Example 1 with RestEasyOAuthMessage
use of org.candlepin.common.resteasy.auth.RestEasyOAuthMessage in project candlepin by candlepin.
the class OAuth method getPrincipal.
/**
* Attempt to pull a principal off of an oauth signed message.
*
* @return the principal if it can be created, null otherwise
*/
public Principal getPrincipal(HttpRequest httpRequest) {
Principal principal = null;
I18n i18n = i18nProvider.get();
try {
if (AuthUtil.getHeader(httpRequest, "Authorization").contains("oauth")) {
OAuthMessage requestMessage = new RestEasyOAuthMessage(httpRequest);
OAuthAccessor accessor = this.getAccessor(requestMessage);
// TODO: This is known to be memory intensive.
VALIDATOR.validateMessage(requestMessage, accessor);
// If we got here, it is a valid oauth message.
// Figure out which kind of principal we should create, based on header
log.debug("Using OAuth");
if (!AuthUtil.getHeader(httpRequest, TrustedUserAuth.USER_HEADER).equals("")) {
principal = userAuth.getPrincipal(httpRequest);
} else if (!AuthUtil.getHeader(httpRequest, TrustedConsumerAuth.CONSUMER_HEADER).equals("")) {
principal = consumerAuth.getPrincipal(httpRequest);
} else {
// The external system is acting on behalf of itself
principal = systemAuth.getPrincipal(httpRequest);
}
}
} catch (OAuthProblemException e) {
log.debug("OAuth Problem", e);
// status code of 200. make it 401 unauthorized instead.
if (e.getProblem().equals("signature_invalid")) {
throw new NotAuthorizedException(i18n.tr("Invalid OAuth unit or secret"));
}
Response.Status returnCode = Response.Status.fromStatusCode(e.getHttpStatusCode());
String message = i18n.tr("OAuth problem encountered. Internal message is: {0}", e.getMessage());
throw new CandlepinException(returnCode, message);
} catch (OAuthException e) {
log.debug("OAuth Error", e);
String message = i18n.tr("OAuth error encountered. Internal message is: {0}", e.getMessage());
throw new BadRequestException(message);
} catch (URISyntaxException e) {
throw new IseException(e.getMessage(), e);
} catch (IOException e) {
throw new IseException(e.getMessage(), e);
}
return principal;
}
Also used :
CandlepinException(org.candlepin.common.exceptions.CandlepinException)
RestEasyOAuthMessage(org.candlepin.common.resteasy.auth.RestEasyOAuthMessage)
OAuthMessage(net.oauth.OAuthMessage)
OAuthException(net.oauth.OAuthException)
NotAuthorizedException(org.candlepin.common.exceptions.NotAuthorizedException)
URISyntaxException(java.net.URISyntaxException)
IOException(java.io.IOException)
RestEasyOAuthMessage(org.candlepin.common.resteasy.auth.RestEasyOAuthMessage)
OAuthAccessor(net.oauth.OAuthAccessor)
OAuthProblemException(net.oauth.OAuthProblemException)
IseException(org.candlepin.common.exceptions.IseException)
BadRequestException(org.candlepin.common.exceptions.BadRequestException)
I18n(org.xnap.commons.i18n.I18n)
Aggregations
IOException (java.io.IOException)1
URISyntaxException (java.net.URISyntaxException)1
OAuthAccessor (net.oauth.OAuthAccessor)1
OAuthException (net.oauth.OAuthException)1
OAuthMessage (net.oauth.OAuthMessage)1
OAuthProblemException (net.oauth.OAuthProblemException)1
BadRequestException (org.candlepin.common.exceptions.BadRequestException)1
CandlepinException (org.candlepin.common.exceptions.CandlepinException)1
IseException (org.candlepin.common.exceptions.IseException)1
NotAuthorizedException (org.candlepin.common.exceptions.NotAuthorizedException)1
RestEasyOAuthMessage (org.candlepin.common.resteasy.auth.RestEasyOAuthMessage)1
I18n (org.xnap.commons.i18n.I18n)1
