Example 26 with OAuthMessage
use of net.oauth.OAuthMessage in project zm-mailbox by Zimbra.
the class OAuthAuthorizationServlet method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
LOG.debug("Authorization Handler doGet requested!");
try {
OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, null);
OAuthAccessor accessor = OAuthServiceProvider.getAccessor(oAuthMessage);
if (Boolean.TRUE.equals(accessor.getProperty("authorized"))) {
// already authorized send the user back
returnToConsumer(request, response, accessor);
} else {
sendToAuthorizePage(request, response, accessor);
}
} catch (Exception e) {
OAuthServiceProvider.handleException(e, request, response, true);
}
}
Also used :
OAuthAccessor(net.oauth.OAuthAccessor)
OAuthMessage(net.oauth.OAuthMessage)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 27 with OAuthMessage
use of net.oauth.OAuthMessage in project zm-mailbox by Zimbra.
the class OAuthAuthorizationServlet method doPost.
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
LOG.debug("Authorization Handler doPost requested!");
try {
OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
OAuthAccessor accessor = OAuthServiceProvider.getAccessor(requestMessage);
// status can be yes/no(accept/declined)
String status = (String) request.getAttribute("STATUS");
if (null != status && status.equals("no")) {
LOG.debug("Access to zimbra message is denied.");
OAuthTokenCache.remove(accessor.requestToken, OAuthTokenCache.REQUEST_TOKEN_TYPE);
sendUnauthorizedResponse(response, accessor);
return;
}
String username = request.getParameter("username");
String zmtoken = (String) request.getAttribute("ZM_AUTH_TOKEN");
LOG.debug("[AuthorizationHandlerInput] username = %s, oauth_token = %s, ZM_AUTH_TOKEN = %s", username, request.getParameter("oauth_token"), zmtoken);
if (zmtoken == null) {
sendToAuthorizePage(request, response, accessor);
} else {
OAuthServiceProvider.markAsAuthorized(accessor, request.getParameter("username"), zmtoken);
OAuthServiceProvider.generateVerifier(accessor);
returnToConsumer(request, response, accessor);
}
} catch (Exception e) {
LOG.debug("AuthorizationHandler exception", e);
OAuthServiceProvider.handleException(e, request, response, true);
}
}
Also used :
OAuthAccessor(net.oauth.OAuthAccessor)
OAuthMessage(net.oauth.OAuthMessage)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 28 with OAuthMessage
use of net.oauth.OAuthMessage in project zm-mailbox by Zimbra.
the class ZimbraAuthProviderForOAuth method authToken.
@Override
protected AuthToken authToken(HttpServletRequest req, boolean isAdminReq) throws AuthProviderException, AuthTokenException {
ZimbraLog.extensions.debug("authToken(HttpServletRequest req, boolean isAdminReq) is requested.");
if (isAdminReq) {
ZimbraLog.extensions.debug("isAdminReq:true");
return null;
}
String origUrl = req.getHeader("X-Zimbra-Orig-Url");
OAuthMessage oAuthMessage;
if (StringUtil.isNullOrEmpty(origUrl)) {
ZimbraLog.extensions.debug("request.getRequestURL(): " + req.getRequestURL());
oAuthMessage = OAuthServlet.getMessage(req, null);
} else {
ZimbraLog.extensions.debug("X-Zimbra-Orig-Url: " + origUrl);
oAuthMessage = OAuthServlet.getMessage(req, origUrl);
}
String accessToken;
try {
accessToken = oAuthMessage.getToken();
} catch (IOException e) {
ZimbraLog.extensions.debug("Error in getting OAuth token from request", e);
throw AuthProviderException.FAILURE(e.getMessage());
}
if (accessToken == null) {
ZimbraLog.extensions.debug("no need for further oauth processing");
throw AuthProviderException.NO_AUTH_DATA();
}
Account account;
try {
account = Provisioning.getInstance().getAccountByForeignPrincipal("oAuthAccessToken:" + accessToken);
} catch (ServiceException e) {
ZimbraLog.extensions.warn("Error in getting account using OAuth access token", e);
throw AuthProviderException.FAILURE(e.getMessage());
}
if (account == null) {
throw AuthProviderException.FAILURE("Could not identify account corresponding to the OAuth request");
}
OAuthAccessor accessor = null;
String[] accessors = account.getOAuthAccessor();
for (String val : accessors) {
if (val.startsWith(accessToken)) {
try {
accessor = new OAuthAccessorSerializer().deserialize(val.substring(accessToken.length() + 2));
} catch (ServiceException e) {
throw AuthProviderException.FAILURE("Error in deserializing OAuth accessor");
}
break;
}
}
if (accessor == null)
throw new AuthTokenException("invalid OAuth token");
try {
OAuthServiceProvider.VALIDATOR.validateMessage(oAuthMessage, accessor);
} catch (OAuthProblemException e) {
for (Map.Entry<String, Object> entry : e.getParameters().entrySet()) {
ZimbraLog.extensions.debug(entry.getKey() + ":" + entry.getValue());
}
ZimbraLog.extensions.debug("Exception in validating OAuth token", e);
throw new AuthTokenException("Exception in validating OAuth token", e);
} catch (Exception e) {
ZimbraLog.extensions.debug("Exception in validating OAuth token", e);
throw new AuthTokenException("Exception in validating OAuth token", e);
}
return AuthProvider.getAuthToken(account);
}
Also used :
OAuthAccessor(net.oauth.OAuthAccessor)
OAuthProblemException(net.oauth.OAuthProblemException)
Account(com.zimbra.cs.account.Account)
OAuthMessage(net.oauth.OAuthMessage)
ServiceException(com.zimbra.common.service.ServiceException)
OAuthAccessorSerializer(com.zimbra.cs.account.oauth.OAuthAccessorSerializer)
AuthTokenException(com.zimbra.cs.account.AuthTokenException)
IOException(java.io.IOException)
IOException(java.io.IOException)
ServiceException(com.zimbra.common.service.ServiceException)
OAuthProblemException(net.oauth.OAuthProblemException)
AuthTokenException(com.zimbra.cs.account.AuthTokenException)
Example 29 with OAuthMessage
use of net.oauth.OAuthMessage in project ngtesting-platform by aaronchen2k.
the class AtlassianOAuthClient method swapRequestTokenForAccessToken.
public String swapRequestTokenForAccessToken(String requestToken, String tokenSecret, String oauthVerifier) {
try {
OAuthAccessor accessor = getAccessor();
OAuthClient client = new OAuthClient(new HttpClient4());
accessor.requestToken = requestToken;
accessor.tokenSecret = tokenSecret;
OAuthMessage message = client.getAccessToken(accessor, "POST", ImmutableList.of(new OAuth.Parameter(OAuth.OAUTH_VERIFIER, oauthVerifier)));
return message.getToken();
} catch (Exception e) {
throw new RuntimeException("Failed to swap request token with access token", e);
}
}
Also used :
OAuthAccessor(net.oauth.OAuthAccessor)
HttpClient4(net.oauth.client.httpclient4.HttpClient4)
OAuthMessage(net.oauth.OAuthMessage)
OAuthClient(net.oauth.client.OAuthClient)
Example 30 with OAuthMessage
use of net.oauth.OAuthMessage in project spring-security-oauth by spring-projects.
the class GoogleCodeCompatibilityTests method testCalculateSignatureBaseString.
/**
* tests compatibility of calculating the signature base string.
*/
@Test
public void testCalculateSignatureBaseString() throws Exception {
final String baseUrl = "http://www.springframework.org/schema/security/";
CoreOAuthProviderSupport support = new CoreOAuthProviderSupport() {
@Override
protected String getBaseUrl(HttpServletRequest request) {
return baseUrl;
}
};
Map<String, String[]> parameterMap = new HashMap<String, String[]>();
parameterMap.put("a", new String[] { "value-a" });
parameterMap.put("b", new String[] { "value-b" });
parameterMap.put("c", new String[] { "value-c" });
parameterMap.put("param[1]", new String[] { "aaa", "bbb" });
when(request.getParameterNames()).thenReturn(Collections.enumeration(parameterMap.keySet()));
for (Map.Entry<String, String[]> param : parameterMap.entrySet()) {
when(request.getParameterValues(param.getKey())).thenReturn(param.getValue());
}
String header = "OAuth realm=\"https://sp.example.com/\"," + " oauth_consumer_key=\"0685bd9184jfhq22\"," + " oauth_token=\"ad180jjd733klru7\"," + " oauth_signature_method=\"HMAC-SHA1\"," + " oauth_signature=\"wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D\"," + " oauth_timestamp=\"137131200\"," + " oauth_callback=\"" + OAuthCodec.oauthEncode("https://myhost.com/callback") + "\"," + " oauth_nonce=\"4572616e48616d6d65724c61686176\"," + " oauth_version=\"1.0\"";
when(request.getHeaders("Authorization")).thenReturn(Collections.enumeration(Arrays.asList(header)));
when(request.getMethod()).thenReturn("GET");
String ours = support.getSignatureBaseString(request);
when(request.getHeaders("Authorization")).thenReturn(Collections.enumeration(Arrays.asList(header)));
when(request.getParameterMap()).thenReturn(parameterMap);
when(request.getHeaderNames()).thenReturn(null);
OAuthMessage message = OAuthServlet.getMessage(request, baseUrl);
String theirs = OAuthSignatureMethod.getBaseString(message);
assertEquals(theirs, ours);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
OAuthMessage(net.oauth.OAuthMessage)
HashMap(java.util.HashMap)
CoreOAuthProviderSupport(org.springframework.security.oauth.provider.filter.CoreOAuthProviderSupport)
HashMap(java.util.HashMap)
Map(java.util.Map)
Test(org.junit.Test)
Aggregations
OAuthMessage (net.oauth.OAuthMessage)30
OAuthAccessor (net.oauth.OAuthAccessor)16
IOException (java.io.IOException)9
HashMap (java.util.HashMap)9
OAuthProblemException (net.oauth.OAuthProblemException)9
Map (java.util.Map)5
ServletException (javax.servlet.ServletException)5
OAuthConsumer (net.oauth.OAuthConsumer)5
OAuthClient (net.oauth.client.OAuthClient)4
OAuthServiceException (org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)4
ArrayList (java.util.ArrayList)3
Parameter (net.oauth.OAuth.Parameter)3
HttpClient4 (net.oauth.client.httpclient4.HttpClient4)3
RequestToken (org.apache.cxf.rs.security.oauth.data.RequestToken)3
HttpRequest (org.apache.shindig.gadgets.http.HttpRequest)3
Account (com.zimbra.cs.account.Account)2
OutputStream (java.io.OutputStream)2
IllegalArgumentException (java.lang.IllegalArgumentException)2
URI (java.net.URI)2
List (java.util.List)2
