Examples with ProtectedResourceDetails org.springframework.security.oauth.consumer.ProtectedResourceDetails used on opensource projects

Example 1 with ProtectedResourceDetails

use of org.springframework.security.oauth.consumer.ProtectedResourceDetails in project spring-security-oauth by spring-projects.

the class OAuthConsumerContextFilter method doFilter.

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    OAuthSecurityContextImpl context = new OAuthSecurityContextImpl();
    context.setDetails(request);
    Map<String, OAuthConsumerToken> rememberedTokens = getRememberMeServices().loadRememberedTokens(request, response);
    Map<String, OAuthConsumerToken> accessTokens = new TreeMap<String, OAuthConsumerToken>();
    Map<String, OAuthConsumerToken> requestTokens = new TreeMap<String, OAuthConsumerToken>();
    if (rememberedTokens != null) {
        for (Map.Entry<String, OAuthConsumerToken> tokenEntry : rememberedTokens.entrySet()) {
            OAuthConsumerToken token = tokenEntry.getValue();
            if (token != null) {
                if (token.isAccessToken()) {
                    accessTokens.put(tokenEntry.getKey(), token);
                } else {
                    requestTokens.put(tokenEntry.getKey(), token);
                }
            }
        }
    }
    context.setAccessTokens(accessTokens);
    OAuthSecurityContextHolder.setContext(context);
    if (LOG.isDebugEnabled()) {
        LOG.debug("Storing access tokens in request attribute '" + getAccessTokensRequestAttribute() + "'.");
    }
    try {
        try {
            request.setAttribute(getAccessTokensRequestAttribute(), new ArrayList<OAuthConsumerToken>(accessTokens.values()));
            chain.doFilter(request, response);
        } catch (Exception e) {
            try {
                ProtectedResourceDetails resourceThatNeedsAuthorization = checkForResourceThatNeedsAuthorization(e);
                String neededResourceId = resourceThatNeedsAuthorization.getId();
                while (!accessTokens.containsKey(neededResourceId)) {
                    OAuthConsumerToken token = requestTokens.remove(neededResourceId);
                    if (token == null) {
                        token = getTokenServices().getToken(neededResourceId);
                    }
                    String verifier = request.getParameter(OAuthProviderParameter.oauth_verifier.toString());
                    // if there is NO access token and (we're not using 1.0a or the verifier is not null)
                    if (token == null || (!token.isAccessToken() && (!resourceThatNeedsAuthorization.isUse10a() || verifier == null))) {
                        //if there's a request token, but no verifier, we'll assume that a previous oauth request failed and we need to get a new request token.
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Obtaining request token for resource: " + neededResourceId);
                        }
                        //obtain authorization.
                        String callbackURL = response.encodeRedirectURL(getCallbackURL(request));
                        token = getConsumerSupport().getUnauthorizedRequestToken(neededResourceId, callbackURL);
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Request token obtained for resource " + neededResourceId + ": " + token);
                        }
                        //okay, we've got a request token, now we need to authorize it.
                        requestTokens.put(neededResourceId, token);
                        getTokenServices().storeToken(neededResourceId, token);
                        String redirect = getUserAuthorizationRedirectURL(resourceThatNeedsAuthorization, token, callbackURL);
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Redirecting request to " + redirect + " for user authorization of the request token for resource " + neededResourceId + ".");
                        }
                        request.setAttribute("org.springframework.security.oauth.consumer.AccessTokenRequiredException", e);
                        this.redirectStrategy.sendRedirect(request, response, redirect);
                        return;
                    } else if (!token.isAccessToken()) {
                        //we have a presumably authorized request token, let's try to get an access token with it.
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Obtaining access token for resource: " + neededResourceId);
                        }
                        //authorize the request token and store it.
                        try {
                            token = getConsumerSupport().getAccessToken(token, verifier);
                        } finally {
                            getTokenServices().removeToken(neededResourceId);
                        }
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Access token " + token + " obtained for resource " + neededResourceId + ". Now storing and using.");
                        }
                        getTokenServices().storeToken(neededResourceId, token);
                    }
                    accessTokens.put(neededResourceId, token);
                    try {
                        //try again
                        if (!response.isCommitted()) {
                            request.setAttribute(getAccessTokensRequestAttribute(), new ArrayList<OAuthConsumerToken>(accessTokens.values()));
                            chain.doFilter(request, response);
                        } else {
                            //dang. what do we do now?
                            throw new IllegalStateException("Unable to reprocess filter chain with needed OAuth2 resources because the response is already committed.");
                        }
                    } catch (Exception e1) {
                        resourceThatNeedsAuthorization = checkForResourceThatNeedsAuthorization(e1);
                        neededResourceId = resourceThatNeedsAuthorization.getId();
                    }
                }
            } catch (OAuthRequestFailedException eo) {
                fail(request, response, eo);
            } catch (Exception ex) {
                Throwable[] causeChain = getThrowableAnalyzer().determineCauseChain(ex);
                OAuthRequestFailedException rfe = (OAuthRequestFailedException) getThrowableAnalyzer().getFirstThrowableOfType(OAuthRequestFailedException.class, causeChain);
                if (rfe != null) {
                    fail(request, response, rfe);
                } else {
                    // Rethrow ServletExceptions and RuntimeExceptions as-is
                    if (ex instanceof ServletException) {
                        throw (ServletException) ex;
                    } else if (ex instanceof RuntimeException) {
                        throw (RuntimeException) ex;
                    }
                    // Wrap other Exceptions. These are not expected to happen
                    throw new RuntimeException(ex);
                }
            }
        }
    } finally {
        OAuthSecurityContextHolder.setContext(null);
        HashMap<String, OAuthConsumerToken> tokensToRemember = new HashMap<String, OAuthConsumerToken>();
        tokensToRemember.putAll(requestTokens);
        tokensToRemember.putAll(accessTokens);
        getRememberMeServices().rememberTokens(tokensToRemember, request, response);
    }
}

Example 2 with ProtectedResourceDetails

use of org.springframework.security.oauth.consumer.ProtectedResourceDetails in project spring-security-oauth by spring-projects.

the class OAuthConsumerContextFilter method checkForResourceThatNeedsAuthorization.

/**
	 * Check the given exception for the resource that needs authorization. If the exception was not thrown because a resource needed authorization, then rethrow
	 * the exception.
	 *
	 * @param ex The exception.
	 * @return The resource that needed authorization (never null).
	 * @throws ServletException in the case of an underlying Servlet API exception
	 * @throws IOException in the case of general IO exceptions
	 */
protected ProtectedResourceDetails checkForResourceThatNeedsAuthorization(Exception ex) throws ServletException, IOException {
    Throwable[] causeChain = getThrowableAnalyzer().determineCauseChain(ex);
    AccessTokenRequiredException ase = (AccessTokenRequiredException) getThrowableAnalyzer().getFirstThrowableOfType(AccessTokenRequiredException.class, causeChain);
    ProtectedResourceDetails resourceThatNeedsAuthorization;
    if (ase != null) {
        resourceThatNeedsAuthorization = ase.getResource();
        if (resourceThatNeedsAuthorization == null) {
            throw new OAuthRequestFailedException(ase.getMessage());
        }
    } else {
        // Rethrow ServletExceptions and RuntimeExceptions as-is
        if (ex instanceof ServletException) {
            throw (ServletException) ex;
        }
        if (ex instanceof IOException) {
            throw (IOException) ex;
        } else if (ex instanceof RuntimeException) {
            throw (RuntimeException) ex;
        }
        // Wrap other Exceptions. These are not expected to happen
        throw new RuntimeException(ex);
    }
    return resourceThatNeedsAuthorization;
}

Example 3 with ProtectedResourceDetails

use of org.springframework.security.oauth.consumer.ProtectedResourceDetails in project spring-security-oauth by spring-projects.

the class CoreOAuthConsumerSupportTests method testGetAuthorizationHeader.

/**
	 * test getAuthorizationHeader
	 */
@Test
public void testGetAuthorizationHeader() throws Exception {
    final TreeMap<String, Set<CharSequence>> params = new TreeMap<String, Set<CharSequence>>();
    CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport() {

        @Override
        protected Map<String, Set<CharSequence>> loadOAuthParameters(ProtectedResourceDetails details, URL requestURL, OAuthConsumerToken requestToken, String httpMethod, Map<String, String> additionalParameters) {
            return params;
        }
    };
    URL url = new URL("https://myhost.com/somepath?with=some&query=params&too");
    OAuthConsumerToken token = new OAuthConsumerToken();
    when(details.isAcceptsAuthorizationHeader()).thenReturn(false);
    assertNull(support.getAuthorizationHeader(details, token, url, "POST", null));
    params.put("with", Collections.singleton((CharSequence) "some"));
    params.put("query", Collections.singleton((CharSequence) "params"));
    params.put("too", null);
    when(details.isAcceptsAuthorizationHeader()).thenReturn(true);
    when(details.getAuthorizationHeaderRealm()).thenReturn("myrealm");
    assertEquals("OAuth realm=\"myrealm\", query=\"params\", with=\"some\"", support.getAuthorizationHeader(details, token, url, "POST", null));
    params.put(OAuthConsumerParameter.oauth_consumer_key.toString(), Collections.singleton((CharSequence) "mykey"));
    params.put(OAuthConsumerParameter.oauth_nonce.toString(), Collections.singleton((CharSequence) "mynonce"));
    params.put(OAuthConsumerParameter.oauth_timestamp.toString(), Collections.singleton((CharSequence) "myts"));
    when(details.isAcceptsAuthorizationHeader()).thenReturn(true);
    when(details.getAuthorizationHeaderRealm()).thenReturn("myrealm");
    assertEquals("OAuth realm=\"myrealm\", oauth_consumer_key=\"mykey\", oauth_nonce=\"mynonce\", oauth_timestamp=\"myts\", query=\"params\", with=\"some\"", support.getAuthorizationHeader(details, token, url, "POST", null));
}

Example 4 with ProtectedResourceDetails

use of org.springframework.security.oauth.consumer.ProtectedResourceDetails in project spring-security-oauth by spring-projects.

the class CoreOAuthConsumerSupportTests method testGetOAuthQueryString.

/**
	 * getOAuthQueryString
	 */
@Test
public void testGetOAuthQueryString() throws Exception {
    final TreeMap<String, Set<CharSequence>> params = new TreeMap<String, Set<CharSequence>>();
    CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport() {

        @Override
        protected Map<String, Set<CharSequence>> loadOAuthParameters(ProtectedResourceDetails details, URL requestURL, OAuthConsumerToken requestToken, String httpMethod, Map<String, String> additionalParameters) {
            return params;
        }
    };
    URL url = new URL("https://myhost.com/somepath?with=some&query=params&too");
    OAuthConsumerToken token = new OAuthConsumerToken();
    when(details.isAcceptsAuthorizationHeader()).thenReturn(true);
    params.put("with", Collections.singleton((CharSequence) "some"));
    params.put("query", Collections.singleton((CharSequence) "params"));
    params.put("too", null);
    params.put(OAuthConsumerParameter.oauth_consumer_key.toString(), Collections.singleton((CharSequence) "mykey"));
    params.put(OAuthConsumerParameter.oauth_nonce.toString(), Collections.singleton((CharSequence) "mynonce"));
    params.put(OAuthConsumerParameter.oauth_timestamp.toString(), Collections.singleton((CharSequence) "myts"));
    assertEquals("query=params&too&with=some", support.getOAuthQueryString(details, token, url, "POST", null));
    when(details.isAcceptsAuthorizationHeader()).thenReturn(false);
    params.put("with", Collections.singleton((CharSequence) "some"));
    params.put("query", Collections.singleton((CharSequence) "params"));
    params.put("too", null);
    params.put(OAuthConsumerParameter.oauth_consumer_key.toString(), Collections.singleton((CharSequence) "mykey"));
    params.put(OAuthConsumerParameter.oauth_nonce.toString(), Collections.singleton((CharSequence) "mynonce"));
    params.put(OAuthConsumerParameter.oauth_timestamp.toString(), Collections.singleton((CharSequence) "myts"));
    assertEquals("oauth_consumer_key=mykey&oauth_nonce=mynonce&oauth_timestamp=myts&query=params&too&with=some", support.getOAuthQueryString(details, token, url, "POST", null));
    when(details.isAcceptsAuthorizationHeader()).thenReturn(false);
    params.put("with", Collections.singleton((CharSequence) "some"));
    String encoded_space = URLEncoder.encode(" ", "utf-8");
    params.put("query", Collections.singleton((CharSequence) ("params spaced")));
    params.put("too", null);
    params.put(OAuthConsumerParameter.oauth_consumer_key.toString(), Collections.singleton((CharSequence) "mykey"));
    params.put(OAuthConsumerParameter.oauth_nonce.toString(), Collections.singleton((CharSequence) "mynonce"));
    params.put(OAuthConsumerParameter.oauth_timestamp.toString(), Collections.singleton((CharSequence) "myts"));
    assertEquals("oauth_consumer_key=mykey&oauth_nonce=mynonce&oauth_timestamp=myts&query=params" + encoded_space + "spaced&too&with=some", support.getOAuthQueryString(details, token, url, "POST", null));
}

Example 5 with ProtectedResourceDetails

use of org.springframework.security.oauth.consumer.ProtectedResourceDetails in project spring-security-oauth by spring-projects.

the class CoreOAuthConsumerSupportTests method testGetTokenFromProvider.

/**
	 * getTokenFromProvider
	 */
@Test
public void testGetTokenFromProvider() throws Exception {
    final ByteArrayInputStream in = new ByteArrayInputStream("oauth_token=mytoken&oauth_token_secret=mytokensecret".getBytes("UTF-8"));
    CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport() {

        @Override
        protected InputStream readResource(ProtectedResourceDetails details, URL url, String httpMethod, OAuthConsumerToken token, Map<String, String> additionalParameters, Map<String, String> additionalRequestHeaders) {
            return in;
        }
    };
    URL url = new URL("https://myhost.com/somepath?with=some&query=params&too");
    when(details.getId()).thenReturn("resourceId");
    OAuthConsumerToken token = support.getTokenFromProvider(details, url, "POST", null, null);
    assertFalse(token.isAccessToken());
    assertEquals("mytoken", token.getValue());
    assertEquals("mytokensecret", token.getSecret());
    assertEquals("resourceId", token.getResourceId());
}