
+ OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
+ .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id not found")
.buildJSONMessage();
- return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
- }
+ return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
}
//do checking for different grant types
@@ -99,17 +96,6 @@ public class TokenEndpoint {
return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
}
} else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
- .equals(GrantType.ASSERTION.toString())) {
- if (!Common.ASSERTION.equals(oauthRequest.getAssertion())) {
- OAuthResponse response = OAuthASResponse
- .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
- .setError(OAuthError.TokenResponse.INVALID_GRANT)
- .setErrorDescription("invalid assertion")
- .buildJSONMessage();
- return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
- }
-
- } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
.equals(GrantType.REFRESH_TOKEN.toString())) {
OAuthResponse response = OAuthASResponse
.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java Wed Jan 25 09:01:50 2012
@@ -34,7 +34,11 @@ public class QueryTokenExtractor impleme
@Override
public String getAccessToken(HttpServletRequest request) {
- return request.getParameter(OAuth.OAUTH_TOKEN);
+ String token = request.getParameter(OAuth.OAUTH_TOKEN);
+ if (token == null) {
+ token = request.getParameter(OAuth.OAUTH_BEARER_TOKEN);
+ }
+ return token;
}
@Override
Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java Wed Jan 25 09:01:50 2012
@@ -21,19 +21,18 @@
package org.apache.amber.oauth2.rs.extractor;
+import static org.easymock.EasyMock.createStrictMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.verify;
+
import javax.servlet.http.HttpServletRequest;
import junit.framework.Assert;
import org.apache.amber.oauth2.common.OAuth;
-import org.apache.amber.oauth2.rs.extractor.QueryTokenExtractor;
import org.junit.Test;
-import static org.easymock.EasyMock.createStrictMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.verify;
-
/**
* @author Maciej Machulak (m.p.machulak@ncl.ac.uk)
@@ -59,6 +58,7 @@ public class QueryTokenExtractorTest {
HttpServletRequest request = createStrictMock(HttpServletRequest.class);
expect(request.getParameter(OAuth.OAUTH_TOKEN)).andStubReturn(null);
+ expect(request.getParameter(OAuth.OAUTH_BEARER_TOKEN)).andStubReturn(null);
replay(request);
QueryTokenExtractor qte = new QueryTokenExtractor();
Assert.assertNull(qte.getAccessToken(request));