use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.
the class OAuthProcessingFilterTests method testValidateSignature.
/**
* test validating the signature.
*/
@Test
public void testValidateSignature() throws Exception {
OAuthProviderProcessingFilter filter = new OAuthProviderProcessingFilter() {
@Override
protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
}
};
ConsumerDetails details = mock(ConsumerDetails.class);
SignatureSecret secret = mock(SignatureSecret.class);
OAuthProviderToken token = mock(OAuthProviderToken.class);
OAuthSignatureMethod sigMethod = mock(OAuthSignatureMethod.class);
ConsumerCredentials credentials = new ConsumerCredentials("id", "sig", "method", "base", "token");
when(details.getAuthorities()).thenReturn(new ArrayList<GrantedAuthority>());
when(details.getSignatureSecret()).thenReturn(secret);
filter.setTokenServices(tokenServices);
when(tokenServices.getToken("token")).thenReturn(token);
filter.setSignatureMethodFactory(signatureFactory);
when(token.getSecret()).thenReturn("shhh!!!");
when(signatureFactory.getSignatureMethod("method", secret, "shhh!!!")).thenReturn(sigMethod);
ConsumerAuthentication authentication = new ConsumerAuthentication(details, credentials);
filter.validateSignature(authentication);
verify(sigMethod).verify("base", "sig");
}
use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.
the class AccessTokenProcessingFilter method onValidSignature.
protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException {
//signature is verified; create the token, send the response.
ConsumerAuthentication authentication = (ConsumerAuthentication) SecurityContextHolder.getContext().getAuthentication();
OAuthProviderToken authToken = createOAuthToken(authentication);
if (!authToken.getConsumerKey().equals(authentication.getConsumerDetails().getConsumerKey())) {
throw new IllegalStateException("The consumer key associated with the created auth token is not valid for the authenticated consumer.");
}
String tokenValue = authToken.getValue();
StringBuilder responseValue = new StringBuilder(OAuthProviderParameter.oauth_token.toString()).append('=').append(OAuthCodec.oauthEncode(tokenValue)).append('&').append(OAuthProviderParameter.oauth_token_secret.toString()).append('=').append(OAuthCodec.oauthEncode(authToken.getSecret()));
response.setContentType(getResponseContentType());
response.getWriter().print(responseValue.toString());
response.flushBuffer();
}
use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.
the class UnauthenticatedRequestTokenProcessingFilter method onValidSignature.
protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException {
//signature is verified; create the token, send the response.
ConsumerAuthentication authentication = (ConsumerAuthentication) SecurityContextHolder.getContext().getAuthentication();
OAuthProviderToken authToken = createOAuthToken(authentication);
if (!authToken.getConsumerKey().equals(authentication.getConsumerDetails().getConsumerKey())) {
throw new IllegalStateException("The consumer key associated with the created auth token is not valid for the authenticated consumer.");
}
String tokenValue = authToken.getValue();
String callback = authentication.getOAuthParameters().get(OAuthConsumerParameter.oauth_callback.toString());
StringBuilder responseValue = new StringBuilder(OAuthProviderParameter.oauth_token.toString()).append('=').append(OAuthCodec.oauthEncode(tokenValue)).append('&').append(OAuthProviderParameter.oauth_token_secret.toString()).append('=').append(OAuthCodec.oauthEncode(authToken.getSecret()));
if (callback != null) {
responseValue.append('&').append(OAuthProviderParameter.oauth_callback_confirmed.toString()).append("=true");
}
response.setContentType(getResponseContentType());
response.getWriter().print(responseValue.toString());
response.flushBuffer();
}
use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.
the class UserAuthorizationProcessingFilter method attemptAuthentication.
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
String requestToken = request.getParameter(getTokenParameterName());
if (requestToken == null) {
throw new InvalidOAuthParametersException("An OAuth token id is required.");
}
OAuthProviderToken token = getTokenServices().getToken(requestToken);
if (token == null) {
throw new InvalidOAuthTokenException("No callback value has been provided for request token " + requestToken + ".");
}
String callbackURL = token.getCallbackUrl();
if (isRequire10a() && callbackURL == null) {
throw new InvalidOAuthTokenException("No callback value has been provided for request token " + requestToken + ".");
}
if (callbackURL != null) {
request.setAttribute(CALLBACK_ATTRIBUTE, callbackURL);
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null || !authentication.isAuthenticated()) {
throw new InsufficientAuthenticationException("User must be authenticated before authorizing a request token.");
}
String verifier = getVerifierServices().createVerifier();
request.setAttribute(VERIFIER_ATTRIBUTE, verifier);
getTokenServices().authorizeRequestToken(requestToken, verifier, authentication);
return authentication;
}
use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.
the class AccessConfirmationController method getAccessConfirmation.
@RequestMapping("/oauth/confirm_access")
public ModelAndView getAccessConfirmation(HttpServletRequest request, HttpServletResponse response) throws Exception {
String token = request.getParameter("oauth_token");
if (token == null) {
throw new IllegalArgumentException("A request token to authorize must be provided.");
}
OAuthProviderToken providerToken = tokenServices.getToken(token);
ConsumerDetails consumer = consumerDetailsService.loadConsumerByConsumerKey(providerToken.getConsumerKey());
String callback = request.getParameter("oauth_callback");
TreeMap<String, Object> model = new TreeMap<String, Object>();
model.put("oauth_token", token);
if (callback != null) {
model.put("oauth_callback", callback);
}
model.put("consumer", consumer);
return new ModelAndView("access_confirmation", model);
}
Aggregations