Search in sources :

Example 6 with OAuthProblemException

use of net.oauth.OAuthProblemException in project zm-mailbox by Zimbra.

the class OAuthRevAValidator method validateTimestampAndNonce.

/** This implementation doesn't check the nonce value. */
protected void validateTimestampAndNonce(OAuthMessage message) throws IOException, OAuthProblemException {
    message.requireParameters(OAuth.OAUTH_TIMESTAMP, OAuth.OAUTH_NONCE);
    long timestamp = Long.parseLong(message.getParameter(OAuth.OAUTH_TIMESTAMP)) * 1000L;
    long now = currentTimeMsec();
    long min = now - timestampWindow;
    long max = now + timestampWindow;
    if (timestamp < min || max < timestamp) {
        OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.TIMESTAMP_REFUSED);
        problem.setParameter(OAuth.Problems.OAUTH_ACCEPTABLE_TIMESTAMPS, min + "-" + max);
        throw problem;
    }
}
Also used : OAuthProblemException(net.oauth.OAuthProblemException)

Example 7 with OAuthProblemException

use of net.oauth.OAuthProblemException in project cxf by apache.

the class OAuthServletFilter method doFilter.

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse resp = (HttpServletResponse) response;
    try {
        OAuthInfo info = handleOAuthRequest(req);
        req = setSecurityContext(req, info);
        chain.doFilter(req, resp);
    } catch (OAuthProblemException e) {
        OAuthServlet.handleException(resp, e, "");
    } catch (Exception e) {
        OAuthServlet.handleException(resp, e, "");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) OAuthProblemException(net.oauth.OAuthProblemException) HttpServletResponse(javax.servlet.http.HttpServletResponse) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) OAuthProblemException(net.oauth.OAuthProblemException)

Example 8 with OAuthProblemException

use of net.oauth.OAuthProblemException in project cxf by apache.

the class AccessTokenHandler method handle.

public Response handle(MessageContext mc, OAuthDataProvider dataProvider, OAuthValidator validator) {
    try {
        OAuthMessage oAuthMessage = OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);
        RequestToken requestToken = dataProvider.getRequestToken(oAuthMessage.getToken());
        if (requestToken == null) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
        String oauthVerifier = oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER);
        if (StringUtils.isEmpty(oauthVerifier)) {
            if (requestToken.getSubject() != null && requestToken.isPreAuthorized()) {
                LOG.fine("Preauthorized request token");
            } else {
                throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
            }
        } else if (!oauthVerifier.equals(requestToken.getVerifier())) {
            throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
        }
        OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken, dataProvider, validator);
        AccessTokenRegistration reg = new AccessTokenRegistration();
        reg.setRequestToken(requestToken);
        AccessToken accessToken = dataProvider.createAccessToken(reg);
        // create response
        Map<String, Object> responseParams = new HashMap<>();
        responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenKey());
        responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
        String responseString = OAuth.formEncode(responseParams.entrySet());
        return Response.ok(responseString).build();
    } catch (OAuthProblemException e) {
        LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] { e.fillInStackTrace() });
        int code = e.getHttpStatusCode();
        if (code == HttpServletResponse.SC_OK) {
            code = e.getProblem() == OAuth.Problems.CONSUMER_KEY_UNKNOWN ? 401 : 400;
        }
        return OAuthUtils.handleException(mc, e, code);
    } catch (OAuthServiceException e) {
        return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_BAD_REQUEST);
    } catch (Exception e) {
        LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}", new Object[] { e.fillInStackTrace() });
        return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    }
}
Also used : OAuthProblemException(net.oauth.OAuthProblemException) OAuthMessage(net.oauth.OAuthMessage) HashMap(java.util.HashMap) OAuthServiceException(org.apache.cxf.rs.security.oauth.provider.OAuthServiceException) RequestToken(org.apache.cxf.rs.security.oauth.data.RequestToken) AccessToken(org.apache.cxf.rs.security.oauth.data.AccessToken) AccessTokenRegistration(org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration) OAuthProblemException(net.oauth.OAuthProblemException) OAuthServiceException(org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)

Example 9 with OAuthProblemException

use of net.oauth.OAuthProblemException in project cxf by apache.

the class OAuthUtils method handleTokenRejectedException.

public static RequestToken handleTokenRejectedException() throws OAuthProblemException {
    OAuthProblemException problemEx = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
    problemEx.setParameter(OAuthProblemException.HTTP_STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);
    throw problemEx;
}
Also used : OAuthProblemException(net.oauth.OAuthProblemException)

Example 10 with OAuthProblemException

use of net.oauth.OAuthProblemException in project bigbluebutton by bigbluebutton.

the class OAuthSignatureMethod method newMethod.

/** The factory for signature methods. */
public static OAuthSignatureMethod newMethod(String name, OAuthAccessor accessor) throws OAuthException {
    try {
        Class methodClass = NAME_TO_CLASS.get(name);
        if (methodClass != null) {
            OAuthSignatureMethod method = (OAuthSignatureMethod) methodClass.newInstance();
            method.initialize(name, accessor);
            return method;
        }
        OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.SIGNATURE_METHOD_REJECTED);
        String acceptable = OAuth.percentEncode(NAME_TO_CLASS.keySet());
        if (acceptable.length() > 0) {
            problem.setParameter("oauth_acceptable_signature_methods", acceptable.toString());
        }
        throw problem;
    } catch (InstantiationException e) {
        throw new OAuthException(e);
    } catch (IllegalAccessException e) {
        throw new OAuthException(e);
    }
}
Also used : OAuthProblemException(net.oauth.OAuthProblemException) OAuthException(net.oauth.OAuthException)

Aggregations

OAuthProblemException (net.oauth.OAuthProblemException)23 OAuthMessage (net.oauth.OAuthMessage)8 IOException (java.io.IOException)6 HashMap (java.util.HashMap)4 ServletException (javax.servlet.ServletException)3 OAuthAccessor (net.oauth.OAuthAccessor)3 RequestToken (org.apache.cxf.rs.security.oauth.data.RequestToken)3 OAuthServiceException (org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)3 ServiceException (com.zimbra.common.service.ServiceException)2 Account (com.zimbra.cs.account.Account)2 ArrayList (java.util.ArrayList)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 AccessToken (org.apache.cxf.rs.security.oauth.data.AccessToken)2 Client (org.apache.cxf.rs.security.oauth.data.Client)2 OAuthPermission (org.apache.cxf.rs.security.oauth.data.OAuthPermission)2 AuthToken (com.zimbra.cs.account.AuthToken)1 AuthTokenException (com.zimbra.cs.account.AuthTokenException)1 ZimbraAuthToken (com.zimbra.cs.account.ZimbraAuthToken)1 OAuthAccessorSerializer (com.zimbra.cs.account.oauth.OAuthAccessorSerializer)1 InputStream (java.io.InputStream)1