You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by he...@apache.org on 2010/06/09 00:28:52 UTC
svn commit: r952849 - in /shindig/trunk/java/social-api/src:
main/java/org/apache/shindig/social/core/oauth/
main/java/org/apache/shindig/social/opensocial/oauth/
main/java/org/apache/shindig/social/sample/oauth/
test/java/org/apache/shindig/social/cor...
Author: henning
Date: Tue Jun 8 22:28:52 2010
New Revision: 952849
URL: http://svn.apache.org/viewvc?rev=952849&view=rev
Log:
SHINDIG-1360: OAuthEntry should not use direct field access but setters and getters.
Turn the direct field accesses into using getters and setters.
Modified:
shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java
shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/oauth/OAuthEntry.java
shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthDataStore.java
shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java
shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java
Modified: shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java?rev=952849&r1=952848&r2=952849&view=diff
==============================================================================
--- shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java (original)
+++ shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java Tue Jun 8 22:28:52 2010
@@ -70,7 +70,7 @@ public class OAuthAuthenticationHandler
}
public SecurityToken getSecurityTokenFromRequest(HttpServletRequest request)
- throws InvalidAuthenticationException {
+ throws InvalidAuthenticationException {
OAuthMessage message = OAuthServlet.getMessage(request, null);
if (StringUtils.isEmpty(getParameter(message, OAuth.OAUTH_SIGNATURE))) {
// Is not an oauth request
@@ -88,15 +88,15 @@ public class OAuthAuthenticationHandler
}
protected SecurityToken verifyMessage(OAuthMessage message)
- throws OAuthProblemException {
+ throws OAuthProblemException {
OAuthEntry entry = getOAuthEntry(message);
OAuthConsumer authConsumer = getConsumer(message);
OAuthAccessor accessor = new OAuthAccessor(authConsumer);
if (entry != null) {
- accessor.tokenSecret = entry.tokenSecret;
- accessor.accessToken = entry.token;
+ accessor.tokenSecret = entry.getTokenSecret();
+ accessor.accessToken = entry.getToken();
}
try {
@@ -129,7 +129,7 @@ public class OAuthAuthenticationHandler
OAuthProblemException e = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
e.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "cannot find token");
throw e;
- } else if (entry.type != OAuthEntry.Type.ACCESS) {
+ } else if (entry.getType() != OAuthEntry.Type.ACCESS) {
OAuthProblemException e = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
e.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "token is not an access token");
throw e;
@@ -150,10 +150,10 @@ public class OAuthAuthenticationHandler
}
protected SecurityToken getTokenFromVerifiedRequest(OAuthMessage message, OAuthEntry entry,
- OAuthConsumer authConsumer) throws OAuthProblemException {
+ OAuthConsumer authConsumer) throws OAuthProblemException {
if (entry != null) {
- return new OAuthSecurityToken(entry.userId, entry.callbackUrl, entry.appId,
- entry.domain, entry.container, entry.expiresAt().getTime());
+ return new OAuthSecurityToken(entry.getUserId(), entry.getCallbackUrl(), entry.getAppId(),
+ entry.getDomain(), entry.getContainer(), entry.expiresAt().getTime());
} else {
String userId = getParameter(message, REQUESTOR_ID_PARAM);
return store.getSecurityTokenForConsumerRequest(authConsumer.consumerKey, userId);
@@ -175,12 +175,12 @@ public class OAuthAuthenticationHandler
}
public static void verifyBodyHash(HttpServletRequest request, String oauthBodyHash)
- throws InvalidAuthenticationException {
+ throws InvalidAuthenticationException {
// we are doing body hash signing which is not permitted for form-encoded data
if (request.getContentType() != null && request.getContentType().contains(OAuth.FORM_ENCODED)) {
throw new AuthenticationHandler.InvalidAuthenticationException(
- "Cannot use oauth_body_hash with a Content-Type of application/x-www-form-urlencoded",
- null);
+ "Cannot use oauth_body_hash with a Content-Type of application/x-www-form-urlencoded",
+ null);
} else {
try {
byte[] rawBody = readBody(request);
Modified: shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/oauth/OAuthEntry.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/oauth/OAuthEntry.java?rev=952849&r1=952848&r2=952849&view=diff
==============================================================================
--- shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/oauth/OAuthEntry.java (original)
+++ shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/oauth/OAuthEntry.java Tue Jun 8 22:28:52 2010
@@ -35,29 +35,30 @@ public class OAuthEntry implements Seria
REQUEST, ACCESS, DISABLED
}
- public String appId;
- public String callbackUrl;
- public boolean callbackUrlSigned; // true if consumer supports OAuth 1.0a
- public String userId;
- public String token;
- public String tokenSecret;
-
- public boolean authorized;
-
- public String consumerKey;
-
- public Type type;
- public Date issueTime;
-
- public String domain;
- public String container;
- public String oauthVersion;
-
- public String callbackToken;
- public int callbackTokenAttempts;
+ private String appId;
+ private String callbackUrl;
+ private boolean callbackUrlSigned; // true if consumer supports OAuth 1.0a
+ private String userId;
+ private String token;
+ private String tokenSecret;
+
+ private boolean authorized;
+
+ private String consumerKey;
+
+ private Type type;
+ private Date issueTime;
+
+ private String domain;
+ private String container;
+ private String oauthVersion;
+
+ private String callbackToken;
+ private int callbackTokenAttempts;
public OAuthEntry() {}
+
/**
* A copy constructor
* @param old the OAuthEntry to duplicate
@@ -88,14 +89,194 @@ public class OAuthEntry implements Seria
public Date expiresAt() {
long expirationTime = issueTime.getTime();
switch (type) {
- case REQUEST:
- expirationTime += FIVE_MINUTES;
- break;
- case ACCESS:
- expirationTime += ONE_YEAR;
- break;
+ case REQUEST:
+ expirationTime += FIVE_MINUTES;
+ break;
+ case ACCESS:
+ expirationTime += ONE_YEAR;
+ break;
}
return new Date(expirationTime);
}
+
+
+ public String getAppId()
+ {
+ return appId;
+ }
+
+
+ public String getCallbackUrl()
+ {
+ return callbackUrl;
+ }
+
+
+ public boolean isCallbackUrlSigned()
+ {
+ return callbackUrlSigned;
+ }
+
+
+ public String getUserId()
+ {
+ return userId;
+ }
+
+
+ public String getToken()
+ {
+ return token;
+ }
+
+
+ public String getTokenSecret()
+ {
+ return tokenSecret;
+ }
+
+
+ public boolean isAuthorized()
+ {
+ return authorized;
+ }
+
+
+ public String getConsumerKey()
+ {
+ return consumerKey;
+ }
+
+
+ public Type getType()
+ {
+ return type;
+ }
+
+
+ public Date getIssueTime()
+ {
+ return issueTime;
+ }
+
+
+ public String getDomain()
+ {
+ return domain;
+ }
+
+
+ public String getContainer()
+ {
+ return container;
+ }
+
+
+ public String getOauthVersion()
+ {
+ return oauthVersion;
+ }
+
+
+ public String getCallbackToken()
+ {
+ return callbackToken;
+ }
+
+
+ public int getCallbackTokenAttempts()
+ {
+ return callbackTokenAttempts;
+ }
+
+
+ public void setAppId(String appId)
+ {
+ this.appId = appId;
+ }
+
+
+ public void setCallbackUrl(String callbackUrl)
+ {
+ this.callbackUrl = callbackUrl;
+ }
+
+
+ public void setCallbackUrlSigned(boolean callbackUrlSigned)
+ {
+ this.callbackUrlSigned = callbackUrlSigned;
+ }
+
+
+ public void setUserId(String userId)
+ {
+ this.userId = userId;
+ }
+
+
+ public void setToken(String token)
+ {
+ this.token = token;
+ }
+
+
+ public void setTokenSecret(String tokenSecret)
+ {
+ this.tokenSecret = tokenSecret;
+ }
+
+
+ public void setAuthorized(boolean authorized)
+ {
+ this.authorized = authorized;
+ }
+
+
+ public void setConsumerKey(String consumerKey)
+ {
+ this.consumerKey = consumerKey;
+ }
+
+
+ public void setType(Type type)
+ {
+ this.type = type;
+ }
+
+
+ public void setIssueTime(Date issueTime)
+ {
+ this.issueTime = issueTime;
+ }
+
+
+ public void setDomain(String domain)
+ {
+ this.domain = domain;
+ }
+
+
+ public void setContainer(String container)
+ {
+ this.container = container;
+ }
+
+
+ public void setOauthVersion(String oauthVersion)
+ {
+ this.oauthVersion = oauthVersion;
+ }
+
+
+ public void setCallbackToken(String callbackToken)
+ {
+ this.callbackToken = callbackToken;
+ }
+
+
+ public void setCallbackTokenAttempts(int callbackTokenAttempts)
+ {
+ this.callbackTokenAttempts = callbackTokenAttempts;
+ }
}
Modified: shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthDataStore.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthDataStore.java?rev=952849&r1=952848&r2=952849&view=diff
==============================================================================
--- shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthDataStore.java (original)
+++ shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthDataStore.java Tue Jun 8 22:28:52 2010
@@ -75,7 +75,7 @@ public class SampleOAuthDataStore implem
String consumerSecret = app.getString("consumerSecret");
if (consumerSecret == null)
- return null;
+ return null;
// null below is for the callbackUrl, which we don't have in the db
OAuthConsumer consumer = new OAuthConsumer(null, consumerKey, consumerSecret, SERVICE_PROVIDER);
@@ -89,49 +89,49 @@ public class SampleOAuthDataStore implem
return consumer;
} catch (JSONException e) {
- return null;
+ return null;
}
}
// Generate a valid requestToken for the given consumerKey
public OAuthEntry generateRequestToken(String consumerKey, String oauthVersion,
- String signedCallbackUrl) {
+ String signedCallbackUrl) {
OAuthEntry entry = new OAuthEntry();
- entry.appId = consumerKey;
- entry.consumerKey = consumerKey;
- entry.domain = "samplecontainer.com";
- entry.container = "default";
-
- entry.token = UUID.randomUUID().toString();
- entry.tokenSecret = UUID.randomUUID().toString();
-
- entry.type = OAuthEntry.Type.REQUEST;
- entry.issueTime = new Date();
- entry.oauthVersion = oauthVersion;
+ entry.setAppId(consumerKey);
+ entry.setConsumerKey(consumerKey);
+ entry.setDomain("samplecontainer.com");
+ entry.setContainer("default");
+
+ entry.setToken(UUID.randomUUID().toString());
+ entry.setTokenSecret(UUID.randomUUID().toString());
+
+ entry.setType(OAuthEntry.Type.REQUEST);
+ entry.setIssueTime(new Date());
+ entry.setOauthVersion(oauthVersion);
if (signedCallbackUrl != null) {
- entry.callbackUrlSigned = true;
- entry.callbackUrl = signedCallbackUrl;
+ entry.setCallbackUrlSigned(true);
+ entry.setCallbackUrl(signedCallbackUrl);
}
- oauthEntries.put(entry.token, entry);
+ oauthEntries.put(entry.getToken(), entry);
return entry;
}
// Turns the request token into an access token
public OAuthEntry convertToAccessToken(OAuthEntry entry) {
Preconditions.checkNotNull(entry);
- Preconditions.checkState(entry.type == OAuthEntry.Type.REQUEST, "Token must be a request token");
+ Preconditions.checkState(entry.getType() == OAuthEntry.Type.REQUEST, "Token must be a request token");
OAuthEntry accessEntry = new OAuthEntry(entry);
- accessEntry.token = UUID.randomUUID().toString();
- accessEntry.tokenSecret = UUID.randomUUID().toString();
+ accessEntry.setToken(UUID.randomUUID().toString());
+ accessEntry.setTokenSecret(UUID.randomUUID().toString());
- accessEntry.type = OAuthEntry.Type.ACCESS;
- accessEntry.issueTime = new Date();
+ accessEntry.setType(OAuthEntry.Type.ACCESS);
+ accessEntry.setIssueTime(new Date());
- oauthEntries.remove(entry.token);
- oauthEntries.put(accessEntry.token, accessEntry);
+ oauthEntries.remove(entry.getToken());
+ oauthEntries.put(accessEntry.getToken(), accessEntry);
return accessEntry;
}
@@ -139,27 +139,27 @@ public class SampleOAuthDataStore implem
// Authorize the request token for the given user id
public void authorizeToken(OAuthEntry entry, String userId) {
Preconditions.checkNotNull(entry);
- entry.authorized = true;
- entry.userId = Preconditions.checkNotNull(userId);
- if (entry.callbackUrlSigned) {
- entry.callbackToken = Crypto.getRandomDigits(CALLBACK_TOKEN_LENGTH);
+ entry.setAuthorized(true);
+ entry.setUserId(Preconditions.checkNotNull(userId));
+ if (entry.isCallbackUrlSigned()) {
+ entry.setCallbackToken(Crypto.getRandomDigits(CALLBACK_TOKEN_LENGTH));
}
}
public void disableToken(OAuthEntry entry) {
Preconditions.checkNotNull(entry);
- ++entry.callbackTokenAttempts;
- if (!entry.callbackUrlSigned || entry.callbackTokenAttempts >= CALLBACK_TOKEN_ATTEMPTS) {
- entry.type = OAuthEntry.Type.DISABLED;
+ entry.setCallbackTokenAttempts(entry.getCallbackTokenAttempts() + 1);
+ if (!entry.isCallbackUrlSigned() || entry.getCallbackTokenAttempts() >= CALLBACK_TOKEN_ATTEMPTS) {
+ entry.setType(OAuthEntry.Type.DISABLED);
}
- oauthEntries.put(entry.token, entry);
+ oauthEntries.put(entry.getToken(), entry);
}
public void removeToken(OAuthEntry entry) {
Preconditions.checkNotNull(entry);
- oauthEntries.remove(entry.token);
+ oauthEntries.remove(entry.getToken());
}
// Return the proper security token for a 2 legged oauth request that has been validated
@@ -170,7 +170,7 @@ public class SampleOAuthDataStore implem
String container = "default";
return new OAuthSecurityToken(userId, null, consumerKey, domain, container, null,
- AuthenticationMode.OAUTH_CONSUMER_REQUEST.name());
-
+ AuthenticationMode.OAUTH_CONSUMER_REQUEST.name());
+
}
}
Modified: shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java?rev=952849&r1=952848&r2=952849&view=diff
==============================================================================
--- shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java (original)
+++ shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java Tue Jun 8 22:28:52 2010
@@ -17,28 +17,36 @@
*/
package org.apache.shindig.social.sample.oauth;
-import com.google.inject.Inject;
-import com.google.inject.name.Named;
-
-import net.oauth.*;
-import net.oauth.OAuth.Parameter;
-import net.oauth.server.OAuthServlet;
-
-import org.apache.shindig.auth.OAuthConstants;
-import org.apache.shindig.common.servlet.HttpUtil;
-import org.apache.shindig.common.servlet.InjectedServlet;
-import org.apache.shindig.social.opensocial.oauth.OAuthEntry;
-import org.apache.shindig.social.opensocial.oauth.OAuthDataStore;
-
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.net.URISyntaxException;
import java.util.List;
+
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.shindig.auth.OAuthConstants;
+import org.apache.shindig.common.servlet.HttpUtil;
+import org.apache.shindig.common.servlet.InjectedServlet;
+import org.apache.shindig.social.opensocial.oauth.OAuthDataStore;
+import org.apache.shindig.social.opensocial.oauth.OAuthEntry;
+
+import com.google.inject.Inject;
+import com.google.inject.name.Named;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.OAuthValidator;
+import net.oauth.SimpleOAuthValidator;
+import net.oauth.OAuth.Parameter;
+import net.oauth.server.OAuthServlet;
+
/**
* This is a sample class that demonstrates how oauth tokens can be handed out and authorized.
* This is most certainly not production code. Your server should have clear ui, require user
@@ -58,19 +66,19 @@ public class SampleOAuthServlet extends
}
@Inject void setAuthorizeAction(@Named("shindig.oauth.authorize-action") String authorizeAction) {
- this.oauthAuthorizeAction = authorizeAction;
+ this.oauthAuthorizeAction = authorizeAction;
}
@Override
protected void doPost(HttpServletRequest servletRequest,
- HttpServletResponse servletResponse) throws ServletException, IOException {
+ HttpServletResponse servletResponse) throws ServletException, IOException {
doGet(servletRequest, servletResponse);
}
@Override
protected void doGet(HttpServletRequest servletRequest,
- HttpServletResponse servletResponse) throws ServletException, IOException {
+ HttpServletResponse servletResponse) throws ServletException, IOException {
HttpUtil.setNoCache(servletResponse);
String path = servletRequest.getPathInfo();
@@ -94,7 +102,7 @@ public class SampleOAuthServlet extends
// Hand out a request token if the consumer key and secret are valid
private void createRequestToken(HttpServletRequest servletRequest,
- HttpServletResponse servletResponse) throws IOException, OAuthException, URISyntaxException {
+ HttpServletResponse servletResponse) throws IOException, OAuthException, URISyntaxException {
OAuthMessage requestMessage = OAuthServlet.getMessage(servletRequest, null);
String consumerKey = requestMessage.getConsumerKey();
@@ -123,10 +131,10 @@ public class SampleOAuthServlet extends
// generate request_token and secret
OAuthEntry entry = dataStore.generateRequestToken(consumerKey,
- requestMessage.getParameter(OAuth.OAUTH_VERSION), callback);
+ requestMessage.getParameter(OAuth.OAUTH_VERSION), callback);
- List<Parameter> responseParams = OAuth.newList(OAuth.OAUTH_TOKEN, entry.token,
- OAuth.OAUTH_TOKEN_SECRET, entry.tokenSecret);
+ List<Parameter> responseParams = OAuth.newList(OAuth.OAUTH_TOKEN, entry.getToken(),
+ OAuth.OAUTH_TOKEN_SECRET, entry.getTokenSecret());
if (callback != null) {
responseParams.add(new Parameter(OAuth.OAUTH_CALLBACK_CONFIRMED, "true"));
}
@@ -137,7 +145,7 @@ public class SampleOAuthServlet extends
/////////////////////
// deal with authorization request
private void authorizeRequestToken(HttpServletRequest servletRequest,
- HttpServletResponse servletResponse) throws ServletException, IOException, OAuthException, URISyntaxException {
+ HttpServletResponse servletResponse) throws ServletException, IOException, OAuthException, URISyntaxException {
OAuthMessage requestMessage = OAuthServlet.getMessage(servletRequest, null);
@@ -153,7 +161,7 @@ public class SampleOAuthServlet extends
return;
}
- OAuthConsumer consumer = dataStore.getConsumer(entry.consumerKey);
+ OAuthConsumer consumer = dataStore.getConsumer(entry.getConsumerKey());
// Extremely rare case where consumer dissappears
if (consumer == null) {
@@ -162,15 +170,15 @@ public class SampleOAuthServlet extends
}
// The token is disabled if you try to convert to an access token prior to authorization
- if (entry.type == OAuthEntry.Type.DISABLED) {
+ if (entry.getType() == OAuthEntry.Type.DISABLED) {
servletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "This token is disabled, please reinitate login");
return;
}
- String callback = entry.callbackUrl;
+ String callback = entry.getCallbackUrl();
// Redirect to a UI flow if the token is not authorized
- if (!entry.authorized) {
+ if (!entry.isAuthorized()) {
// TBD -- need to decode encrypted payload somehow..
if (this.oauthAuthorizeAction.startsWith("http")) {
// Redirect to authorization page with params
@@ -183,7 +191,7 @@ public class SampleOAuthServlet extends
servletRequest.setAttribute("OAUTH_ENTRY", entry);
servletRequest.setAttribute("CALLBACK", callback);
- servletRequest.setAttribute("TOKEN", entry.token);
+ servletRequest.setAttribute("TOKEN", entry.getToken());
servletRequest.setAttribute("CONSUMER", consumer);
servletRequest.getRequestDispatcher(oauthAuthorizeAction).forward(servletRequest,servletResponse);
@@ -199,17 +207,17 @@ public class SampleOAuthServlet extends
servletResponse.setContentType("text/plain");
PrintWriter out = servletResponse.getWriter();
out.write("Token successfully authorized.\n");
- if (entry.callbackToken != null) {
+ if (entry.getCallbackToken() != null) {
// Usability fail.
- out.write("Please enter code " + entry.callbackToken + " at the consumer.");
+ out.write("Please enter code " + entry.getCallbackToken() + " at the consumer.");
}
} else {
- callback = OAuth.addParameters(callback, OAuth.OAUTH_TOKEN, entry.token);
+ callback = OAuth.addParameters(callback, OAuth.OAUTH_TOKEN, entry.getToken());
// Add user_id to the callback
- callback = OAuth.addParameters(callback, "user_id", entry.userId);
- if (entry.callbackToken != null) {
+ callback = OAuth.addParameters(callback, "user_id", entry.getUserId());
+ if (entry.getCallbackToken() != null) {
callback = OAuth.addParameters(callback, OAuth.OAUTH_VERIFIER,
- entry.callbackToken);
+ entry.getCallbackToken());
}
servletResponse.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
@@ -220,22 +228,22 @@ public class SampleOAuthServlet extends
// Hand out an access token if the consumer key and secret are valid and the user authorized
// the requestToken
private void createAccessToken(HttpServletRequest servletRequest,
- HttpServletResponse servletResponse) throws ServletException, IOException, OAuthException, URISyntaxException {
+ HttpServletResponse servletResponse) throws ServletException, IOException, OAuthException, URISyntaxException {
OAuthMessage requestMessage = OAuthServlet.getMessage(servletRequest, null);
OAuthEntry entry = getValidatedEntry(requestMessage);
if (entry == null)
throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
- if (entry.callbackToken != null) {
+ if (entry.getCallbackToken() != null) {
// We're using the fixed protocol
String clientCallbackToken = requestMessage.getParameter(OAuth.OAUTH_VERIFIER);
- if (!entry.callbackToken.equals(clientCallbackToken)) {
+ if (!entry.getCallbackToken().equals(clientCallbackToken)) {
dataStore.disableToken(entry);
servletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "This token is not authorized");
return;
}
- } else if (!entry.authorized) {
+ } else if (!entry.isAuthorized()) {
// Old protocol. Catch consumers trying to convert a token to one that's not authorized
dataStore.disableToken(entry);
servletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "This token is not authorized");
@@ -246,20 +254,20 @@ public class SampleOAuthServlet extends
OAuthEntry accessEntry = dataStore.convertToAccessToken(entry);
sendResponse(servletResponse, OAuth.newList(
- OAuth.OAUTH_TOKEN, accessEntry.token,
- OAuth.OAUTH_TOKEN_SECRET, accessEntry.tokenSecret,
- "user_id", entry.userId));
+ OAuth.OAUTH_TOKEN, accessEntry.getToken(),
+ OAuth.OAUTH_TOKEN_SECRET, accessEntry.getTokenSecret(),
+ "user_id", entry.getUserId()));
}
private OAuthEntry getValidatedEntry(OAuthMessage requestMessage)
- throws IOException, ServletException, OAuthException, URISyntaxException {
+ throws IOException, ServletException, OAuthException, URISyntaxException {
OAuthEntry entry = dataStore.getEntry(requestMessage.getToken());
if (entry == null)
throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
- if (entry.type != OAuthEntry.Type.REQUEST)
+ if (entry.getType() != OAuthEntry.Type.REQUEST)
throw new OAuthProblemException(OAuth.Problems.TOKEN_USED);
if (entry.isExpired())
@@ -273,9 +281,9 @@ public class SampleOAuthServlet extends
throw e;
}
- String consumerKey = entry.consumerKey;
+ String consumerKey = entry.getConsumerKey();
if (!consumerKey.equals(requestMessage.getConsumerKey()))
- throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_REFUSED);
+ throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_REFUSED);
OAuthConsumer consumer = dataStore.getConsumer(consumerKey);
@@ -284,8 +292,8 @@ public class SampleOAuthServlet extends
OAuthAccessor accessor = new OAuthAccessor(consumer);
- accessor.requestToken = entry.token;
- accessor.tokenSecret = entry.tokenSecret;
+ accessor.requestToken = entry.getToken();
+ accessor.tokenSecret = entry.getTokenSecret();
VALIDATOR.validateMessage(requestMessage, accessor);
@@ -293,7 +301,7 @@ public class SampleOAuthServlet extends
}
private void sendResponse(HttpServletResponse servletResponse, List<OAuth.Parameter> parameters)
- throws IOException {
+ throws IOException {
servletResponse.setContentType("text/plain");
OutputStream out = servletResponse.getOutputStream();
OAuth.formEncode(parameters, out);
@@ -301,8 +309,8 @@ public class SampleOAuthServlet extends
}
private static void handleException(Exception e, HttpServletRequest request,
- HttpServletResponse response, boolean sendBody)
- throws IOException, ServletException {
+ HttpServletResponse response, boolean sendBody)
+ throws IOException, ServletException {
String realm = (request.isSecure()) ? "https://" : "http://";
if (request.getHeader("Host") != null) {
Modified: shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java?rev=952849&r1=952848&r2=952849&view=diff
==============================================================================
--- shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java (original)
+++ shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java Tue Jun 8 22:28:52 2010
@@ -64,9 +64,9 @@ public class OAuthAuthenticationHanderTe
public void setUp() throws Exception {
reqHandler = new OAuthAuthenticationHandler(mockStore);
formEncodedPost = new FakeOAuthRequest("POST", TEST_URL, "a=b&c=d",
- OAuth.FORM_ENCODED);
+ OAuth.FORM_ENCODED);
nonFormEncodedPost = new FakeOAuthRequest("POST", TEST_URL, "BODY",
- "text/plain");
+ "text/plain");
}
private void expectTokenEntry() {
@@ -75,32 +75,32 @@ public class OAuthAuthenticationHanderTe
private void expectTokenEntry(OAuthEntry authEntry) {
EasyMock.expect(mockStore.getEntry(
- EasyMock.eq(TOKEN))).
- andReturn(authEntry).anyTimes();
+ EasyMock.eq(TOKEN))).
+ andReturn(authEntry).anyTimes();
}
private OAuthEntry createOAuthEntry() {
OAuthEntry authEntry = new OAuthEntry();
- authEntry.appId = APP_ID;
- authEntry.authorized = true;
- authEntry.consumerKey = FakeOAuthRequest.CONSUMER_KEY;
- authEntry.token = TOKEN;
- authEntry.tokenSecret = FakeOAuthRequest.CONSUMER_SECRET;
- authEntry.type = OAuthEntry.Type.ACCESS;
- authEntry.userId = FakeOAuthRequest.REQUESTOR;
- authEntry.issueTime = new Date();
- authEntry.domain = DOMAIN;
- authEntry.container = CONTAINER;
+ authEntry.setAppId(APP_ID);
+ authEntry.setAuthorized(true);
+ authEntry.setConsumerKey(FakeOAuthRequest.CONSUMER_KEY);
+ authEntry.setToken(TOKEN);
+ authEntry.setTokenSecret(FakeOAuthRequest.CONSUMER_SECRET);
+ authEntry.setType(OAuthEntry.Type.ACCESS);
+ authEntry.setUserId(FakeOAuthRequest.REQUESTOR);
+ authEntry.setIssueTime(new Date());
+ authEntry.setDomain(DOMAIN);
+ authEntry.setContainer(CONTAINER);
return authEntry;
}
private void expectConsumer() {
try {
EasyMock.expect(mockStore.getConsumer(
- EasyMock.eq(FakeOAuthRequest.CONSUMER_KEY))).
- andReturn(new OAuthConsumer(null, FakeOAuthRequest.CONSUMER_KEY,
- FakeOAuthRequest.CONSUMER_SECRET, new OAuthServiceProvider(null, null, null)))
- .anyTimes();
+ EasyMock.eq(FakeOAuthRequest.CONSUMER_KEY))).
+ andReturn(new OAuthConsumer(null, FakeOAuthRequest.CONSUMER_KEY,
+ FakeOAuthRequest.CONSUMER_SECRET, new OAuthServiceProvider(null, null, null)))
+ .anyTimes();
} catch (OAuthProblemException e) {
// ignore
}
@@ -109,8 +109,8 @@ public class OAuthAuthenticationHanderTe
private void expectSecurityToken() {
try {
EasyMock.expect(mockStore.getSecurityTokenForConsumerRequest(
- EasyMock.eq(FakeOAuthRequest.CONSUMER_KEY), EasyMock.eq(FakeOAuthRequest.REQUESTOR))).
- andReturn(new AnonymousSecurityToken());
+ EasyMock.eq(FakeOAuthRequest.CONSUMER_KEY), EasyMock.eq(FakeOAuthRequest.REQUESTOR))).
+ andReturn(new AnonymousSecurityToken());
} catch (OAuthProblemException e) {
// ignore
}
@@ -122,7 +122,7 @@ public class OAuthAuthenticationHanderTe
expectConsumer();
replay();
HttpServletRequest request = formEncodedPost.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
SecurityToken token = reqHandler.getSecurityTokenFromRequest(request);
assertEquals(FakeOAuthRequest.REQUESTOR, token.getViewerId());
assertEquals(APP_ID, token.getAppId());
@@ -139,9 +139,9 @@ public class OAuthAuthenticationHanderTe
expectConsumer();
replay();
FakeOAuthRequest get =
- new FakeOAuthRequest("GET", TEST_URL, null, null);
+ new FakeOAuthRequest("GET", TEST_URL, null, null);
FakeHttpServletRequest request = get.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
}
@@ -151,9 +151,9 @@ public class OAuthAuthenticationHanderTe
expectConsumer();
replay();
FakeOAuthRequest get =
- new FakeOAuthRequest("GET", TEST_URL, null, null);
+ new FakeOAuthRequest("GET", TEST_URL, null, null);
FakeHttpServletRequest request = get.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER, FakeOAuthRequest.BodySigning.NONE);
assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
}
@@ -163,7 +163,7 @@ public class OAuthAuthenticationHanderTe
expectConsumer();
replay();
HttpServletRequest request = formEncodedPost.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.POST_BODY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.POST_BODY, FakeOAuthRequest.BodySigning.NONE);
SecurityToken token = reqHandler.getSecurityTokenFromRequest(request);
assertNotNull(token);
verify();
@@ -176,7 +176,7 @@ public class OAuthAuthenticationHanderTe
expectConsumer();
replay();
HttpServletRequest request = formEncodedPost.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
try {
reqHandler.getSecurityTokenFromRequest(request);
fail("Expect failure as no token entry in store");
@@ -189,12 +189,12 @@ public class OAuthAuthenticationHanderTe
@Test
public void testVerifyFailTokenSecretMismatch() throws Exception {
OAuthEntry authEntry = createOAuthEntry();
- authEntry.tokenSecret = "badsecret";
+ authEntry.setTokenSecret("badsecret");
expectTokenEntry(authEntry);
expectConsumer();
replay();
HttpServletRequest request = formEncodedPost.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
try {
reqHandler.getSecurityTokenFromRequest(request);
fail("Expect failure as token secrets mismatch");
@@ -207,12 +207,12 @@ public class OAuthAuthenticationHanderTe
@Test
public void testVerifyFailTokenIsRequest() throws Exception {
OAuthEntry authEntry = createOAuthEntry();
- authEntry.type = OAuthEntry.Type.REQUEST;
+ authEntry.setType(OAuthEntry.Type.REQUEST);
expectTokenEntry(authEntry);
expectConsumer();
replay();
HttpServletRequest request = formEncodedPost.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
try {
reqHandler.getSecurityTokenFromRequest(request);
fail("Expect failure as token is a request token not an access token");
@@ -225,13 +225,13 @@ public class OAuthAuthenticationHanderTe
@Test
public void testVerifyFailTokenIsExpired() throws Exception {
OAuthEntry authEntry = createOAuthEntry();
- authEntry.issueTime = new Date(System.currentTimeMillis() - (OAuthEntry.ONE_YEAR + 1));
- authEntry.type = OAuthEntry.Type.REQUEST;
+ authEntry.setIssueTime(new Date(System.currentTimeMillis() - (OAuthEntry.ONE_YEAR + 1)));
+ authEntry.setType(OAuthEntry.Type.REQUEST);
expectTokenEntry(authEntry);
expectConsumer();
replay();
HttpServletRequest request = formEncodedPost.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
try {
reqHandler.getSecurityTokenFromRequest(request);
fail("Expect failure as token is expired");
@@ -247,7 +247,7 @@ public class OAuthAuthenticationHanderTe
expectSecurityToken();
replay();
HttpServletRequest request = formEncodedPost.sign(null,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
SecurityToken token = reqHandler.getSecurityTokenFromRequest(request);
assertNotNull(token);
assertFalse(token instanceof OAuthSecurityToken);
@@ -260,9 +260,9 @@ public class OAuthAuthenticationHanderTe
expectSecurityToken();
replay();
FakeOAuthRequest get =
- new FakeOAuthRequest("GET", TEST_URL, null, null);
+ new FakeOAuthRequest("GET", TEST_URL, null, null);
FakeHttpServletRequest request = get.sign(null,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
}
@@ -272,9 +272,9 @@ public class OAuthAuthenticationHanderTe
expectSecurityToken();
replay();
FakeOAuthRequest get =
- new FakeOAuthRequest("GET", TEST_URL, null, null);
+ new FakeOAuthRequest("GET", TEST_URL, null, null);
FakeHttpServletRequest request = get.sign(null,
- FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER, FakeOAuthRequest.BodySigning.NONE);
assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
}
@@ -284,7 +284,7 @@ public class OAuthAuthenticationHanderTe
expectSecurityToken();
replay();
HttpServletRequest request = formEncodedPost.sign(null,
- FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER, FakeOAuthRequest.BodySigning.NONE);
reqHandler.getSecurityTokenFromRequest(request);
verify();
}
@@ -295,7 +295,7 @@ public class OAuthAuthenticationHanderTe
expectSecurityToken();
replay();
HttpServletRequest request = formEncodedPost.sign(null,
- FakeOAuthRequest.OAuthParamLocation.POST_BODY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.POST_BODY, FakeOAuthRequest.BodySigning.NONE);
reqHandler.getSecurityTokenFromRequest(request);
verify();
}
@@ -304,7 +304,7 @@ public class OAuthAuthenticationHanderTe
public void testNoSignature() throws Exception {
replay();
FakeHttpServletRequest request = formEncodedPost.sign(null,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
// A request without a signature is not an OAuth request
request.setParameter(OAuth.OAUTH_SIGNATURE, "");
SecurityToken st = reqHandler.getSecurityTokenFromRequest(request);
@@ -319,7 +319,7 @@ public class OAuthAuthenticationHanderTe
replay();
FakeHttpServletRequest request = nonFormEncodedPost.sign(null,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.HASH);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.HASH);
assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
}
@@ -327,10 +327,10 @@ public class OAuthAuthenticationHanderTe
public void testConsumerFailBodyHashSigningWithFormEncoding() throws Exception {
replay();
FakeOAuthRequest bodyHashPost =
- new FakeOAuthRequest("POST", TEST_URL, "a=b&c=d&oauth_body_hash=hash",
- OAuth.FORM_ENCODED);
+ new FakeOAuthRequest("POST", TEST_URL, "a=b&c=d&oauth_body_hash=hash",
+ OAuth.FORM_ENCODED);
FakeHttpServletRequest request = bodyHashPost
- .sign(null, FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
+ .sign(null, FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
FakeOAuthRequest.BodySigning.NONE);
try {
reqHandler.getSecurityTokenFromRequest(request);
@@ -357,7 +357,7 @@ public class OAuthAuthenticationHanderTe
String body = "BODY";
req.setPostData(CharsetUtil.getUtf8Bytes(body));
String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil.getUtf8Bytes(body))),
- "UTF-8");
+ "UTF-8");
req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash);
OAuthAuthenticationHandler.verifyBodyHash(req, hash);
}
@@ -369,7 +369,7 @@ public class OAuthAuthenticationHanderTe
String body = "BODY";
req.setPostData(CharsetUtil.getUtf8Bytes(body));
String hash = new String(Base64.encodeBase64(
- DigestUtils.sha(CharsetUtil.getUtf8Bytes("NOTBODY"))), "UTF-8");
+ DigestUtils.sha(CharsetUtil.getUtf8Bytes("NOTBODY"))), "UTF-8");
req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash);
try {
OAuthAuthenticationHandler.verifyBodyHash(req, hash);
@@ -386,7 +386,7 @@ public class OAuthAuthenticationHanderTe
String body = "BODY";
req.setPostData(CharsetUtil.getUtf8Bytes(body));
String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil.getUtf8Bytes(body))),
- "UTF-8");
+ "UTF-8");
req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash);
try {
OAuthAuthenticationHandler.verifyBodyHash(req, hash);
@@ -401,7 +401,7 @@ public class OAuthAuthenticationHanderTe
FakeHttpServletRequest req = new FakeHttpServletRequest();
req.setPostData(CharsetUtil.getUtf8Bytes(""));
String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil.getUtf8Bytes(""))),
- "UTF-8");
+ "UTF-8");
OAuthAuthenticationHandler.verifyBodyHash(req, hash);
}
}