Example 16 with OAuthMessage
use of net.oauth.OAuthMessage in project zm-mailbox by Zimbra.
the class OAuthAuthorizationServlet method doPost.
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
LOG.debug("Authorization Handler doPost requested!");
try {
OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
OAuthAccessor accessor = OAuthServiceProvider.getAccessor(requestMessage);
//status can be yes/no(accept/declined)
String status = (String) request.getAttribute("STATUS");
if (null != status && status.equals("no")) {
LOG.debug("Access to zimbra message is denied.");
OAuthTokenCache.remove(accessor.requestToken, OAuthTokenCache.REQUEST_TOKEN_TYPE);
sendUnauthorizedResponse(response, accessor);
return;
}
String username = request.getParameter("username");
String zmtoken = (String) request.getAttribute("ZM_AUTH_TOKEN");
LOG.debug("[AuthorizationHandlerInput] username = %s, oauth_token = %s, ZM_AUTH_TOKEN = %s", username, request.getParameter("oauth_token"), zmtoken);
if (zmtoken == null) {
sendToAuthorizePage(request, response, accessor);
} else {
OAuthServiceProvider.markAsAuthorized(accessor, request.getParameter("username"), zmtoken);
OAuthServiceProvider.generateVerifier(accessor);
returnToConsumer(request, response, accessor);
}
} catch (Exception e) {
LOG.debug("AuthorizationHandler exception", e);
OAuthServiceProvider.handleException(e, request, response, true);
}
}
Also used :
OAuthAccessor(net.oauth.OAuthAccessor)
OAuthMessage(net.oauth.OAuthMessage)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 17 with OAuthMessage
use of net.oauth.OAuthMessage in project zm-mailbox by Zimbra.
the class OAuthAuthorizationServlet method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
LOG.debug("Authorization Handler doGet requested!");
try {
OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, null);
OAuthAccessor accessor = OAuthServiceProvider.getAccessor(oAuthMessage);
if (Boolean.TRUE.equals(accessor.getProperty("authorized"))) {
// already authorized send the user back
returnToConsumer(request, response, accessor);
} else {
sendToAuthorizePage(request, response, accessor);
}
} catch (Exception e) {
OAuthServiceProvider.handleException(e, request, response, true);
}
}
Also used :
OAuthAccessor(net.oauth.OAuthAccessor)
OAuthMessage(net.oauth.OAuthMessage)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 18 with OAuthMessage
use of net.oauth.OAuthMessage in project cxf by apache.
the class CallbackURLController method handleRequest.
@RequestMapping("/callback")
protected ModelAndView handleRequest(@ModelAttribute("oAuthParams") OAuthParams oAuthParams, HttpServletRequest request) throws Exception {
OAuthMessage message = OAuthServlet.getMessage(request, request.getRequestURL().toString());
try {
message.requireParameters(OAuth.OAUTH_TOKEN, OAuth.OAUTH_VERIFIER);
oAuthParams.setOauthToken(message.getToken());
oAuthParams.setOauthVerifier(message.getParameter(OAuth.OAUTH_VERIFIER));
oAuthParams.setClientID(Common.findCookieValue(request, "clientID"));
oAuthParams.setClientSecret(Common.findCookieValue(request, "clientSecret"));
} catch (OAuthProblemException e) {
oAuthParams.setErrorMessage("OAuth problem: " + e.getProblem() + e.getParameters().toString());
}
return new ModelAndView("tokenRequest");
}
Also used :
OAuthProblemException(net.oauth.OAuthProblemException)
OAuthMessage(net.oauth.OAuthMessage)
ModelAndView(org.springframework.web.servlet.ModelAndView)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 19 with OAuthMessage
use of net.oauth.OAuthMessage in project cxf by apache.
the class OAuthClientUtils method doGetAuthorizationHeader.
private static String doGetAuthorizationHeader(OAuthAccessor accessor, String method, String requestURI, Map<String, String> parameters) {
try {
OAuthMessage msg = accessor.newRequestMessage(method, requestURI, parameters.entrySet());
StringBuilder sb = new StringBuilder();
sb.append(msg.getAuthorizationHeader(null));
for (Map.Entry<String, String> entry : parameters.entrySet()) {
if (!entry.getKey().startsWith("oauth_")) {
sb.append(", ");
sb.append(OAuth.percentEncode(entry.getKey())).append("=\"");
sb.append(OAuth.percentEncode(entry.getValue())).append('"');
}
}
return sb.toString();
} catch (Exception ex) {
throw new ProcessingException(ex);
}
}
Also used :
OAuthMessage(net.oauth.OAuthMessage)
HashMap(java.util.HashMap)
Map(java.util.Map)
ProcessingException(javax.ws.rs.ProcessingException)
WebApplicationException(javax.ws.rs.WebApplicationException)
OAuthServiceException(org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)
ProcessingException(javax.ws.rs.ProcessingException)
Example 20 with OAuthMessage
use of net.oauth.OAuthMessage in project cxf by apache.
the class AbstractAuthFilter method handleOAuthRequest.
/**
* Authenticates the third-party consumer and returns
* {@link OAuthInfo} bean capturing the information about the request.
* @param req http request
* @return OAuth info
* @see OAuthInfo
* @throws Exception
* @throws OAuthProblemException
*/
protected OAuthInfo handleOAuthRequest(HttpServletRequest req) throws Exception, OAuthProblemException {
if (LOG.isLoggable(Level.FINE)) {
LOG.log(Level.FINE, "OAuth security filter for url: {0}", req.getRequestURL());
}
AccessToken accessToken = null;
Client client = null;
OAuthMessage oAuthMessage = OAuthServlet.getMessage(new CustomHttpServletWrapper(req), OAuthServlet.getRequestURL(req));
if (oAuthMessage.getParameter(OAuth.OAUTH_TOKEN) != null) {
oAuthMessage.requireParameters(REQUIRED_PARAMETERS);
accessToken = dataProvider.getAccessToken(oAuthMessage.getToken());
// check if access token is not null
if (accessToken == null) {
LOG.warning("Access token is unavailable");
throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
}
client = accessToken.getClient();
OAuthUtils.validateMessage(oAuthMessage, client, accessToken, dataProvider, validator);
} else {
String consumerKey = null;
String consumerSecret = null;
String authHeader = oAuthMessage.getHeader("Authorization");
if (authHeader != null) {
if (authHeader.startsWith("OAuth")) {
consumerKey = oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY);
consumerSecret = oAuthMessage.getParameter(OAuthConstants.OAUTH_CONSUMER_SECRET);
} else if (authHeader.startsWith("Basic")) {
AuthorizationPolicy policy = getAuthorizationPolicy(authHeader);
if (policy != null) {
consumerKey = policy.getUserName();
consumerSecret = policy.getPassword();
}
}
}
if (consumerKey != null) {
client = dataProvider.getClient(consumerKey);
}
if (client == null) {
LOG.warning("Client is invalid");
throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
}
if (consumerSecret != null && !consumerSecret.equals(client.getSecretKey())) {
LOG.warning("Client secret is invalid");
throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
}
OAuthUtils.validateMessage(oAuthMessage, client, null, dataProvider, validator);
accessToken = client.getPreAuthorizedToken();
if (accessToken == null || !accessToken.isPreAuthorized()) {
LOG.warning("Preauthorized access token is unavailable");
throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
}
}
List<OAuthPermission> permissions = accessToken.getScopes();
List<OAuthPermission> matchingPermissions = new ArrayList<>();
for (OAuthPermission perm : permissions) {
boolean uriOK = checkRequestURI(req, perm.getUris());
boolean verbOK = checkHttpVerb(req, perm.getHttpVerbs());
if (uriOK && verbOK) {
matchingPermissions.add(perm);
}
}
if (!permissions.isEmpty() && matchingPermissions.isEmpty()) {
String message = "Client has no valid permissions";
LOG.warning(message);
throw new OAuthProblemException(message);
}
return new OAuthInfo(accessToken, matchingPermissions);
}
Also used :
OAuthProblemException(net.oauth.OAuthProblemException)
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
OAuthPermission(org.apache.cxf.rs.security.oauth.data.OAuthPermission)
OAuthMessage(net.oauth.OAuthMessage)
AccessToken(org.apache.cxf.rs.security.oauth.data.AccessToken)
ArrayList(java.util.ArrayList)
Client(org.apache.cxf.rs.security.oauth.data.Client)
Aggregations
OAuthMessage (net.oauth.OAuthMessage)22
OAuthAccessor (net.oauth.OAuthAccessor)10
HashMap (java.util.HashMap)9
OAuthProblemException (net.oauth.OAuthProblemException)8
IOException (java.io.IOException)7
Map (java.util.Map)5
ServletException (javax.servlet.ServletException)5
OAuthConsumer (net.oauth.OAuthConsumer)5
OAuthServiceException (org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)4
ArrayList (java.util.ArrayList)3
RequestToken (org.apache.cxf.rs.security.oauth.data.RequestToken)3
Account (com.zimbra.cs.account.Account)2
OutputStream (java.io.OutputStream)2
IllegalArgumentException (java.lang.IllegalArgumentException)2
URI (java.net.URI)2
List (java.util.List)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
OAuthValidator (net.oauth.OAuthValidator)2
SimpleOAuthValidator (net.oauth.SimpleOAuthValidator)2
AccessToken (org.apache.cxf.rs.security.oauth.data.AccessToken)2
