Example 21 with OAuthProblemException
use of net.oauth.OAuthProblemException in project cxf by apache.
the class RequestTokenHandler method handle.
public Response handle(MessageContext mc, OAuthDataProvider dataProvider, OAuthValidator validator) {
try {
OAuthMessage oAuthMessage = OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);
Client client = dataProvider.getClient(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));
// client credentials not found
if (client == null) {
throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
}
OAuthUtils.validateMessage(oAuthMessage, client, null, dataProvider, validator);
String callback = oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK);
validateCallbackURL(client, callback);
List<String> scopes = OAuthUtils.parseParamValue(oAuthMessage.getParameter(OAuthConstants.X_OAUTH_SCOPE), defaultScope);
RequestTokenRegistration reg = new RequestTokenRegistration();
reg.setClient(client);
reg.setCallback(callback);
reg.setState(oAuthMessage.getParameter(OAuthConstants.X_OAUTH_STATE));
reg.setScopes(scopes);
reg.setLifetime(tokenLifetime);
reg.setIssuedAt(System.currentTimeMillis() / 1000);
RequestToken requestToken = dataProvider.createRequestToken(reg);
if (LOG.isLoggable(Level.FINE)) {
LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
}
// create response
Map<String, Object> responseParams = new HashMap<>();
responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenKey());
responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);
String responseBody = OAuth.formEncode(responseParams.entrySet());
return Response.ok(responseBody).build();
} catch (OAuthProblemException e) {
LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] { e.fillInStackTrace() });
int code = e.getHttpStatusCode();
if (code == HttpServletResponse.SC_OK) {
code = e.getProblem() == OAuth.Problems.CONSUMER_KEY_UNKNOWN ? 401 : 400;
}
return OAuthUtils.handleException(mc, e, code);
} catch (OAuthServiceException e) {
return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_BAD_REQUEST);
} catch (Exception e) {
LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}", new Object[] { e.fillInStackTrace() });
return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
Also used :
OAuthProblemException(net.oauth.OAuthProblemException)
OAuthMessage(net.oauth.OAuthMessage)
HashMap(java.util.HashMap)
OAuthServiceException(org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)
RequestToken(org.apache.cxf.rs.security.oauth.data.RequestToken)
Client(org.apache.cxf.rs.security.oauth.data.Client)
OAuthProblemException(net.oauth.OAuthProblemException)
OAuthServiceException(org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)
RequestTokenRegistration(org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration)
Example 22 with OAuthProblemException
use of net.oauth.OAuthProblemException in project cxf by apache.
the class RequestTokenHandler method validateCallbackURL.
protected void validateCallbackURL(Client client, String oauthCallback) throws OAuthProblemException {
// the registered application URI (but only if no callback was registered)
if (!StringUtils.isEmpty(oauthCallback)) {
boolean registeredCallbackIsEmpty = StringUtils.isEmpty(client.getCallbackURI());
if (!registeredCallbackIsEmpty && oauthCallback.equals(client.getCallbackURI())) {
return;
}
if (registeredCallbackIsEmpty && !StringUtils.isEmpty(client.getApplicationURI()) && oauthCallback.startsWith(client.getApplicationURI())) {
return;
}
}
OAuthProblemException problemEx = new OAuthProblemException(OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK);
problemEx.setParameter(OAuthProblemException.HTTP_STATUS_CODE, HttpServletResponse.SC_BAD_REQUEST);
throw problemEx;
}
Also used :
OAuthProblemException(net.oauth.OAuthProblemException)
Example 23 with OAuthProblemException
use of net.oauth.OAuthProblemException in project cxf by apache.
the class OAuthUtils method handleException.
public static Response handleException(MessageContext mc, Exception e, int status) {
ResponseBuilder builder = Response.status(status);
if (PropertyUtils.isTrue(mc.getContextualProperty(REPORT_FAILURE_DETAILS))) {
boolean asHeader = PropertyUtils.isTrue(mc.getContextualProperty(REPORT_FAILURE_DETAILS_AS_HEADER));
String text = null;
if (e instanceof OAuthProblemException) {
OAuthProblemException problem = (OAuthProblemException) e;
if (asHeader && problem.getProblem() != null) {
text = problem.getProblem();
}
}
if (text == null) {
text = e.getMessage();
}
if (asHeader) {
builder.header("oauth_problem", text);
} else {
builder.entity(e.getMessage());
}
}
return builder.build();
}
Also used :
OAuthProblemException(net.oauth.OAuthProblemException)
ResponseBuilder(javax.ws.rs.core.Response.ResponseBuilder)
Aggregations
OAuthProblemException (net.oauth.OAuthProblemException)23
OAuthMessage (net.oauth.OAuthMessage)8
IOException (java.io.IOException)6
HashMap (java.util.HashMap)4
ServletException (javax.servlet.ServletException)3
OAuthAccessor (net.oauth.OAuthAccessor)3
RequestToken (org.apache.cxf.rs.security.oauth.data.RequestToken)3
OAuthServiceException (org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)3
ServiceException (com.zimbra.common.service.ServiceException)2
Account (com.zimbra.cs.account.Account)2
ArrayList (java.util.ArrayList)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
AccessToken (org.apache.cxf.rs.security.oauth.data.AccessToken)2
Client (org.apache.cxf.rs.security.oauth.data.Client)2
OAuthPermission (org.apache.cxf.rs.security.oauth.data.OAuthPermission)2
AuthToken (com.zimbra.cs.account.AuthToken)1
AuthTokenException (com.zimbra.cs.account.AuthTokenException)1
ZimbraAuthToken (com.zimbra.cs.account.ZimbraAuthToken)1
OAuthAccessorSerializer (com.zimbra.cs.account.oauth.OAuthAccessorSerializer)1
InputStream (java.io.InputStream)1
