Examples with OAuth1Parameters org.glassfish.jersey.oauth1.signature.OAuth1Parameters used on opensource projects

Example 1 with OAuth1Parameters

use of org.glassfish.jersey.oauth1.signature.OAuth1Parameters in project jersey by jersey.

the class OAuth1ClientFilter method filter.

@Override
public void filter(ClientRequestContext request) throws IOException {
    final ConsumerCredentials consumerFromProperties = (ConsumerCredentials) request.getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_CONSUMER_CREDENTIALS);
    request.removeProperty(OAuth1ClientSupport.OAUTH_PROPERTY_CONSUMER_CREDENTIALS);
    final AccessToken tokenFromProperties = (AccessToken) request.getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_ACCESS_TOKEN);
    request.removeProperty(OAuth1ClientSupport.OAUTH_PROPERTY_ACCESS_TOKEN);
    OAuth1Parameters parameters = (OAuth1Parameters) request.getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_PARAMETERS);
    if (parameters == null) {
        parameters = (OAuth1Parameters) request.getConfiguration().getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_PARAMETERS);
    } else {
        request.removeProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_PARAMETERS);
    }
    OAuth1Secrets secrets = (OAuth1Secrets) request.getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_SECRETS);
    if (secrets == null) {
        secrets = (OAuth1Secrets) request.getConfiguration().getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_SECRETS);
    } else {
        request.removeProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_SECRETS);
    }
    if (request.getHeaders().containsKey("Authorization")) {
        return;
    }
    // Make modifications to clones.
    final OAuth1Parameters paramCopy = parameters.clone();
    final OAuth1Secrets secretsCopy = secrets.clone();
    checkParametersConsistency(paramCopy, secretsCopy);
    if (consumerFromProperties != null) {
        paramCopy.consumerKey(consumerFromProperties.getConsumerKey());
        secretsCopy.consumerSecret(consumerFromProperties.getConsumerSecret());
    }
    if (tokenFromProperties != null) {
        paramCopy.token(tokenFromProperties.getToken());
        secretsCopy.tokenSecret(tokenFromProperties.getAccessTokenSecret());
    }
    if (paramCopy.getTimestamp() == null) {
        paramCopy.setTimestamp();
    }
    if (paramCopy.getNonce() == null) {
        paramCopy.setNonce();
    }
    try {
        oAuthSignature.get().sign(new RequestWrapper(request, messageBodyWorkers.get()), paramCopy, secretsCopy);
    } catch (OAuth1SignatureException se) {
        throw new ProcessingException(LocalizationMessages.ERROR_REQUEST_SIGNATURE(), se);
    }
}

Example 2 with OAuth1Parameters

use of org.glassfish.jersey.oauth1.signature.OAuth1Parameters in project jersey by jersey.

the class OAuth1ServerFilter method getSecurityContext.

private OAuth1SecurityContext getSecurityContext(ContainerRequestContext request) throws OAuth1Exception {
    OAuthServerRequest osr = new OAuthServerRequest(request);
    OAuth1Parameters params = new OAuth1Parameters().readRequest(osr);
    // apparently not signed with any OAuth parameters; unauthorized
    if (params.size() == 0) {
        throw newUnauthorizedException();
    }
    // get required OAuth parameters
    String consumerKey = requiredOAuthParam(params.getConsumerKey());
    String token = params.getToken();
    String timestamp = requiredOAuthParam(params.getTimestamp());
    String nonce = requiredOAuthParam(params.getNonce());
    // enforce other supported and required OAuth parameters
    requiredOAuthParam(params.getSignature());
    supportedOAuthParam(params.getVersion(), versions);
    // retrieve secret for consumer key
    OAuth1Consumer consumer = provider.getConsumer(consumerKey);
    if (consumer == null) {
        throw newUnauthorizedException();
    }
    OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret(consumer.getSecret());
    OAuth1SecurityContext sc;
    String nonceKey;
    if (token == null) {
        if (consumer.getPrincipal() == null) {
            throw newUnauthorizedException();
        }
        nonceKey = "c:" + consumerKey;
        sc = new OAuth1SecurityContext(consumer, request.getSecurityContext().isSecure());
    } else {
        OAuth1Token accessToken = provider.getAccessToken(token);
        if (accessToken == null) {
            throw newUnauthorizedException();
        }
        OAuth1Consumer atConsumer = accessToken.getConsumer();
        if (atConsumer == null || !consumerKey.equals(atConsumer.getKey())) {
            throw newUnauthorizedException();
        }
        nonceKey = "t:" + token;
        secrets.tokenSecret(accessToken.getSecret());
        sc = new OAuth1SecurityContext(accessToken, request.getSecurityContext().isSecure());
    }
    if (!verifySignature(osr, params, secrets)) {
        throw newUnauthorizedException();
    }
    if (!nonces.verify(nonceKey, timestamp, nonce)) {
        throw newUnauthorizedException();
    }
    return sc;
}

Example 3 with OAuth1Parameters

use of org.glassfish.jersey.oauth1.signature.OAuth1Parameters in project jersey by jersey.

the class AccessTokenResource method postAccessTokenRequest.

/**
     * POST method for creating a request for Request Token.
     * @return an HTTP response with content of the updated or created resource.
     */
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.APPLICATION_FORM_URLENCODED)
@TokenResource
public Response postAccessTokenRequest(@Context ContainerRequestContext requestContext, @Context Request req) {
    boolean sigIsOk = false;
    OAuthServerRequest request = new OAuthServerRequest(requestContext);
    OAuth1Parameters params = new OAuth1Parameters();
    params.readRequest(request);
    if (params.getToken() == null) {
        throw new WebApplicationException(new Throwable("oauth_token MUST be present."), 400);
    }
    String consKey = params.getConsumerKey();
    if (consKey == null) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Token rt = provider.getRequestToken(params.getToken());
    if (rt == null) {
        // token invalid
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Consumer consumer = rt.getConsumer();
    if (consumer == null || !consKey.equals(consumer.getKey())) {
        // token invalid
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret(consumer.getSecret()).tokenSecret(rt.getSecret());
    try {
        sigIsOk = oAuth1Signature.verify(request, params, secrets);
    } catch (OAuth1SignatureException ex) {
        Logger.getLogger(AccessTokenResource.class.getName()).log(Level.SEVERE, null, ex);
    }
    if (!sigIsOk) {
        // signature invalid
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    // We're good to go.
    OAuth1Token at = provider.newAccessToken(rt, params.getVerifier());
    if (at == null) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    // Preparing the response.
    Form resp = new Form();
    resp.param(OAuth1Parameters.TOKEN, at.getToken());
    resp.param(OAuth1Parameters.TOKEN_SECRET, at.getSecret());
    resp.asMap().putAll(at.getAttributes());
    return Response.ok(resp).build();
}

Example 4 with OAuth1Parameters

use of org.glassfish.jersey.oauth1.signature.OAuth1Parameters in project jersey by jersey.

the class RequestTokenResource method postReqTokenRequest.

/**
     * POST method for creating a request for a Request Token.
     *
     * @return an HTTP response with content of the updated or created resource.
     */
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("application/x-www-form-urlencoded")
@TokenResource
public Response postReqTokenRequest() {
    OAuthServerRequest request = new OAuthServerRequest(requestContext);
    OAuth1Parameters params = new OAuth1Parameters();
    params.readRequest(request);
    String tok = params.getToken();
    if ((tok != null) && (!tok.contentEquals(""))) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    String consKey = params.getConsumerKey();
    if (consKey == null) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Consumer consumer = provider.getConsumer(consKey);
    if (consumer == null) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret(consumer.getSecret()).tokenSecret("");
    boolean sigIsOk = false;
    try {
        sigIsOk = oAuth1Signature.verify(request, params, secrets);
    } catch (OAuth1SignatureException ex) {
        Logger.getLogger(RequestTokenResource.class.getName()).log(Level.SEVERE, null, ex);
    }
    if (!sigIsOk) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    MultivaluedMap<String, String> parameters = new MultivaluedHashMap<String, String>();
    for (String n : request.getParameterNames()) {
        parameters.put(n, request.getParameterValues(n));
    }
    OAuth1Token rt = provider.newRequestToken(consKey, params.getCallback(), parameters);
    Form resp = new Form();
    resp.param(OAuth1Parameters.TOKEN, rt.getToken());
    resp.param(OAuth1Parameters.TOKEN_SECRET, rt.getSecret());
    resp.param(OAuth1Parameters.CALLBACK_CONFIRMED, "true");
    return Response.ok(resp).build();
}

Example 5 with OAuth1Parameters

use of org.glassfish.jersey.oauth1.signature.OAuth1Parameters in project jersey by jersey.

the class OauthClientAuthorizationFlowTest method testOAuthClientFlow.

@Test
public void testOAuthClientFlow() throws Exception {
    final String uri = getBaseUri().toString();
    final OAuth1AuthorizationFlow authFlow = OAuth1ClientSupport.builder(new ConsumerCredentials("dpf43f3p2l4k3l03", "kd94hf93k423kf44")).timestamp("1191242090").nonce("hsu94j3884jdopsl").signatureMethod("PLAINTEXT").authorizationFlow(uri + "request_token", uri + "access_token", uri + "authorize").enableLogging().build();
    // Check we have correct authorization URI.
    final String authorizationUri = authFlow.start();
    assertThat(authorizationUri, containsString("authorize?oauth_token=hh5s93j4hdidpola"));
    // For the purpose of the test I need parameters (and there is no way how to do it now).
    final Field paramField = authFlow.getClass().getDeclaredField("parameters");
    paramField.setAccessible(true);
    final OAuth1Parameters params = (OAuth1Parameters) paramField.get(authFlow);
    // Update parameters.
    params.timestamp("1191242092").nonce("dji430splmx33448");
    final AccessToken accessToken = authFlow.finish();
    assertThat(accessToken, equalTo(new AccessToken("nnch734d00sl2jdk", "pfkkdhi9sl3r4s00")));
    // Update parameters before creating a feature (i.e. changing signature method).
    params.nonce("kllo9940pd9333jh").signatureMethod("HMAC-SHA1").timestamp("1191242096");
    // Check Authorized Client.
    final Client flowClient = authFlow.getAuthorizedClient().register(LoggingFeature.class);
    String responseEntity = flowClient.target(uri).path("/photos").queryParam("file", "vacation.jpg").queryParam("size", "original").request().get(String.class);
    assertThat("Flow Authorized Client", responseEntity, equalTo("PHOTO"));
    // Check Feature.
    final Client featureClient = ClientBuilder.newClient().register(authFlow.getOAuth1Feature()).register(LoggingFeature.class);
    responseEntity = featureClient.target(uri).path("/photos").queryParam("file", "vacation.jpg").queryParam("size", "original").request().get(String.class);
    assertThat("Feature Client", responseEntity, equalTo("PHOTO"));
}