Search in sources :

Example 1 with OAuth1Token

use of org.glassfish.jersey.server.oauth1.OAuth1Token in project jersey by jersey.

the class OAuth1ServerFilter method getSecurityContext.

private OAuth1SecurityContext getSecurityContext(ContainerRequestContext request) throws OAuth1Exception {
    OAuthServerRequest osr = new OAuthServerRequest(request);
    OAuth1Parameters params = new OAuth1Parameters().readRequest(osr);
    // apparently not signed with any OAuth parameters; unauthorized
    if (params.size() == 0) {
        throw newUnauthorizedException();
    }
    // get required OAuth parameters
    String consumerKey = requiredOAuthParam(params.getConsumerKey());
    String token = params.getToken();
    String timestamp = requiredOAuthParam(params.getTimestamp());
    String nonce = requiredOAuthParam(params.getNonce());
    // enforce other supported and required OAuth parameters
    requiredOAuthParam(params.getSignature());
    supportedOAuthParam(params.getVersion(), versions);
    // retrieve secret for consumer key
    OAuth1Consumer consumer = provider.getConsumer(consumerKey);
    if (consumer == null) {
        throw newUnauthorizedException();
    }
    OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret(consumer.getSecret());
    OAuth1SecurityContext sc;
    String nonceKey;
    if (token == null) {
        if (consumer.getPrincipal() == null) {
            throw newUnauthorizedException();
        }
        nonceKey = "c:" + consumerKey;
        sc = new OAuth1SecurityContext(consumer, request.getSecurityContext().isSecure());
    } else {
        OAuth1Token accessToken = provider.getAccessToken(token);
        if (accessToken == null) {
            throw newUnauthorizedException();
        }
        OAuth1Consumer atConsumer = accessToken.getConsumer();
        if (atConsumer == null || !consumerKey.equals(atConsumer.getKey())) {
            throw newUnauthorizedException();
        }
        nonceKey = "t:" + token;
        secrets.tokenSecret(accessToken.getSecret());
        sc = new OAuth1SecurityContext(accessToken, request.getSecurityContext().isSecure());
    }
    if (!verifySignature(osr, params, secrets)) {
        throw newUnauthorizedException();
    }
    if (!nonces.verify(nonceKey, timestamp, nonce)) {
        throw newUnauthorizedException();
    }
    return sc;
}
Also used : OAuthServerRequest(org.glassfish.jersey.server.oauth1.internal.OAuthServerRequest) OAuth1Parameters(org.glassfish.jersey.oauth1.signature.OAuth1Parameters) OAuth1Secrets(org.glassfish.jersey.oauth1.signature.OAuth1Secrets)

Example 2 with OAuth1Token

use of org.glassfish.jersey.server.oauth1.OAuth1Token in project jersey by jersey.

the class AccessTokenResource method postAccessTokenRequest.

/**
     * POST method for creating a request for Request Token.
     * @return an HTTP response with content of the updated or created resource.
     */
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.APPLICATION_FORM_URLENCODED)
@TokenResource
public Response postAccessTokenRequest(@Context ContainerRequestContext requestContext, @Context Request req) {
    boolean sigIsOk = false;
    OAuthServerRequest request = new OAuthServerRequest(requestContext);
    OAuth1Parameters params = new OAuth1Parameters();
    params.readRequest(request);
    if (params.getToken() == null) {
        throw new WebApplicationException(new Throwable("oauth_token MUST be present."), 400);
    }
    String consKey = params.getConsumerKey();
    if (consKey == null) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Token rt = provider.getRequestToken(params.getToken());
    if (rt == null) {
        // token invalid
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Consumer consumer = rt.getConsumer();
    if (consumer == null || !consKey.equals(consumer.getKey())) {
        // token invalid
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret(consumer.getSecret()).tokenSecret(rt.getSecret());
    try {
        sigIsOk = oAuth1Signature.verify(request, params, secrets);
    } catch (OAuth1SignatureException ex) {
        Logger.getLogger(AccessTokenResource.class.getName()).log(Level.SEVERE, null, ex);
    }
    if (!sigIsOk) {
        // signature invalid
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    // We're good to go.
    OAuth1Token at = provider.newAccessToken(rt, params.getVerifier());
    if (at == null) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    // Preparing the response.
    Form resp = new Form();
    resp.param(OAuth1Parameters.TOKEN, at.getToken());
    resp.param(OAuth1Parameters.TOKEN_SECRET, at.getSecret());
    resp.asMap().putAll(at.getAttributes());
    return Response.ok(resp).build();
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) Form(javax.ws.rs.core.Form) OAuth1Consumer(org.glassfish.jersey.server.oauth1.OAuth1Consumer) OAuth1SignatureException(org.glassfish.jersey.oauth1.signature.OAuth1SignatureException) OAuth1Secrets(org.glassfish.jersey.oauth1.signature.OAuth1Secrets) OAuth1Parameters(org.glassfish.jersey.oauth1.signature.OAuth1Parameters) OAuth1Exception(org.glassfish.jersey.server.oauth1.OAuth1Exception) OAuth1Token(org.glassfish.jersey.server.oauth1.OAuth1Token) TokenResource(org.glassfish.jersey.server.oauth1.TokenResource) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 3 with OAuth1Token

use of org.glassfish.jersey.server.oauth1.OAuth1Token in project jersey by jersey.

the class RequestTokenResource method postReqTokenRequest.

/**
     * POST method for creating a request for a Request Token.
     *
     * @return an HTTP response with content of the updated or created resource.
     */
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("application/x-www-form-urlencoded")
@TokenResource
public Response postReqTokenRequest() {
    OAuthServerRequest request = new OAuthServerRequest(requestContext);
    OAuth1Parameters params = new OAuth1Parameters();
    params.readRequest(request);
    String tok = params.getToken();
    if ((tok != null) && (!tok.contentEquals(""))) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    String consKey = params.getConsumerKey();
    if (consKey == null) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Consumer consumer = provider.getConsumer(consKey);
    if (consumer == null) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret(consumer.getSecret()).tokenSecret("");
    boolean sigIsOk = false;
    try {
        sigIsOk = oAuth1Signature.verify(request, params, secrets);
    } catch (OAuth1SignatureException ex) {
        Logger.getLogger(RequestTokenResource.class.getName()).log(Level.SEVERE, null, ex);
    }
    if (!sigIsOk) {
        throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }
    MultivaluedMap<String, String> parameters = new MultivaluedHashMap<String, String>();
    for (String n : request.getParameterNames()) {
        parameters.put(n, request.getParameterValues(n));
    }
    OAuth1Token rt = provider.newRequestToken(consKey, params.getCallback(), parameters);
    Form resp = new Form();
    resp.param(OAuth1Parameters.TOKEN, rt.getToken());
    resp.param(OAuth1Parameters.TOKEN_SECRET, rt.getSecret());
    resp.param(OAuth1Parameters.CALLBACK_CONFIRMED, "true");
    return Response.ok(resp).build();
}
Also used : Form(javax.ws.rs.core.Form) OAuth1Consumer(org.glassfish.jersey.server.oauth1.OAuth1Consumer) OAuth1SignatureException(org.glassfish.jersey.oauth1.signature.OAuth1SignatureException) OAuth1Secrets(org.glassfish.jersey.oauth1.signature.OAuth1Secrets) MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap) OAuth1Parameters(org.glassfish.jersey.oauth1.signature.OAuth1Parameters) OAuth1Exception(org.glassfish.jersey.server.oauth1.OAuth1Exception) OAuth1Token(org.glassfish.jersey.server.oauth1.OAuth1Token) TokenResource(org.glassfish.jersey.server.oauth1.TokenResource) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Aggregations

OAuth1Parameters (org.glassfish.jersey.oauth1.signature.OAuth1Parameters)3 OAuth1Secrets (org.glassfish.jersey.oauth1.signature.OAuth1Secrets)3 Consumes (javax.ws.rs.Consumes)2 POST (javax.ws.rs.POST)2 Produces (javax.ws.rs.Produces)2 Form (javax.ws.rs.core.Form)2 OAuth1SignatureException (org.glassfish.jersey.oauth1.signature.OAuth1SignatureException)2 OAuth1Consumer (org.glassfish.jersey.server.oauth1.OAuth1Consumer)2 OAuth1Exception (org.glassfish.jersey.server.oauth1.OAuth1Exception)2 OAuth1Token (org.glassfish.jersey.server.oauth1.OAuth1Token)2 TokenResource (org.glassfish.jersey.server.oauth1.TokenResource)2 WebApplicationException (javax.ws.rs.WebApplicationException)1 MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)1 OAuthServerRequest (org.glassfish.jersey.server.oauth1.internal.OAuthServerRequest)1