Search in sources :

Example 1 with OAuth1Secrets

use of org.glassfish.jersey.oauth1.signature.OAuth1Secrets in project jersey by jersey.

the class OAuth1ClientFilter method filter.

@Override
public void filter(ClientRequestContext request) throws IOException {
    final ConsumerCredentials consumerFromProperties = (ConsumerCredentials) request.getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_CONSUMER_CREDENTIALS);
    request.removeProperty(OAuth1ClientSupport.OAUTH_PROPERTY_CONSUMER_CREDENTIALS);
    final AccessToken tokenFromProperties = (AccessToken) request.getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_ACCESS_TOKEN);
    request.removeProperty(OAuth1ClientSupport.OAUTH_PROPERTY_ACCESS_TOKEN);
    OAuth1Parameters parameters = (OAuth1Parameters) request.getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_PARAMETERS);
    if (parameters == null) {
        parameters = (OAuth1Parameters) request.getConfiguration().getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_PARAMETERS);
    } else {
        request.removeProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_PARAMETERS);
    }
    OAuth1Secrets secrets = (OAuth1Secrets) request.getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_SECRETS);
    if (secrets == null) {
        secrets = (OAuth1Secrets) request.getConfiguration().getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_SECRETS);
    } else {
        request.removeProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_SECRETS);
    }
    if (request.getHeaders().containsKey("Authorization")) {
        return;
    }
    // Make modifications to clones.
    final OAuth1Parameters paramCopy = parameters.clone();
    final OAuth1Secrets secretsCopy = secrets.clone();
    checkParametersConsistency(paramCopy, secretsCopy);
    if (consumerFromProperties != null) {
        paramCopy.consumerKey(consumerFromProperties.getConsumerKey());
        secretsCopy.consumerSecret(consumerFromProperties.getConsumerSecret());
    }
    if (tokenFromProperties != null) {
        paramCopy.token(tokenFromProperties.getToken());
        secretsCopy.tokenSecret(tokenFromProperties.getAccessTokenSecret());
    }
    if (paramCopy.getTimestamp() == null) {
        paramCopy.setTimestamp();
    }
    if (paramCopy.getNonce() == null) {
        paramCopy.setNonce();
    }
    try {
        oAuthSignature.get().sign(new RequestWrapper(request, messageBodyWorkers.get()), paramCopy, secretsCopy);
    } catch (OAuth1SignatureException se) {
        throw new ProcessingException(LocalizationMessages.ERROR_REQUEST_SIGNATURE(), se);
    }
}
Also used : OAuth1Parameters(org.glassfish.jersey.oauth1.signature.OAuth1Parameters) OAuth1SignatureException(org.glassfish.jersey.oauth1.signature.OAuth1SignatureException) OAuth1Secrets(org.glassfish.jersey.oauth1.signature.OAuth1Secrets) ProcessingException(javax.ws.rs.ProcessingException)

Example 2 with OAuth1Secrets

use of org.glassfish.jersey.oauth1.signature.OAuth1Secrets in project jersey by jersey.

the class OAuth1ServerFilter method getSecurityContext.

private OAuth1SecurityContext getSecurityContext(ContainerRequestContext request) throws OAuth1Exception {
    OAuthServerRequest osr = new OAuthServerRequest(request);
    OAuth1Parameters params = new OAuth1Parameters().readRequest(osr);
    // apparently not signed with any OAuth parameters; unauthorized
    if (params.size() == 0) {
        throw newUnauthorizedException();
    }
    // get required OAuth parameters
    String consumerKey = requiredOAuthParam(params.getConsumerKey());
    String token = params.getToken();
    String timestamp = requiredOAuthParam(params.getTimestamp());
    String nonce = requiredOAuthParam(params.getNonce());
    // enforce other supported and required OAuth parameters
    requiredOAuthParam(params.getSignature());
    supportedOAuthParam(params.getVersion(), versions);
    // retrieve secret for consumer key
    OAuth1Consumer consumer = provider.getConsumer(consumerKey);
    if (consumer == null) {
        throw newUnauthorizedException();
    }
    OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret(consumer.getSecret());
    OAuth1SecurityContext sc;
    String nonceKey;
    if (token == null) {
        if (consumer.getPrincipal() == null) {
            throw newUnauthorizedException();
        }
        nonceKey = "c:" + consumerKey;
        sc = new OAuth1SecurityContext(consumer, request.getSecurityContext().isSecure());
    } else {
        OAuth1Token accessToken = provider.getAccessToken(token);
        if (accessToken == null) {
            throw newUnauthorizedException();
        }
        OAuth1Consumer atConsumer = accessToken.getConsumer();
        if (atConsumer == null || !consumerKey.equals(atConsumer.getKey())) {
            throw newUnauthorizedException();
        }
        nonceKey = "t:" + token;
        secrets.tokenSecret(accessToken.getSecret());
        sc = new OAuth1SecurityContext(accessToken, request.getSecurityContext().isSecure());
    }
    if (!verifySignature(osr, params, secrets)) {
        throw newUnauthorizedException();
    }
    if (!nonces.verify(nonceKey, timestamp, nonce)) {
        throw newUnauthorizedException();
    }
    return sc;
}
Also used : OAuthServerRequest(org.glassfish.jersey.server.oauth1.internal.OAuthServerRequest) OAuth1Parameters(org.glassfish.jersey.oauth1.signature.OAuth1Parameters) OAuth1Secrets(org.glassfish.jersey.oauth1.signature.OAuth1Secrets)

Example 3 with OAuth1Secrets

use of org.glassfish.jersey.oauth1.signature.OAuth1Secrets in project jersey by jersey.

the class AccessTokenResource method postAccessTokenRequest.

/**
     * POST method for creating a request for Request Token.
     * @return an HTTP response with content of the updated or created resource.
     */
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.APPLICATION_FORM_URLENCODED)
@TokenResource
public Response postAccessTokenRequest(@Context ContainerRequestContext requestContext, @Context Request req) {
    boolean sigIsOk = false;
    OAuthServerRequest request = new OAuthServerRequest(requestContext);
    OAuth1Parameters params = new OAuth1Parameters();
    params.readRequest(request);
    if (params.getToken() == null) {
        throw new WebApplicationException(new Throwable("oauth_token MUST be present."), 400);
    }
    String consKey = params.getConsumerKey();
    if (consKey == null) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Token rt = provider.getRequestToken(params.getToken());
    if (rt == null) {
        // token invalid
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Consumer consumer = rt.getConsumer();
    if (consumer == null || !consKey.equals(consumer.getKey())) {
        // token invalid
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret(consumer.getSecret()).tokenSecret(rt.getSecret());
    try {
        sigIsOk = oAuth1Signature.verify(request, params, secrets);
    } catch (OAuth1SignatureException ex) {
        Logger.getLogger(AccessTokenResource.class.getName()).log(Level.SEVERE, null, ex);
    }
    if (!sigIsOk) {
        // signature invalid
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    // We're good to go.
    OAuth1Token at = provider.newAccessToken(rt, params.getVerifier());
    if (at == null) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    // Preparing the response.
    Form resp = new Form();
    resp.param(OAuth1Parameters.TOKEN, at.getToken());
    resp.param(OAuth1Parameters.TOKEN_SECRET, at.getSecret());
    resp.asMap().putAll(at.getAttributes());
    return Response.ok(resp).build();
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) Form(javax.ws.rs.core.Form) OAuth1Consumer(org.glassfish.jersey.server.oauth1.OAuth1Consumer) OAuth1SignatureException(org.glassfish.jersey.oauth1.signature.OAuth1SignatureException) OAuth1Secrets(org.glassfish.jersey.oauth1.signature.OAuth1Secrets) OAuth1Parameters(org.glassfish.jersey.oauth1.signature.OAuth1Parameters) OAuth1Exception(org.glassfish.jersey.server.oauth1.OAuth1Exception) OAuth1Token(org.glassfish.jersey.server.oauth1.OAuth1Token) TokenResource(org.glassfish.jersey.server.oauth1.TokenResource) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 4 with OAuth1Secrets

use of org.glassfish.jersey.oauth1.signature.OAuth1Secrets in project jersey by jersey.

the class RequestTokenResource method postReqTokenRequest.

/**
     * POST method for creating a request for a Request Token.
     *
     * @return an HTTP response with content of the updated or created resource.
     */
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("application/x-www-form-urlencoded")
@TokenResource
public Response postReqTokenRequest() {
    OAuthServerRequest request = new OAuthServerRequest(requestContext);
    OAuth1Parameters params = new OAuth1Parameters();
    params.readRequest(request);
    String tok = params.getToken();
    if ((tok != null) && (!tok.contentEquals(""))) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    String consKey = params.getConsumerKey();
    if (consKey == null) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Consumer consumer = provider.getConsumer(consKey);
    if (consumer == null) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret(consumer.getSecret()).tokenSecret("");
    boolean sigIsOk = false;
    try {
        sigIsOk = oAuth1Signature.verify(request, params, secrets);
    } catch (OAuth1SignatureException ex) {
        Logger.getLogger(RequestTokenResource.class.getName()).log(Level.SEVERE, null, ex);
    }
    if (!sigIsOk) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    MultivaluedMap<String, String> parameters = new MultivaluedHashMap<String, String>();
    for (String n : request.getParameterNames()) {
        parameters.put(n, request.getParameterValues(n));
    }
    OAuth1Token rt = provider.newRequestToken(consKey, params.getCallback(), parameters);
    Form resp = new Form();
    resp.param(OAuth1Parameters.TOKEN, rt.getToken());
    resp.param(OAuth1Parameters.TOKEN_SECRET, rt.getSecret());
    resp.param(OAuth1Parameters.CALLBACK_CONFIRMED, "true");
    return Response.ok(resp).build();
}
Also used : Form(javax.ws.rs.core.Form) OAuth1Consumer(org.glassfish.jersey.server.oauth1.OAuth1Consumer) OAuth1SignatureException(org.glassfish.jersey.oauth1.signature.OAuth1SignatureException) OAuth1Secrets(org.glassfish.jersey.oauth1.signature.OAuth1Secrets) MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap) OAuth1Parameters(org.glassfish.jersey.oauth1.signature.OAuth1Parameters) OAuth1Exception(org.glassfish.jersey.server.oauth1.OAuth1Exception) OAuth1Token(org.glassfish.jersey.server.oauth1.OAuth1Token) TokenResource(org.glassfish.jersey.server.oauth1.TokenResource) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 5 with OAuth1Secrets

use of org.glassfish.jersey.oauth1.signature.OAuth1Secrets in project jersey by jersey.

the class AccessTokenResource method post.

@POST
@Produces("text/plain")
public String post(@Context ContainerRequestContext request) {
    OAuthServerRequest osr = new OAuthServerRequest(request);
    OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret("kd94hf93k423kf44").tokenSecret("hdhd0244k9j7ao03");
    OAuth1Parameters params = new OAuth1Parameters().readRequest(osr);
    // ensure query parameters correctly parsed into OAuth parameters object
    assertEquals(params.getConsumerKey(), "dpf43f3p2l4k3l03");
    assertEquals(params.getToken(), "hh5s93j4hdidpola");
    assertEquals(params.getSignatureMethod(), "PLAINTEXT");
    assertEquals(params.getSignature(), secrets.getConsumerSecret() + "&" + secrets.getTokenSecret());
    assertEquals(params.getTimestamp(), "1191242092");
    assertEquals(params.getNonce(), "dji430splmx33448");
    assertEquals(params.getVersion(), "1.0");
    try {
        // verify the plaintext signature
        assertTrue(oAuth1Signature.verify(osr, params, secrets));
    } catch (OAuth1SignatureException ose) {
        fail(ose.getMessage());
    }
    return "oauth_token=nnch734d00sl2jdk&oauth_token_secret=pfkkdhi9sl3r4s00";
}
Also used : OAuthServerRequest(org.glassfish.jersey.server.oauth1.internal.OAuthServerRequest) OAuth1Parameters(org.glassfish.jersey.oauth1.signature.OAuth1Parameters) OAuth1SignatureException(org.glassfish.jersey.oauth1.signature.OAuth1SignatureException) OAuth1Secrets(org.glassfish.jersey.oauth1.signature.OAuth1Secrets) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces)

Aggregations

OAuth1Parameters (org.glassfish.jersey.oauth1.signature.OAuth1Parameters)7 OAuth1Secrets (org.glassfish.jersey.oauth1.signature.OAuth1Secrets)7 OAuth1SignatureException (org.glassfish.jersey.oauth1.signature.OAuth1SignatureException)6 Produces (javax.ws.rs.Produces)5 POST (javax.ws.rs.POST)4 OAuthServerRequest (org.glassfish.jersey.server.oauth1.internal.OAuthServerRequest)4 Consumes (javax.ws.rs.Consumes)2 Form (javax.ws.rs.core.Form)2 OAuth1Consumer (org.glassfish.jersey.server.oauth1.OAuth1Consumer)2 OAuth1Exception (org.glassfish.jersey.server.oauth1.OAuth1Exception)2 OAuth1Token (org.glassfish.jersey.server.oauth1.OAuth1Token)2 TokenResource (org.glassfish.jersey.server.oauth1.TokenResource)2 GET (javax.ws.rs.GET)1 ProcessingException (javax.ws.rs.ProcessingException)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)1