Examples with OAuthProviderToken org.springframework.security.oauth.provider.token.OAuthProviderToken used on opensource projects

Example 1 with OAuthProviderToken

use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.

the class OAuthProcessingFilterTests method testValidateSignature.

/**
	 * test validating the signature.
	 */
@Test
public void testValidateSignature() throws Exception {
    OAuthProviderProcessingFilter filter = new OAuthProviderProcessingFilter() {

        @Override
        protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
        }
    };
    ConsumerDetails details = mock(ConsumerDetails.class);
    SignatureSecret secret = mock(SignatureSecret.class);
    OAuthProviderToken token = mock(OAuthProviderToken.class);
    OAuthSignatureMethod sigMethod = mock(OAuthSignatureMethod.class);
    ConsumerCredentials credentials = new ConsumerCredentials("id", "sig", "method", "base", "token");
    when(details.getAuthorities()).thenReturn(new ArrayList<GrantedAuthority>());
    when(details.getSignatureSecret()).thenReturn(secret);
    filter.setTokenServices(tokenServices);
    when(tokenServices.getToken("token")).thenReturn(token);
    filter.setSignatureMethodFactory(signatureFactory);
    when(token.getSecret()).thenReturn("shhh!!!");
    when(signatureFactory.getSignatureMethod("method", secret, "shhh!!!")).thenReturn(sigMethod);
    ConsumerAuthentication authentication = new ConsumerAuthentication(details, credentials);
    filter.validateSignature(authentication);
    verify(sigMethod).verify("base", "sig");
}

Example 2 with OAuthProviderToken

use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.

the class AccessTokenProcessingFilter method onValidSignature.

protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException {
    //signature is verified; create the token, send the response.
    ConsumerAuthentication authentication = (ConsumerAuthentication) SecurityContextHolder.getContext().getAuthentication();
    OAuthProviderToken authToken = createOAuthToken(authentication);
    if (!authToken.getConsumerKey().equals(authentication.getConsumerDetails().getConsumerKey())) {
        throw new IllegalStateException("The consumer key associated with the created auth token is not valid for the authenticated consumer.");
    }
    String tokenValue = authToken.getValue();
    StringBuilder responseValue = new StringBuilder(OAuthProviderParameter.oauth_token.toString()).append('=').append(OAuthCodec.oauthEncode(tokenValue)).append('&').append(OAuthProviderParameter.oauth_token_secret.toString()).append('=').append(OAuthCodec.oauthEncode(authToken.getSecret()));
    response.setContentType(getResponseContentType());
    response.getWriter().print(responseValue.toString());
    response.flushBuffer();
}

Example 3 with OAuthProviderToken

use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.

the class UnauthenticatedRequestTokenProcessingFilter method onValidSignature.

protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException {
    //signature is verified; create the token, send the response.
    ConsumerAuthentication authentication = (ConsumerAuthentication) SecurityContextHolder.getContext().getAuthentication();
    OAuthProviderToken authToken = createOAuthToken(authentication);
    if (!authToken.getConsumerKey().equals(authentication.getConsumerDetails().getConsumerKey())) {
        throw new IllegalStateException("The consumer key associated with the created auth token is not valid for the authenticated consumer.");
    }
    String tokenValue = authToken.getValue();
    String callback = authentication.getOAuthParameters().get(OAuthConsumerParameter.oauth_callback.toString());
    StringBuilder responseValue = new StringBuilder(OAuthProviderParameter.oauth_token.toString()).append('=').append(OAuthCodec.oauthEncode(tokenValue)).append('&').append(OAuthProviderParameter.oauth_token_secret.toString()).append('=').append(OAuthCodec.oauthEncode(authToken.getSecret()));
    if (callback != null) {
        responseValue.append('&').append(OAuthProviderParameter.oauth_callback_confirmed.toString()).append("=true");
    }
    response.setContentType(getResponseContentType());
    response.getWriter().print(responseValue.toString());
    response.flushBuffer();
}

Example 4 with OAuthProviderToken

use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.

the class UserAuthorizationProcessingFilter method attemptAuthentication.

public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
    String requestToken = request.getParameter(getTokenParameterName());
    if (requestToken == null) {
        throw new InvalidOAuthParametersException("An OAuth token id is required.");
    }
    OAuthProviderToken token = getTokenServices().getToken(requestToken);
    if (token == null) {
        throw new InvalidOAuthTokenException("No callback value has been provided for request token " + requestToken + ".");
    }
    String callbackURL = token.getCallbackUrl();
    if (isRequire10a() && callbackURL == null) {
        throw new InvalidOAuthTokenException("No callback value has been provided for request token " + requestToken + ".");
    }
    if (callbackURL != null) {
        request.setAttribute(CALLBACK_ATTRIBUTE, callbackURL);
    }
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null || !authentication.isAuthenticated()) {
        throw new InsufficientAuthenticationException("User must be authenticated before authorizing a request token.");
    }
    String verifier = getVerifierServices().createVerifier();
    request.setAttribute(VERIFIER_ATTRIBUTE, verifier);
    getTokenServices().authorizeRequestToken(requestToken, verifier, authentication);
    return authentication;
}

Example 5 with OAuthProviderToken

use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.

the class AccessConfirmationController method getAccessConfirmation.

@RequestMapping("/oauth/confirm_access")
public ModelAndView getAccessConfirmation(HttpServletRequest request, HttpServletResponse response) throws Exception {
    String token = request.getParameter("oauth_token");
    if (token == null) {
        throw new IllegalArgumentException("A request token to authorize must be provided.");
    }
    OAuthProviderToken providerToken = tokenServices.getToken(token);
    ConsumerDetails consumer = consumerDetailsService.loadConsumerByConsumerKey(providerToken.getConsumerKey());
    String callback = request.getParameter("oauth_callback");
    TreeMap<String, Object> model = new TreeMap<String, Object>();
    model.put("oauth_token", token);
    if (callback != null) {
        model.put("oauth_callback", callback);
    }
    model.put("consumer", consumer);
    return new ModelAndView("access_confirmation", model);
}