Search in sources :

Example 26 with OAuthMessage

use of net.oauth.OAuthMessage in project zm-mailbox by Zimbra.

the class OAuthAuthorizationServlet method doGet.

@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
    LOG.debug("Authorization Handler doGet requested!");
    try {
        OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, null);
        OAuthAccessor accessor = OAuthServiceProvider.getAccessor(oAuthMessage);
        if (Boolean.TRUE.equals(accessor.getProperty("authorized"))) {
            // already authorized send the user back
            returnToConsumer(request, response, accessor);
        } else {
            sendToAuthorizePage(request, response, accessor);
        }
    } catch (Exception e) {
        OAuthServiceProvider.handleException(e, request, response, true);
    }
}
Also used : OAuthAccessor(net.oauth.OAuthAccessor) OAuthMessage(net.oauth.OAuthMessage) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 27 with OAuthMessage

use of net.oauth.OAuthMessage in project zm-mailbox by Zimbra.

the class OAuthAuthorizationServlet method doPost.

@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
    LOG.debug("Authorization Handler doPost requested!");
    try {
        OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
        OAuthAccessor accessor = OAuthServiceProvider.getAccessor(requestMessage);
        // status can be yes/no(accept/declined)
        String status = (String) request.getAttribute("STATUS");
        if (null != status && status.equals("no")) {
            LOG.debug("Access to zimbra message is denied.");
            OAuthTokenCache.remove(accessor.requestToken, OAuthTokenCache.REQUEST_TOKEN_TYPE);
            sendUnauthorizedResponse(response, accessor);
            return;
        }
        String username = request.getParameter("username");
        String zmtoken = (String) request.getAttribute("ZM_AUTH_TOKEN");
        LOG.debug("[AuthorizationHandlerInput] username = %s, oauth_token = %s, ZM_AUTH_TOKEN = %s", username, request.getParameter("oauth_token"), zmtoken);
        if (zmtoken == null) {
            sendToAuthorizePage(request, response, accessor);
        } else {
            OAuthServiceProvider.markAsAuthorized(accessor, request.getParameter("username"), zmtoken);
            OAuthServiceProvider.generateVerifier(accessor);
            returnToConsumer(request, response, accessor);
        }
    } catch (Exception e) {
        LOG.debug("AuthorizationHandler exception", e);
        OAuthServiceProvider.handleException(e, request, response, true);
    }
}
Also used : OAuthAccessor(net.oauth.OAuthAccessor) OAuthMessage(net.oauth.OAuthMessage) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 28 with OAuthMessage

use of net.oauth.OAuthMessage in project zm-mailbox by Zimbra.

the class ZimbraAuthProviderForOAuth method authToken.

@Override
protected AuthToken authToken(HttpServletRequest req, boolean isAdminReq) throws AuthProviderException, AuthTokenException {
    ZimbraLog.extensions.debug("authToken(HttpServletRequest req, boolean isAdminReq) is requested.");
    if (isAdminReq) {
        ZimbraLog.extensions.debug("isAdminReq:true");
        return null;
    }
    String origUrl = req.getHeader("X-Zimbra-Orig-Url");
    OAuthMessage oAuthMessage;
    if (StringUtil.isNullOrEmpty(origUrl)) {
        ZimbraLog.extensions.debug("request.getRequestURL(): " + req.getRequestURL());
        oAuthMessage = OAuthServlet.getMessage(req, null);
    } else {
        ZimbraLog.extensions.debug("X-Zimbra-Orig-Url: " + origUrl);
        oAuthMessage = OAuthServlet.getMessage(req, origUrl);
    }
    String accessToken;
    try {
        accessToken = oAuthMessage.getToken();
    } catch (IOException e) {
        ZimbraLog.extensions.debug("Error in getting OAuth token from request", e);
        throw AuthProviderException.FAILURE(e.getMessage());
    }
    if (accessToken == null) {
        ZimbraLog.extensions.debug("no need for further oauth processing");
        throw AuthProviderException.NO_AUTH_DATA();
    }
    Account account;
    try {
        account = Provisioning.getInstance().getAccountByForeignPrincipal("oAuthAccessToken:" + accessToken);
    } catch (ServiceException e) {
        ZimbraLog.extensions.warn("Error in getting account using OAuth access token", e);
        throw AuthProviderException.FAILURE(e.getMessage());
    }
    if (account == null) {
        throw AuthProviderException.FAILURE("Could not identify account corresponding to the OAuth request");
    }
    OAuthAccessor accessor = null;
    String[] accessors = account.getOAuthAccessor();
    for (String val : accessors) {
        if (val.startsWith(accessToken)) {
            try {
                accessor = new OAuthAccessorSerializer().deserialize(val.substring(accessToken.length() + 2));
            } catch (ServiceException e) {
                throw AuthProviderException.FAILURE("Error in deserializing OAuth accessor");
            }
            break;
        }
    }
    if (accessor == null)
        throw new AuthTokenException("invalid OAuth token");
    try {
        OAuthServiceProvider.VALIDATOR.validateMessage(oAuthMessage, accessor);
    } catch (OAuthProblemException e) {
        for (Map.Entry<String, Object> entry : e.getParameters().entrySet()) {
            ZimbraLog.extensions.debug(entry.getKey() + ":" + entry.getValue());
        }
        ZimbraLog.extensions.debug("Exception in validating OAuth token", e);
        throw new AuthTokenException("Exception in validating OAuth token", e);
    } catch (Exception e) {
        ZimbraLog.extensions.debug("Exception in validating OAuth token", e);
        throw new AuthTokenException("Exception in validating OAuth token", e);
    }
    return AuthProvider.getAuthToken(account);
}
Also used : OAuthAccessor(net.oauth.OAuthAccessor) OAuthProblemException(net.oauth.OAuthProblemException) Account(com.zimbra.cs.account.Account) OAuthMessage(net.oauth.OAuthMessage) ServiceException(com.zimbra.common.service.ServiceException) OAuthAccessorSerializer(com.zimbra.cs.account.oauth.OAuthAccessorSerializer) AuthTokenException(com.zimbra.cs.account.AuthTokenException) IOException(java.io.IOException) IOException(java.io.IOException) ServiceException(com.zimbra.common.service.ServiceException) OAuthProblemException(net.oauth.OAuthProblemException) AuthTokenException(com.zimbra.cs.account.AuthTokenException)

Example 29 with OAuthMessage

use of net.oauth.OAuthMessage in project ngtesting-platform by aaronchen2k.

the class AtlassianOAuthClient method swapRequestTokenForAccessToken.

public String swapRequestTokenForAccessToken(String requestToken, String tokenSecret, String oauthVerifier) {
    try {
        OAuthAccessor accessor = getAccessor();
        OAuthClient client = new OAuthClient(new HttpClient4());
        accessor.requestToken = requestToken;
        accessor.tokenSecret = tokenSecret;
        OAuthMessage message = client.getAccessToken(accessor, "POST", ImmutableList.of(new OAuth.Parameter(OAuth.OAUTH_VERIFIER, oauthVerifier)));
        return message.getToken();
    } catch (Exception e) {
        throw new RuntimeException("Failed to swap request token with access token", e);
    }
}
Also used : OAuthAccessor(net.oauth.OAuthAccessor) HttpClient4(net.oauth.client.httpclient4.HttpClient4) OAuthMessage(net.oauth.OAuthMessage) OAuthClient(net.oauth.client.OAuthClient)

Example 30 with OAuthMessage

use of net.oauth.OAuthMessage in project spring-security-oauth by spring-projects.

the class GoogleCodeCompatibilityTests method testCalculateSignatureBaseString.

/**
 * tests compatibility of calculating the signature base string.
 */
@Test
public void testCalculateSignatureBaseString() throws Exception {
    final String baseUrl = "http://www.springframework.org/schema/security/";
    CoreOAuthProviderSupport support = new CoreOAuthProviderSupport() {

        @Override
        protected String getBaseUrl(HttpServletRequest request) {
            return baseUrl;
        }
    };
    Map<String, String[]> parameterMap = new HashMap<String, String[]>();
    parameterMap.put("a", new String[] { "value-a" });
    parameterMap.put("b", new String[] { "value-b" });
    parameterMap.put("c", new String[] { "value-c" });
    parameterMap.put("param[1]", new String[] { "aaa", "bbb" });
    when(request.getParameterNames()).thenReturn(Collections.enumeration(parameterMap.keySet()));
    for (Map.Entry<String, String[]> param : parameterMap.entrySet()) {
        when(request.getParameterValues(param.getKey())).thenReturn(param.getValue());
    }
    String header = "OAuth realm=\"https://sp.example.com/\"," + "                oauth_consumer_key=\"0685bd9184jfhq22\"," + "                oauth_token=\"ad180jjd733klru7\"," + "                oauth_signature_method=\"HMAC-SHA1\"," + "                oauth_signature=\"wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D\"," + "                oauth_timestamp=\"137131200\"," + "                oauth_callback=\"" + OAuthCodec.oauthEncode("https://myhost.com/callback") + "\"," + "                oauth_nonce=\"4572616e48616d6d65724c61686176\"," + "                oauth_version=\"1.0\"";
    when(request.getHeaders("Authorization")).thenReturn(Collections.enumeration(Arrays.asList(header)));
    when(request.getMethod()).thenReturn("GET");
    String ours = support.getSignatureBaseString(request);
    when(request.getHeaders("Authorization")).thenReturn(Collections.enumeration(Arrays.asList(header)));
    when(request.getParameterMap()).thenReturn(parameterMap);
    when(request.getHeaderNames()).thenReturn(null);
    OAuthMessage message = OAuthServlet.getMessage(request, baseUrl);
    String theirs = OAuthSignatureMethod.getBaseString(message);
    assertEquals(theirs, ours);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) OAuthMessage(net.oauth.OAuthMessage) HashMap(java.util.HashMap) CoreOAuthProviderSupport(org.springframework.security.oauth.provider.filter.CoreOAuthProviderSupport) HashMap(java.util.HashMap) Map(java.util.Map) Test(org.junit.Test)

Aggregations

OAuthMessage (net.oauth.OAuthMessage)30 OAuthAccessor (net.oauth.OAuthAccessor)16 IOException (java.io.IOException)9 HashMap (java.util.HashMap)9 OAuthProblemException (net.oauth.OAuthProblemException)9 Map (java.util.Map)5 ServletException (javax.servlet.ServletException)5 OAuthConsumer (net.oauth.OAuthConsumer)5 OAuthClient (net.oauth.client.OAuthClient)4 OAuthServiceException (org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)4 ArrayList (java.util.ArrayList)3 Parameter (net.oauth.OAuth.Parameter)3 HttpClient4 (net.oauth.client.httpclient4.HttpClient4)3 RequestToken (org.apache.cxf.rs.security.oauth.data.RequestToken)3 HttpRequest (org.apache.shindig.gadgets.http.HttpRequest)3 Account (com.zimbra.cs.account.Account)2 OutputStream (java.io.OutputStream)2 IllegalArgumentException (java.lang.IllegalArgumentException)2 URI (java.net.URI)2 List (java.util.List)2