use of net.oauth.OAuthProblemException in project zm-mailbox by Zimbra.
the class OAuthRevAValidator method validateTimestampAndNonce.
/** This implementation doesn't check the nonce value. */
protected void validateTimestampAndNonce(OAuthMessage message) throws IOException, OAuthProblemException {
message.requireParameters(OAuth.OAUTH_TIMESTAMP, OAuth.OAUTH_NONCE);
long timestamp = Long.parseLong(message.getParameter(OAuth.OAUTH_TIMESTAMP)) * 1000L;
long now = currentTimeMsec();
long min = now - timestampWindow;
long max = now + timestampWindow;
if (timestamp < min || max < timestamp) {
OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.TIMESTAMP_REFUSED);
problem.setParameter(OAuth.Problems.OAUTH_ACCEPTABLE_TIMESTAMPS, min + "-" + max);
throw problem;
}
}
use of net.oauth.OAuthProblemException in project cxf by apache.
the class OAuthServletFilter method doFilter.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
try {
OAuthInfo info = handleOAuthRequest(req);
req = setSecurityContext(req, info);
chain.doFilter(req, resp);
} catch (OAuthProblemException e) {
OAuthServlet.handleException(resp, e, "");
} catch (Exception e) {
OAuthServlet.handleException(resp, e, "");
}
}
use of net.oauth.OAuthProblemException in project cxf by apache.
the class AccessTokenHandler method handle.
public Response handle(MessageContext mc, OAuthDataProvider dataProvider, OAuthValidator validator) {
try {
OAuthMessage oAuthMessage = OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);
RequestToken requestToken = dataProvider.getRequestToken(oAuthMessage.getToken());
if (requestToken == null) {
throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
}
String oauthVerifier = oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER);
if (StringUtils.isEmpty(oauthVerifier)) {
if (requestToken.getSubject() != null && requestToken.isPreAuthorized()) {
LOG.fine("Preauthorized request token");
} else {
throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
}
} else if (!oauthVerifier.equals(requestToken.getVerifier())) {
throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
}
OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken, dataProvider, validator);
AccessTokenRegistration reg = new AccessTokenRegistration();
reg.setRequestToken(requestToken);
AccessToken accessToken = dataProvider.createAccessToken(reg);
// create response
Map<String, Object> responseParams = new HashMap<>();
responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenKey());
responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
String responseString = OAuth.formEncode(responseParams.entrySet());
return Response.ok(responseString).build();
} catch (OAuthProblemException e) {
LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] { e.fillInStackTrace() });
int code = e.getHttpStatusCode();
if (code == HttpServletResponse.SC_OK) {
code = e.getProblem() == OAuth.Problems.CONSUMER_KEY_UNKNOWN ? 401 : 400;
}
return OAuthUtils.handleException(mc, e, code);
} catch (OAuthServiceException e) {
return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_BAD_REQUEST);
} catch (Exception e) {
LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}", new Object[] { e.fillInStackTrace() });
return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
use of net.oauth.OAuthProblemException in project cxf by apache.
the class OAuthUtils method handleTokenRejectedException.
public static RequestToken handleTokenRejectedException() throws OAuthProblemException {
OAuthProblemException problemEx = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
problemEx.setParameter(OAuthProblemException.HTTP_STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);
throw problemEx;
}
use of net.oauth.OAuthProblemException in project bigbluebutton by bigbluebutton.
the class OAuthSignatureMethod method newMethod.
/** The factory for signature methods. */
public static OAuthSignatureMethod newMethod(String name, OAuthAccessor accessor) throws OAuthException {
try {
Class methodClass = NAME_TO_CLASS.get(name);
if (methodClass != null) {
OAuthSignatureMethod method = (OAuthSignatureMethod) methodClass.newInstance();
method.initialize(name, accessor);
return method;
}
OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.SIGNATURE_METHOD_REJECTED);
String acceptable = OAuth.percentEncode(NAME_TO_CLASS.keySet());
if (acceptable.length() > 0) {
problem.setParameter("oauth_acceptable_signature_methods", acceptable.toString());
}
throw problem;
} catch (InstantiationException e) {
throw new OAuthException(e);
} catch (IllegalAccessException e) {
throw new OAuthException(e);
}
}
Aggregations