Search in sources :

Example 1 with OAuthProviderToken

use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.

the class OAuthProcessingFilterTests method testValidateSignature.

/**
	 * test validating the signature.
	 */
@Test
public void testValidateSignature() throws Exception {
    OAuthProviderProcessingFilter filter = new OAuthProviderProcessingFilter() {

        @Override
        protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
        }
    };
    ConsumerDetails details = mock(ConsumerDetails.class);
    SignatureSecret secret = mock(SignatureSecret.class);
    OAuthProviderToken token = mock(OAuthProviderToken.class);
    OAuthSignatureMethod sigMethod = mock(OAuthSignatureMethod.class);
    ConsumerCredentials credentials = new ConsumerCredentials("id", "sig", "method", "base", "token");
    when(details.getAuthorities()).thenReturn(new ArrayList<GrantedAuthority>());
    when(details.getSignatureSecret()).thenReturn(secret);
    filter.setTokenServices(tokenServices);
    when(tokenServices.getToken("token")).thenReturn(token);
    filter.setSignatureMethodFactory(signatureFactory);
    when(token.getSecret()).thenReturn("shhh!!!");
    when(signatureFactory.getSignatureMethod("method", secret, "shhh!!!")).thenReturn(sigMethod);
    ConsumerAuthentication authentication = new ConsumerAuthentication(details, credentials);
    filter.validateSignature(authentication);
    verify(sigMethod).verify("base", "sig");
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SignatureSecret(org.springframework.security.oauth.common.signature.SignatureSecret) OAuthProviderToken(org.springframework.security.oauth.provider.token.OAuthProviderToken) ConsumerCredentials(org.springframework.security.oauth.provider.ConsumerCredentials) FilterChain(javax.servlet.FilterChain) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ConsumerAuthentication(org.springframework.security.oauth.provider.ConsumerAuthentication) HttpServletResponse(javax.servlet.http.HttpServletResponse) OAuthSignatureMethod(org.springframework.security.oauth.common.signature.OAuthSignatureMethod) ConsumerDetails(org.springframework.security.oauth.provider.ConsumerDetails) Test(org.junit.Test)

Example 2 with OAuthProviderToken

use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.

the class AccessTokenProcessingFilter method onValidSignature.

protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException {
    //signature is verified; create the token, send the response.
    ConsumerAuthentication authentication = (ConsumerAuthentication) SecurityContextHolder.getContext().getAuthentication();
    OAuthProviderToken authToken = createOAuthToken(authentication);
    if (!authToken.getConsumerKey().equals(authentication.getConsumerDetails().getConsumerKey())) {
        throw new IllegalStateException("The consumer key associated with the created auth token is not valid for the authenticated consumer.");
    }
    String tokenValue = authToken.getValue();
    StringBuilder responseValue = new StringBuilder(OAuthProviderParameter.oauth_token.toString()).append('=').append(OAuthCodec.oauthEncode(tokenValue)).append('&').append(OAuthProviderParameter.oauth_token_secret.toString()).append('=').append(OAuthCodec.oauthEncode(authToken.getSecret()));
    response.setContentType(getResponseContentType());
    response.getWriter().print(responseValue.toString());
    response.flushBuffer();
}
Also used : OAuthProviderToken(org.springframework.security.oauth.provider.token.OAuthProviderToken) ConsumerAuthentication(org.springframework.security.oauth.provider.ConsumerAuthentication)

Example 3 with OAuthProviderToken

use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.

the class UnauthenticatedRequestTokenProcessingFilter method onValidSignature.

protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException {
    //signature is verified; create the token, send the response.
    ConsumerAuthentication authentication = (ConsumerAuthentication) SecurityContextHolder.getContext().getAuthentication();
    OAuthProviderToken authToken = createOAuthToken(authentication);
    if (!authToken.getConsumerKey().equals(authentication.getConsumerDetails().getConsumerKey())) {
        throw new IllegalStateException("The consumer key associated with the created auth token is not valid for the authenticated consumer.");
    }
    String tokenValue = authToken.getValue();
    String callback = authentication.getOAuthParameters().get(OAuthConsumerParameter.oauth_callback.toString());
    StringBuilder responseValue = new StringBuilder(OAuthProviderParameter.oauth_token.toString()).append('=').append(OAuthCodec.oauthEncode(tokenValue)).append('&').append(OAuthProviderParameter.oauth_token_secret.toString()).append('=').append(OAuthCodec.oauthEncode(authToken.getSecret()));
    if (callback != null) {
        responseValue.append('&').append(OAuthProviderParameter.oauth_callback_confirmed.toString()).append("=true");
    }
    response.setContentType(getResponseContentType());
    response.getWriter().print(responseValue.toString());
    response.flushBuffer();
}
Also used : OAuthProviderToken(org.springframework.security.oauth.provider.token.OAuthProviderToken) ConsumerAuthentication(org.springframework.security.oauth.provider.ConsumerAuthentication)

Example 4 with OAuthProviderToken

use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.

the class UserAuthorizationProcessingFilter method attemptAuthentication.

public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
    String requestToken = request.getParameter(getTokenParameterName());
    if (requestToken == null) {
        throw new InvalidOAuthParametersException("An OAuth token id is required.");
    }
    OAuthProviderToken token = getTokenServices().getToken(requestToken);
    if (token == null) {
        throw new InvalidOAuthTokenException("No callback value has been provided for request token " + requestToken + ".");
    }
    String callbackURL = token.getCallbackUrl();
    if (isRequire10a() && callbackURL == null) {
        throw new InvalidOAuthTokenException("No callback value has been provided for request token " + requestToken + ".");
    }
    if (callbackURL != null) {
        request.setAttribute(CALLBACK_ATTRIBUTE, callbackURL);
    }
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null || !authentication.isAuthenticated()) {
        throw new InsufficientAuthenticationException("User must be authenticated before authorizing a request token.");
    }
    String verifier = getVerifierServices().createVerifier();
    request.setAttribute(VERIFIER_ATTRIBUTE, verifier);
    getTokenServices().authorizeRequestToken(requestToken, verifier, authentication);
    return authentication;
}
Also used : OAuthProviderToken(org.springframework.security.oauth.provider.token.OAuthProviderToken) InvalidOAuthParametersException(org.springframework.security.oauth.provider.InvalidOAuthParametersException) Authentication(org.springframework.security.core.Authentication) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException) InvalidOAuthTokenException(org.springframework.security.oauth.provider.token.InvalidOAuthTokenException)

Example 5 with OAuthProviderToken

use of org.springframework.security.oauth.provider.token.OAuthProviderToken in project spring-security-oauth by spring-projects.

the class AccessConfirmationController method getAccessConfirmation.

@RequestMapping("/oauth/confirm_access")
public ModelAndView getAccessConfirmation(HttpServletRequest request, HttpServletResponse response) throws Exception {
    String token = request.getParameter("oauth_token");
    if (token == null) {
        throw new IllegalArgumentException("A request token to authorize must be provided.");
    }
    OAuthProviderToken providerToken = tokenServices.getToken(token);
    ConsumerDetails consumer = consumerDetailsService.loadConsumerByConsumerKey(providerToken.getConsumerKey());
    String callback = request.getParameter("oauth_callback");
    TreeMap<String, Object> model = new TreeMap<String, Object>();
    model.put("oauth_token", token);
    if (callback != null) {
        model.put("oauth_callback", callback);
    }
    model.put("consumer", consumer);
    return new ModelAndView("access_confirmation", model);
}
Also used : OAuthProviderToken(org.springframework.security.oauth.provider.token.OAuthProviderToken) ModelAndView(org.springframework.web.servlet.ModelAndView) TreeMap(java.util.TreeMap) ConsumerDetails(org.springframework.security.oauth.provider.ConsumerDetails) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

OAuthProviderToken (org.springframework.security.oauth.provider.token.OAuthProviderToken)9 ConsumerAuthentication (org.springframework.security.oauth.provider.ConsumerAuthentication)5 ConsumerDetails (org.springframework.security.oauth.provider.ConsumerDetails)3 InvalidOAuthParametersException (org.springframework.security.oauth.provider.InvalidOAuthParametersException)3 TreeMap (java.util.TreeMap)2 FilterChain (javax.servlet.FilterChain)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 Test (org.junit.Test)2 Authentication (org.springframework.security.core.Authentication)2 GrantedAuthority (org.springframework.security.core.GrantedAuthority)2 ConsumerCredentials (org.springframework.security.oauth.provider.ConsumerCredentials)2 PrintWriter (java.io.PrintWriter)1 StringWriter (java.io.StringWriter)1 AccessDeniedException (org.springframework.security.access.AccessDeniedException)1 InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1 OAuthException (org.springframework.security.oauth.common.OAuthException)1 OAuthSignatureMethod (org.springframework.security.oauth.common.signature.OAuthSignatureMethod)1 SignatureSecret (org.springframework.security.oauth.common.signature.SignatureSecret)1 ExtraTrustConsumerDetails (org.springframework.security.oauth.provider.ExtraTrustConsumerDetails)1