Examples of net.oauth.OAuthMessage

• net.oauth.OAuthMessage
  A request or response message used in the OAuth protocol.

  The parameters in this class are not percent-encoded. Methods like OAuthClient.invoke and OAuthResponseMessage.completeParameters are responsible for percent-encoding parameters before transmission and decoding them after reception. @author John Kristian

    if (!NO_TOKEN.equals(requestToken)) {
      // Try getting an acess token from this request token.
      try {
        OAuthAccessor accessor = providerStore.getOAuthAccessor("google");

        OAuthMessage response = oauthClient.invoke(accessor,
            accessor.consumer.serviceProvider.accessTokenURL,
            OAuth.newList(OAuth.OAUTH_TOKEN, requestToken));

        if (response != null) {
          accessToken = response.getParameter(OAuth.OAUTH_TOKEN);
          accessTokenSecret = response.getParameter(OAuth.OAUTH_TOKEN_SECRET);

          session.setAttribute("access_token", "yes (" + accessToken + ")");
          session.setAttribute("access_token_secret",
              "yes (" + accessTokenSecret + ")");

    OAuthConsumer consumer = new OAuthConsumer(null, consumerKey, consumerSecret, null);
    OAuthAccessor accessor = new OAuthAccessor(consumer);
    accessor.accessToken = accessToken;
    accessor.tokenSecret = tokenSecret;
    OAuthMessage message = accessor.newRequestMessage(method, target.toString(), oauthParams);

    List<Map.Entry<String, String>> entryList = OAuthRequest.selectOAuthParams(message);

    switch (paramLocationEnum) {
      case AUTH_HEADER:
        request.addHeader("Authorization", OAuthRequest.getAuthorizationHeader(entryList));
        break;

      case POST_BODY:
        if (!OAuth.isFormEncoded(contentType)) {
          throw new RuntimeException(
              "OAuth param location can only be post_body if post body if of " +
                  "type x-www-form-urlencoded");
        }
        String oauthData = OAuthUtil.formEncode(message.getParameters());
        request.setPostBody(CharsetUtil.getUtf8Bytes(oauthData));
        break;

      case URI_QUERY:
        request.setUri(Uri.parse(OAuthUtil.addParameters(request.getUri().toString(),

    return String.format("OAuth realm=\"%s\"", realm);
  }

  public SecurityToken getSecurityTokenFromRequest(HttpServletRequest request)
      throws InvalidAuthenticationException {
    OAuthMessage message = OAuthServlet.getMessage(request, null);
    if (StringUtils.isEmpty(getParameter(message, OAuth.OAUTH_SIGNATURE))) {
      // Is not an oauth request
      return null;
    }
    String bodyHash = getParameter(message, OAuthConstants.OAUTH_BODY_HASH);
    if (!StringUtils.isEmpty(bodyHash)) {
      verifyBodyHash(request, bodyHash);
    }
    try {
      return verifyMessage(message);
    } catch (OAuthProblemException oauthException) {
      // Legacy body signing is intended for backwards compatability with opensocial clients
      // that assumed they could use the raw request body as a pseudo query param to get
      // body signing. This assumption was born out of the limitations of the OAuth 1.0 spec which
      // states that request bodies are only signed if they are form-encoded. This lead many clients
      // to force a content type of application/x-www-form-urlencoded for xml/json bodies and then
      // hope that receiver decoding of the body didnt have encoding issues. This didn't work out
      // to well so now these clients are required to specify the correct content type. This code
      // lets clients which sign using the old technique to work if they specify the correct content
      // type. This support is deprecated and should be removed later.
      if (allowLegacyBodySigning &&
          (StringUtils.isEmpty(request.getContentType())  ||
          !request.getContentType().contains(OAuth.FORM_ENCODED))) {
        try {
          message.addParameter(readBodyString(request), "");
          return verifyMessage(message);
        } catch (OAuthProblemException ioe) {
          // ignore, let original exception be thrown
        } catch (IOException e) {
          // also ignore;

  }

  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws IOException {
    OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
    OAuthAccessor accessor =
      DummyOAuthProvider.getAccessor(requestMessage.getToken());
    String authorized = "false";
    String requestToken = "none";
    String accessToken = "none";
    if (accessor != null) {
      if (accessor.getProperty("authorized") == Boolean.TRUE) {

  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws IOException, ServletException {

    OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
    String consumerKey = requestMessage.getConsumerKey();
    OAuthConsumer consumer = DummyOAuthProvider.getConsumer(consumerKey);
    OAuthAccessor accessor = new OAuthAccessor(consumer);
    try {
      validator.validateMessage(requestMessage, accessor);
    } catch (Exception e) {

  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws IOException, ServletException {

    OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
    String requestToken = requestMessage.getToken();
    OAuthAccessor accessor = DummyOAuthProvider.getAccessor(requestToken);
    boolean valid = false;

    try {
      validator.validateMessage(requestMessage, accessor);

    // System.out.println("fetchAccessToken: requestToken=" + this.getRequestToken());

    OAuthClient client = getOAuthClient();

    OAuthMessage responseMsg = null;

    OAuthAccessor access = this.createOAuthAccessor();

    try
    {

        //
        //  request the Access token
        //

        access.accessToken = requestToken.getPublicKey();
        access.requestToken = requestToken.getPublicKey();
        access.tokenSecret = requestToken.getSecret();

        responseMsg = client.invoke(access, "GET", this.getClientSettings().getOAuthAccessTokenUrl(), null);

        this.getUserSpecificAccessToken().setPublicKey(responseMsg.getParameter("oauth_token"));
        this.getUserSpecificAccessToken().setSecret(responseMsg.getParameter("oauth_token_secret"));

    } catch (Exception e) {
      throw new FireEagleException(e);
    }
  }

  protected String sendHttpRequest(String baseUrl, String method, java.util.Map<String, String> params, Token token)
  {

    OAuthClient client = getOAuthClient();

    OAuthMessage responseMsg = null;


    OAuthAccessor access = this.createOAuthAccessor();

    access.accessToken = token.getPublicKey();
    access.tokenSecret = token.getSecret();

    if (params == null)
    {
      params = new HashMap<String, String>();
    }


    try
    {

      responseMsg = client.invoke(access, method, baseUrl, params.entrySet());

      return responseMsg.readBodyAsString();

    }
    catch (Exception e)
    {
      throw new FireEagleException(e);

                parameters.put(OAuth.OAUTH_SIGNATURE_METHOD, signMethod);
                parameters.put(OAuth.OAUTH_NONCE, UUID.randomUUID().toString());
                parameters.put(OAuth.OAUTH_TIMESTAMP, String.valueOf(System.currentTimeMillis() / 1000));
                parameters.put(OAuth.OAUTH_CONSUMER_KEY, OAuthTestUtils.CLIENT_ID);
                OAuthMessage message = invokeRequestToken(parameters, style, OAuthServer.PORT);

                //test response ok
                boolean isFormEncoded = OAuth.isFormEncoded(message.getBodyType());
                Assert.assertTrue(isFormEncoded);

                List<OAuth.Parameter> responseParams = OAuthTestUtils.getResponseParams(message);

                String wwwHeader = message.getHeader(HttpHeaders.WWW_AUTHENTICATE);
                Assert.assertNull(wwwHeader);

                String callbacConf = OAuthTestUtils
                    .findOAuthParameter(responseParams, OAuth.OAUTH_CALLBACK_CONFIRMED)
                    .getValue();
                Assert.assertEquals("true", callbacConf);

                String oauthToken = OAuthTestUtils.findOAuthParameter(responseParams, OAuth.OAUTH_TOKEN)
                    .getKey();
                Assert.assertFalse(StringUtils.isEmpty(oauthToken));

                String tokenSecret = OAuthTestUtils
                    .findOAuthParameter(responseParams, OAuth.OAUTH_TOKEN_SECRET)
                    .getKey();
                Assert.assertFalse(StringUtils.isEmpty(tokenSecret));


                //test wrong client id
                parameters.put(OAuth.OAUTH_CONSUMER_KEY, "wrong");
                message = invokeRequestToken(parameters, style, OAuthServer.PORT);

                wwwHeader = message.getHeader(HttpHeaders.WWW_AUTHENTICATE);
                List<OAuth.Parameter> list = OAuthMessage.decodeAuthorization(wwwHeader);

                String oauthProblem = OAuthTestUtils.findOAuthParameter(list, "oauth_problem").getValue();
                Assert.assertEquals(OAuth.Problems.CONSUMER_KEY_UNKNOWN, oauthProblem);
            }

    }

    protected OAuthMessage invokeRequestToken(Map<String, String> parameters, ParameterStyle style,
                                              int port)
        throws IOException, URISyntaxException, OAuthException {
        OAuthMessage message;
        String uri = HOST + port + TEMPORARY_CREDENTIALS_URL;
        message = OAuthTestUtils
            .access(uri, OAuthMessage.POST, parameters, style);
        return message;
    }