Examples with RequestToken - org.apache.cxf.rs.security.oauth.data.RequestToken

Example 1 with RequestToken

use of org.apache.cxf.rs.security.oauth.data.RequestToken in project cxf by apache.

the class AccessTokenHandler method handle.

public Response handle(MessageContext mc, OAuthDataProvider dataProvider, OAuthValidator validator) {
    try {
        OAuthMessage oAuthMessage = OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);
        RequestToken requestToken = dataProvider.getRequestToken(oAuthMessage.getToken());
        if (requestToken == null) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
        String oauthVerifier = oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER);
        if (StringUtils.isEmpty(oauthVerifier)) {
            if (requestToken.getSubject() != null && requestToken.isPreAuthorized()) {
                LOG.fine("Preauthorized request token");
            } else {
                throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
            }
        } else if (!oauthVerifier.equals(requestToken.getVerifier())) {
            throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
        }
        OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken, dataProvider, validator);
        AccessTokenRegistration reg = new AccessTokenRegistration();
        reg.setRequestToken(requestToken);
        AccessToken accessToken = dataProvider.createAccessToken(reg);
        // create response
        Map<String, Object> responseParams = new HashMap<>();
        responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenKey());
        responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
        String responseString = OAuth.formEncode(responseParams.entrySet());
        return Response.ok(responseString).build();
    } catch (OAuthProblemException e) {
        LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] { e.fillInStackTrace() });
        int code = e.getHttpStatusCode();
        if (code == HttpServletResponse.SC_OK) {
            code = e.getProblem() == OAuth.Problems.CONSUMER_KEY_UNKNOWN ? 401 : 400;
        }
        return OAuthUtils.handleException(mc, e, code);
    } catch (OAuthServiceException e) {
        return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_BAD_REQUEST);
    } catch (Exception e) {
        LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}", new Object[] { e.fillInStackTrace() });
        return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    }
}

Also used : OAuthProblemException(net.oauth.OAuthProblemException) OAuthMessage(net.oauth.OAuthMessage) HashMap(java.util.HashMap) OAuthServiceException(org.apache.cxf.rs.security.oauth.provider.OAuthServiceException) RequestToken(org.apache.cxf.rs.security.oauth.data.RequestToken) AccessToken(org.apache.cxf.rs.security.oauth.data.AccessToken) AccessTokenRegistration(org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration) OAuthProblemException(net.oauth.OAuthProblemException) OAuthServiceException(org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)

Example 2 with RequestToken

use of org.apache.cxf.rs.security.oauth.data.RequestToken in project cxf by apache.

the class OAuthUtils method validateMessage.

public static void validateMessage(OAuthMessage oAuthMessage, Client client, Token token, OAuthDataProvider provider, OAuthValidator validator) throws Exception {
    OAuthConsumer consumer = new OAuthConsumer(null, client.getConsumerKey(), client.getSecretKey(), null);
    OAuthAccessor accessor = new OAuthAccessor(consumer);
    if (token != null) {
        if (token instanceof RequestToken) {
            accessor.requestToken = token.getTokenKey();
        } else {
            accessor.accessToken = token.getTokenKey();
        }
        accessor.tokenSecret = token.getTokenSecret();
    }
    try {
        validator.validateMessage(oAuthMessage, accessor);
    } catch (Exception ex) {
        if (token != null) {
            provider.removeToken(token);
        }
        throw ex;
    }
    if (token != null && validator instanceof DefaultOAuthValidator) {
        ((DefaultOAuthValidator) validator).validateToken(token, provider);
    }
}

Also used : OAuthAccessor(net.oauth.OAuthAccessor) RequestToken(org.apache.cxf.rs.security.oauth.data.RequestToken) DefaultOAuthValidator(org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator) OAuthConsumer(net.oauth.OAuthConsumer) OAuthProblemException(net.oauth.OAuthProblemException) IOException(java.io.IOException)

Example 3 with RequestToken

use of org.apache.cxf.rs.security.oauth.data.RequestToken in project cxf by apache.

the class MemoryOAuthDataProvider method finalizeAuthorization.

public String finalizeAuthorization(AuthorizationInput input) throws OAuthServiceException {
    RequestToken requestToken = input.getToken();
    requestToken.setVerifier(generateToken());
    return requestToken.getVerifier();
}

Also used : RequestToken(org.apache.cxf.rs.security.oauth.data.RequestToken)

Example 4 with RequestToken

use of org.apache.cxf.rs.security.oauth.data.RequestToken in project cxf by apache.

the class MemoryOAuthDataProvider method createRequestToken.

public RequestToken createRequestToken(RequestTokenRegistration reg) throws OAuthServiceException {
    String token = generateToken();
    String tokenSecret = generateToken();
    RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret, reg.getLifetime(), reg.getIssuedAt());
    reqToken.setScopes(getPermissionsInfo(reg.getScopes()));
    reqToken.setCallback(reg.getCallback());
    oauthTokens.put(token, reqToken);
    return reqToken;
}

Also used : RequestToken(org.apache.cxf.rs.security.oauth.data.RequestToken)

Example 5 with RequestToken

use of org.apache.cxf.rs.security.oauth.data.RequestToken in project cxf by apache.

the class MemoryOAuthDataProvider method createRequestToken.

public RequestToken createRequestToken(RequestTokenRegistration reg) throws OAuthServiceException {
    String token = generateToken();
    String tokenSecret = generateToken();
    RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret, reg.getLifetime(), reg.getIssuedAt());
    reqToken.setScopes(getPermissionsInfo(reg.getScopes()));
    oauthTokens.put(token, reqToken);
    return reqToken;
}

Also used : RequestToken(org.apache.cxf.rs.security.oauth.data.RequestToken)

Aggregations

RequestToken (org.apache.cxf.rs.security.oauth.data.RequestToken)10 OAuthProblemException (net.oauth.OAuthProblemException)4 HashMap (java.util.HashMap)3 OAuthMessage (net.oauth.OAuthMessage)3 AccessToken (org.apache.cxf.rs.security.oauth.data.AccessToken)3 Client (org.apache.cxf.rs.security.oauth.data.Client)3 OAuthServiceException (org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)3 IOException (java.io.IOException)2 DefaultOAuthValidator (org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator)2 URI (java.net.URI)1 Principal (java.security.Principal)1 HashSet (java.util.HashSet)1 LinkedList (java.util.LinkedList)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 OAuthAccessor (net.oauth.OAuthAccessor)1 OAuthConsumer (net.oauth.OAuthConsumer)1 AccessTokenRegistration (org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration)1 AuthorizationInput (org.apache.cxf.rs.security.oauth.data.AuthorizationInput)1 OAuthAuthorizationData (org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData)1 OAuthPermission (org.apache.cxf.rs.security.oauth.data.OAuthPermission)1