You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by lr...@apache.org on 2008/10/18 01:45:44 UTC
svn commit: r705787 - in /incubator/shindig/trunk/java:
common/src/main/java/org/apache/shindig/auth/
social-api/src/main/java/org/apache/shindig/social/core/oauth/
social-api/src/main/java/org/apache/shindig/social/opensocial/oauth/
social-api/src/mai...
Author: lryan
Date: Fri Oct 17 16:45:44 2008
New Revision: 705787
URL: http://svn.apache.org/viewvc?rev=705787&view=rev
Log:
Rollback unintended submit of files from last CL
Modified:
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationHandler.java
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthConsumerRequestAuthenticationHandler.java
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/oauth/OAuthLookupService.java
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleContainerOAuthLookupService.java
Modified: incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationHandler.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationHandler.java?rev=705787&r1=705786&r2=705787&view=diff
==============================================================================
--- incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationHandler.java (original)
+++ incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationHandler.java Fri Oct 17 16:45:44 2008
@@ -17,8 +17,6 @@
*/
package org.apache.shindig.auth;
-import java.util.Map;
-
import javax.servlet.http.HttpServletRequest;
/**
@@ -39,43 +37,4 @@
* @return A valid security token for the request, or null if it wasn't possible to authenticate.
*/
SecurityToken getSecurityTokenFromRequest(HttpServletRequest request);
-
- /**
- * An exception thrown by an AuthenticationHandler in the situation where
- * a malformed credential or token is passed. A handler which throws this exception
- * is required to include the appropriate error state in the servlet response
- */
- public static final class InvalidAuthenticationException extends RuntimeException {
-
- private Map<String,String> additionalHeaders;
- private String redirect;
-
- /**
- * @param message Message to output in error response
- * @param cause Underlying exception
- */
- public InvalidAuthenticationException(String message, Throwable cause) {
- this(message, cause, null, null);
- }
-
- /**
- * @param message Message to output in error response
- * @param additionalHeaders Headers to add to error response
- * @param cause Underlying exception
- */
- public InvalidAuthenticationException(String message, Throwable cause,
- Map<String,String> additionalHeaders, String redirect) {
- super(message, cause);
- this.additionalHeaders = additionalHeaders;
- this.redirect = redirect;
- }
-
- public Map<String, String> getAdditionalHeaders() {
- return additionalHeaders;
- }
-
- public String getRedirect() {
- return redirect;
- }
- }
}
Modified: incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java?rev=705787&r1=705786&r2=705787&view=diff
==============================================================================
--- incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java (original)
+++ incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java Fri Oct 17 16:45:44 2008
@@ -23,16 +23,12 @@
import java.io.IOException;
import java.util.List;
-import java.util.Map;
-import java.util.logging.Level;
-import java.util.logging.Logger;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
/**
* Filter that attempts to authenticate an incoming HTTP request. It uses the guice injected
@@ -47,9 +43,6 @@
private List<AuthenticationHandler> handlers;
- private static final Logger logger = Logger.getLogger(
- AuthenticationServletFilter.class.getName());
-
@Inject
public void setAuthenticationHandlers(List<AuthenticationHandler> handlers) {
this.handlers = handlers;
@@ -65,31 +58,17 @@
}
HttpServletRequest req = (HttpServletRequest) request;
- HttpServletResponse resp = (HttpServletResponse) response;
- try {
- for (AuthenticationHandler handler : handlers) {
- SecurityToken token = handler.getSecurityTokenFromRequest(req);
- if (token != null) {
- new AuthInfo(req).setAuthType(handler.getName()).setSecurityToken(token);
- chain.doFilter(req, response);
- return;
- }
- }
- // We did not find a security token so we will just pass null
- chain.doFilter(req, response);
- } catch (AuthenticationHandler.InvalidAuthenticationException iae) {
- logger.log(Level.INFO, iae.getMessage(), iae.getCause());
- if (iae.getAdditionalHeaders() != null) {
- for (Map.Entry<String,String> entry : iae.getAdditionalHeaders().entrySet()) {
- resp.addHeader(entry.getKey(), entry.getValue());
- }
- }
- if (iae.getRedirect() != null) {
- resp.sendRedirect(iae.getRedirect());
- } else {
- resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, iae.getMessage());
+ for (AuthenticationHandler handler : handlers) {
+ SecurityToken token = handler.getSecurityTokenFromRequest(req);
+ if (token != null) {
+ new AuthInfo(req).setAuthType(handler.getName()).setSecurityToken(token);
+ chain.doFilter(req, response);
+ return;
}
}
+
+ // We did not find a security token so we will just pass null
+ chain.doFilter(req, response);
}
}
Modified: incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java?rev=705787&r1=705786&r2=705787&view=diff
==============================================================================
--- incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java (original)
+++ incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java Fri Oct 17 16:45:44 2008
@@ -21,6 +21,8 @@
import java.util.Collections;
import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
@@ -30,6 +32,9 @@
public class UrlParameterAuthenticationHandler implements AuthenticationHandler {
public static final String AUTH_URL_PARAMETER = "SecurityTokenUrlParameter";
+ private static final Logger logger = Logger.getLogger(
+ UrlParameterAuthenticationHandler.class.getName());
+
private final SecurityTokenDecoder securityTokenDecoder;
@Inject
@@ -42,17 +47,14 @@
}
public SecurityToken getSecurityTokenFromRequest(HttpServletRequest request) {
- String token = request.getParameter("st");
- // Not token provided, try an alternate auth method
- if (token == null) {
- return null;
- }
try {
+ String token = request.getParameter("st");
Map<String, String> parameters
= Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME, token);
return securityTokenDecoder.createToken(parameters);
} catch (SecurityTokenException e) {
- throw new InvalidAuthenticationException("Malformed security token " + token, e);
+ logger.log(Level.INFO, "Valid security token not found.", e);
+ return null;
}
}
}
Modified: incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthConsumerRequestAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthConsumerRequestAuthenticationHandler.java?rev=705787&r1=705786&r2=705787&view=diff
==============================================================================
--- incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthConsumerRequestAuthenticationHandler.java (original)
+++ incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthConsumerRequestAuthenticationHandler.java Fri Oct 17 16:45:44 2008
@@ -23,13 +23,12 @@
import com.google.inject.Inject;
-import org.apache.commons.lang.StringUtils;
-
import net.oauth.OAuth;
-import net.oauth.OAuthException;
import net.oauth.OAuthMessage;
import net.oauth.server.OAuthServlet;
+import org.apache.commons.lang.StringUtils;
+
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
@@ -65,14 +64,10 @@
return null;
}
- try {
- if (service.thirdPartyHasAccessToUser(requestMessage, containerKey, userId)) {
- return service.getSecurityToken(containerKey, userId);
- } else {
- return null;
- }
- } catch (OAuthException oae) {
- throw new InvalidAuthenticationException(oae.getMessage(), oae);
+ if (service.thirdPartyHasAccessToUser(requestMessage, containerKey, userId)) {
+ return service.getSecurityToken(containerKey, userId);
+ } else {
+ return null;
}
}
Modified: incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/oauth/OAuthLookupService.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/oauth/OAuthLookupService.java?rev=705787&r1=705786&r2=705787&view=diff
==============================================================================
--- incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/oauth/OAuthLookupService.java (original)
+++ incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/oauth/OAuthLookupService.java Fri Oct 17 16:45:44 2008
@@ -22,13 +22,12 @@
import com.google.inject.ImplementedBy;
-import net.oauth.OAuthException;
import net.oauth.OAuthMessage;
@ImplementedBy(SampleContainerOAuthLookupService.class)
public interface OAuthLookupService {
boolean thirdPartyHasAccessToUser(OAuthMessage message, String appUrl,
- String userId) throws OAuthException;
+ String userId);
SecurityToken getSecurityToken(String appUrl, String userId);
}
Modified: incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleContainerOAuthLookupService.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleContainerOAuthLookupService.java?rev=705787&r1=705786&r2=705787&view=diff
==============================================================================
--- incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleContainerOAuthLookupService.java (original)
+++ incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleContainerOAuthLookupService.java Fri Oct 17 16:45:44 2008
@@ -57,15 +57,13 @@
"8355", "SocialActivitiesWorldSharedSecret"
);
- public boolean thirdPartyHasAccessToUser(OAuthMessage message, String appUrl, String userId)
- throws OAuthException {
+ public boolean thirdPartyHasAccessToUser(OAuthMessage message, String appUrl, String userId) {
String appId = getAppId(appUrl);
return hasValidSignature(message, appUrl, appId)
&& userHasAppInstalled(userId, appId);
}
- private boolean hasValidSignature(OAuthMessage message, String appUrl, String appId)
- throws OAuthException {
+ private boolean hasValidSignature(OAuthMessage message, String appUrl, String appId) {
String sharedSecret = sampleContainerSharedSecrets.get(appId);
if (sharedSecret == null) {
return false;
@@ -78,10 +76,12 @@
SimpleOAuthValidator validator = new SimpleOAuthValidator();
try {
validator.validateMessage(message, accessor);
+ } catch (OAuthException e) {
+ return false;
} catch (IOException e) {
- throw new OAuthException(e);
+ return false;
} catch (URISyntaxException e) {
- throw new OAuthException(e);
+ return false;
}
return true;