Examples with AccessTokenRegistration - org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration

Example 1 with AccessTokenRegistration

use of org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration in project cxf by apache.

the class AccessTokenHandler method handle.

public Response handle(MessageContext mc, OAuthDataProvider dataProvider, OAuthValidator validator) {
    try {
        OAuthMessage oAuthMessage = OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);
        RequestToken requestToken = dataProvider.getRequestToken(oAuthMessage.getToken());
        if (requestToken == null) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
        String oauthVerifier = oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER);
        if (StringUtils.isEmpty(oauthVerifier)) {
            if (requestToken.getSubject() != null && requestToken.isPreAuthorized()) {
                LOG.fine("Preauthorized request token");
            } else {
                throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
            }
        } else if (!oauthVerifier.equals(requestToken.getVerifier())) {
            throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
        }
        OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken, dataProvider, validator);
        AccessTokenRegistration reg = new AccessTokenRegistration();
        reg.setRequestToken(requestToken);
        AccessToken accessToken = dataProvider.createAccessToken(reg);
        // create response
        Map<String, Object> responseParams = new HashMap<>();
        responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenKey());
        responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
        String responseString = OAuth.formEncode(responseParams.entrySet());
        return Response.ok(responseString).build();
    } catch (OAuthProblemException e) {
        LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] { e.fillInStackTrace() });
        int code = e.getHttpStatusCode();
        if (code == HttpServletResponse.SC_OK) {
            code = e.getProblem() == OAuth.Problems.CONSUMER_KEY_UNKNOWN ? 401 : 400;
        }
        return OAuthUtils.handleException(mc, e, code);
    } catch (OAuthServiceException e) {
        return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_BAD_REQUEST);
    } catch (Exception e) {
        LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}", new Object[] { e.fillInStackTrace() });
        return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    }
}

Also used : OAuthProblemException(net.oauth.OAuthProblemException) OAuthMessage(net.oauth.OAuthMessage) HashMap(java.util.HashMap) OAuthServiceException(org.apache.cxf.rs.security.oauth.provider.OAuthServiceException) RequestToken(org.apache.cxf.rs.security.oauth.data.RequestToken) AccessToken(org.apache.cxf.rs.security.oauth.data.AccessToken) AccessTokenRegistration(org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration) OAuthProblemException(net.oauth.OAuthProblemException) OAuthServiceException(org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)

Aggregations

HashMap (java.util.HashMap)1 OAuthMessage (net.oauth.OAuthMessage)1 OAuthProblemException (net.oauth.OAuthProblemException)1 AccessToken (org.apache.cxf.rs.security.oauth.data.AccessToken)1 AccessTokenRegistration (org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration)1 RequestToken (org.apache.cxf.rs.security.oauth.data.RequestToken)1 OAuthServiceException (org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)1