Example 1 with OAuthRequestFailedException
use of org.springframework.security.oauth.consumer.OAuthRequestFailedException in project spring-security-oauth by spring-projects.
the class OAuthConsumerContextFilter method doFilter.
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
OAuthSecurityContextImpl context = new OAuthSecurityContextImpl();
context.setDetails(request);
Map<String, OAuthConsumerToken> rememberedTokens = getRememberMeServices().loadRememberedTokens(request, response);
Map<String, OAuthConsumerToken> accessTokens = new TreeMap<String, OAuthConsumerToken>();
Map<String, OAuthConsumerToken> requestTokens = new TreeMap<String, OAuthConsumerToken>();
if (rememberedTokens != null) {
for (Map.Entry<String, OAuthConsumerToken> tokenEntry : rememberedTokens.entrySet()) {
OAuthConsumerToken token = tokenEntry.getValue();
if (token != null) {
if (token.isAccessToken()) {
accessTokens.put(tokenEntry.getKey(), token);
} else {
requestTokens.put(tokenEntry.getKey(), token);
}
}
}
}
context.setAccessTokens(accessTokens);
OAuthSecurityContextHolder.setContext(context);
if (LOG.isDebugEnabled()) {
LOG.debug("Storing access tokens in request attribute '" + getAccessTokensRequestAttribute() + "'.");
}
try {
try {
request.setAttribute(getAccessTokensRequestAttribute(), new ArrayList<OAuthConsumerToken>(accessTokens.values()));
chain.doFilter(request, response);
} catch (Exception e) {
try {
ProtectedResourceDetails resourceThatNeedsAuthorization = checkForResourceThatNeedsAuthorization(e);
String neededResourceId = resourceThatNeedsAuthorization.getId();
while (!accessTokens.containsKey(neededResourceId)) {
OAuthConsumerToken token = requestTokens.remove(neededResourceId);
if (token == null) {
token = getTokenServices().getToken(neededResourceId);
}
String verifier = request.getParameter(OAuthProviderParameter.oauth_verifier.toString());
// if there is NO access token and (we're not using 1.0a or the verifier is not null)
if (token == null || (!token.isAccessToken() && (!resourceThatNeedsAuthorization.isUse10a() || verifier == null))) {
// if there's a request token, but no verifier, we'll assume that a previous oauth request failed and we need to get a new request token.
if (LOG.isDebugEnabled()) {
LOG.debug("Obtaining request token for resource: " + neededResourceId);
}
// obtain authorization.
String callbackURL = response.encodeRedirectURL(getCallbackURL(request));
token = getConsumerSupport().getUnauthorizedRequestToken(neededResourceId, callbackURL);
if (LOG.isDebugEnabled()) {
LOG.debug("Request token obtained for resource " + neededResourceId + ": " + token);
}
// okay, we've got a request token, now we need to authorize it.
requestTokens.put(neededResourceId, token);
getTokenServices().storeToken(neededResourceId, token);
String redirect = getUserAuthorizationRedirectURL(resourceThatNeedsAuthorization, token, callbackURL);
if (LOG.isDebugEnabled()) {
LOG.debug("Redirecting request to " + redirect + " for user authorization of the request token for resource " + neededResourceId + ".");
}
request.setAttribute("org.springframework.security.oauth.consumer.AccessTokenRequiredException", e);
this.redirectStrategy.sendRedirect(request, response, redirect);
return;
} else if (!token.isAccessToken()) {
// we have a presumably authorized request token, let's try to get an access token with it.
if (LOG.isDebugEnabled()) {
LOG.debug("Obtaining access token for resource: " + neededResourceId);
}
// authorize the request token and store it.
try {
token = getConsumerSupport().getAccessToken(token, verifier);
} finally {
getTokenServices().removeToken(neededResourceId);
}
if (LOG.isDebugEnabled()) {
LOG.debug("Access token " + token + " obtained for resource " + neededResourceId + ". Now storing and using.");
}
getTokenServices().storeToken(neededResourceId, token);
}
accessTokens.put(neededResourceId, token);
try {
// try again
if (!response.isCommitted()) {
request.setAttribute(getAccessTokensRequestAttribute(), new ArrayList<OAuthConsumerToken>(accessTokens.values()));
chain.doFilter(request, response);
} else {
// dang. what do we do now?
throw new IllegalStateException("Unable to reprocess filter chain with needed OAuth2 resources because the response is already committed.");
}
} catch (Exception e1) {
resourceThatNeedsAuthorization = checkForResourceThatNeedsAuthorization(e1);
neededResourceId = resourceThatNeedsAuthorization.getId();
}
}
} catch (OAuthRequestFailedException eo) {
fail(request, response, eo);
} catch (Exception ex) {
Throwable[] causeChain = getThrowableAnalyzer().determineCauseChain(ex);
OAuthRequestFailedException rfe = (OAuthRequestFailedException) getThrowableAnalyzer().getFirstThrowableOfType(OAuthRequestFailedException.class, causeChain);
if (rfe != null) {
fail(request, response, rfe);
} else {
// Rethrow ServletExceptions and RuntimeExceptions as-is
if (ex instanceof ServletException) {
throw (ServletException) ex;
} else if (ex instanceof RuntimeException) {
throw (RuntimeException) ex;
}
// Wrap other Exceptions. These are not expected to happen
throw new RuntimeException(ex);
}
}
}
} finally {
OAuthSecurityContextHolder.setContext(null);
HashMap<String, OAuthConsumerToken> tokensToRemember = new HashMap<String, OAuthConsumerToken>();
tokensToRemember.putAll(requestTokens);
tokensToRemember.putAll(accessTokens);
getRememberMeServices().rememberTokens(tokensToRemember, request, response);
}
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
TreeMap(java.util.TreeMap)
OAuthRequestFailedException(org.springframework.security.oauth.consumer.OAuthRequestFailedException)
ServletException(javax.servlet.ServletException)
AccessTokenRequiredException(org.springframework.security.oauth.consumer.AccessTokenRequiredException)
OAuthRequestFailedException(org.springframework.security.oauth.consumer.OAuthRequestFailedException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
OAuthConsumerToken(org.springframework.security.oauth.consumer.OAuthConsumerToken)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
OAuthSecurityContextImpl(org.springframework.security.oauth.consumer.OAuthSecurityContextImpl)
HashMap(java.util.HashMap)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
ProtectedResourceDetails(org.springframework.security.oauth.consumer.ProtectedResourceDetails)
Example 2 with OAuthRequestFailedException
use of org.springframework.security.oauth.consumer.OAuthRequestFailedException in project spring-security-oauth by spring-projects.
the class OAuthConsumerContextFilter method checkForResourceThatNeedsAuthorization.
/**
* Check the given exception for the resource that needs authorization. If the exception was not thrown because a resource needed authorization, then rethrow
* the exception.
*
* @param ex The exception.
* @return The resource that needed authorization (never null).
* @throws ServletException in the case of an underlying Servlet API exception
* @throws IOException in the case of general IO exceptions
*/
protected ProtectedResourceDetails checkForResourceThatNeedsAuthorization(Exception ex) throws ServletException, IOException {
Throwable[] causeChain = getThrowableAnalyzer().determineCauseChain(ex);
AccessTokenRequiredException ase = (AccessTokenRequiredException) getThrowableAnalyzer().getFirstThrowableOfType(AccessTokenRequiredException.class, causeChain);
ProtectedResourceDetails resourceThatNeedsAuthorization;
if (ase != null) {
resourceThatNeedsAuthorization = ase.getResource();
if (resourceThatNeedsAuthorization == null) {
throw new OAuthRequestFailedException(ase.getMessage());
}
} else {
// Rethrow ServletExceptions and RuntimeExceptions as-is
if (ex instanceof ServletException) {
throw (ServletException) ex;
}
if (ex instanceof IOException) {
throw (IOException) ex;
} else if (ex instanceof RuntimeException) {
throw (RuntimeException) ex;
}
// Wrap other Exceptions. These are not expected to happen
throw new RuntimeException(ex);
}
return resourceThatNeedsAuthorization;
}
Also used :
ServletException(javax.servlet.ServletException)
AccessTokenRequiredException(org.springframework.security.oauth.consumer.AccessTokenRequiredException)
IOException(java.io.IOException)
OAuthRequestFailedException(org.springframework.security.oauth.consumer.OAuthRequestFailedException)
ProtectedResourceDetails(org.springframework.security.oauth.consumer.ProtectedResourceDetails)
Example 3 with OAuthRequestFailedException
use of org.springframework.security.oauth.consumer.OAuthRequestFailedException in project spring-security-oauth by spring-projects.
the class CoreOAuthConsumerSupport method openConnection.
/**
* Open a connection to the given URL.
*
* @param requestTokenURL The request token URL.
* @return The HTTP URL connection.
*/
protected HttpURLConnection openConnection(URL requestTokenURL) {
try {
HttpURLConnection connection = (HttpURLConnection) requestTokenURL.openConnection(selectProxy(requestTokenURL));
connection.setConnectTimeout(getConnectionTimeout());
connection.setReadTimeout(getReadTimeout());
return connection;
} catch (IOException e) {
throw new OAuthRequestFailedException("Failed to open an OAuth connection.", e);
}
}
Also used :
OAuthRequestFailedException(org.springframework.security.oauth.consumer.OAuthRequestFailedException)
Example 4 with OAuthRequestFailedException
use of org.springframework.security.oauth.consumer.OAuthRequestFailedException in project spring-security-oauth by spring-projects.
the class CoreOAuthConsumerSupport method loadOAuthParameters.
/**
* Loads the OAuth parameters for the given resource at the given URL and the given token. These parameters include
* any query parameters on the URL since they are included in the signature. The oauth parameters are NOT encoded.
*
* @param details The resource details.
* @param requestURL The request URL.
* @param requestToken The request token.
* @param httpMethod The http method.
* @param additionalParameters Additional oauth parameters (outside of the core oauth spec).
* @return The parameters.
*/
protected Map<String, Set<CharSequence>> loadOAuthParameters(ProtectedResourceDetails details, URL requestURL, OAuthConsumerToken requestToken, String httpMethod, Map<String, String> additionalParameters) {
Map<String, Set<CharSequence>> oauthParams = new TreeMap<String, Set<CharSequence>>();
if (additionalParameters != null) {
for (Map.Entry<String, String> additionalParam : additionalParameters.entrySet()) {
Set<CharSequence> values = oauthParams.get(additionalParam.getKey());
if (values == null) {
values = new HashSet<CharSequence>();
oauthParams.put(additionalParam.getKey(), values);
}
if (additionalParam.getValue() != null) {
values.add(additionalParam.getValue());
}
}
}
String query = requestURL.getQuery();
if (query != null) {
StringTokenizer queryTokenizer = new StringTokenizer(query, "&");
while (queryTokenizer.hasMoreElements()) {
String token = (String) queryTokenizer.nextElement();
CharSequence value = null;
int equalsIndex = token.indexOf('=');
if (equalsIndex < 0) {
token = urlDecode(token);
} else {
value = new QueryParameterValue(urlDecode(token.substring(equalsIndex + 1)));
token = urlDecode(token.substring(0, equalsIndex));
}
Set<CharSequence> values = oauthParams.get(token);
if (values == null) {
values = new HashSet<CharSequence>();
oauthParams.put(token, values);
}
if (value != null) {
values.add(value);
}
}
}
String tokenSecret = requestToken == null ? null : requestToken.getSecret();
String nonce = getNonceFactory().generateNonce();
oauthParams.put(OAuthConsumerParameter.oauth_consumer_key.toString(), Collections.singleton((CharSequence) details.getConsumerKey()));
if ((requestToken != null) && (requestToken.getValue() != null)) {
oauthParams.put(OAuthConsumerParameter.oauth_token.toString(), Collections.singleton((CharSequence) requestToken.getValue()));
}
oauthParams.put(OAuthConsumerParameter.oauth_nonce.toString(), Collections.singleton((CharSequence) nonce));
oauthParams.put(OAuthConsumerParameter.oauth_signature_method.toString(), Collections.singleton((CharSequence) details.getSignatureMethod()));
oauthParams.put(OAuthConsumerParameter.oauth_timestamp.toString(), Collections.singleton((CharSequence) String.valueOf(System.currentTimeMillis() / 1000)));
oauthParams.put(OAuthConsumerParameter.oauth_version.toString(), Collections.singleton((CharSequence) "1.0"));
String signatureBaseString = getSignatureBaseString(oauthParams, requestURL, httpMethod);
OAuthSignatureMethod signatureMethod;
try {
signatureMethod = getSignatureFactory().getSignatureMethod(details.getSignatureMethod(), details.getSharedSecret(), tokenSecret);
} catch (UnsupportedSignatureMethodException e) {
throw new OAuthRequestFailedException(e.getMessage(), e);
}
String signature = signatureMethod.sign(signatureBaseString);
oauthParams.put(OAuthConsumerParameter.oauth_signature.toString(), Collections.singleton((CharSequence) signature));
return oauthParams;
}
Also used :
OAuthRequestFailedException(org.springframework.security.oauth.consumer.OAuthRequestFailedException)
UnsupportedSignatureMethodException(org.springframework.security.oauth.common.signature.UnsupportedSignatureMethodException)
OAuthSignatureMethod(org.springframework.security.oauth.common.signature.OAuthSignatureMethod)
Example 5 with OAuthRequestFailedException
use of org.springframework.security.oauth.consumer.OAuthRequestFailedException in project spring-security-oauth by spring-projects.
the class CoreOAuthConsumerSupport method configureURLForProtectedAccess.
/**
* Internal use of configuring the URL for protected access, the resource details already having been loaded.
*
* @param url The URL.
* @param requestToken The request token.
* @param details The details.
* @param httpMethod The http method.
* @param additionalParameters Any additional request parameters.
* @return The configured URL.
*/
protected URL configureURLForProtectedAccess(URL url, OAuthConsumerToken requestToken, ProtectedResourceDetails details, String httpMethod, Map<String, String> additionalParameters) {
String file;
if (!"POST".equalsIgnoreCase(httpMethod) && !"PUT".equalsIgnoreCase(httpMethod) && !details.isAcceptsAuthorizationHeader()) {
StringBuilder fileb = new StringBuilder(url.getPath());
String queryString = getOAuthQueryString(details, requestToken, url, httpMethod, additionalParameters);
fileb.append('?').append(queryString);
file = fileb.toString();
} else {
file = url.getFile();
}
try {
if ("http".equalsIgnoreCase(url.getProtocol())) {
URLStreamHandler streamHandler = getStreamHandlerFactory().getHttpStreamHandler(details, requestToken, this, httpMethod, additionalParameters);
return new URL(url.getProtocol(), url.getHost(), url.getPort(), file, streamHandler);
} else if ("https".equalsIgnoreCase(url.getProtocol())) {
URLStreamHandler streamHandler = getStreamHandlerFactory().getHttpsStreamHandler(details, requestToken, this, httpMethod, additionalParameters);
return new URL(url.getProtocol(), url.getHost(), url.getPort(), file, streamHandler);
} else {
throw new OAuthRequestFailedException("Unsupported OAuth protocol: " + url.getProtocol());
}
} catch (MalformedURLException e) {
throw new IllegalStateException(e);
}
}
Also used :
OAuthRequestFailedException(org.springframework.security.oauth.consumer.OAuthRequestFailedException)
Aggregations
OAuthRequestFailedException (org.springframework.security.oauth.consumer.OAuthRequestFailedException)8
OAuthConsumerToken (org.springframework.security.oauth.consumer.OAuthConsumerToken)3
ProtectedResourceDetails (org.springframework.security.oauth.consumer.ProtectedResourceDetails)3
IOException (java.io.IOException)2
HashMap (java.util.HashMap)2
Map (java.util.Map)2
TreeMap (java.util.TreeMap)2
ServletException (javax.servlet.ServletException)2
AccessTokenRequiredException (org.springframework.security.oauth.consumer.AccessTokenRequiredException)2
InvalidOAuthRealmException (org.springframework.security.oauth.consumer.InvalidOAuthRealmException)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
MalformedURLException (java.net.MalformedURLException)1
URL (java.net.URL)1
ArrayList (java.util.ArrayList)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
DecoderException (org.apache.commons.codec.DecoderException)1
Test (org.junit.Test)1
