Examples of OAuthTokenRequest


Examples of org.apache.amber.oauth2.as.request.OAuthTokenRequest

    @POST
    @Consumes("application/x-www-form-urlencoded")
    @Produces("application/json")
    public Response authorize(@Context HttpServletRequest request) throws OAuthSystemException {

        OAuthTokenRequest oauthRequest = null;

        OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());

        try {
            oauthRequest = new OAuthTokenRequest(request);
           
            //check if clientid is valid
            if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) {
                OAuthResponse response =
                    OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id not found")
                        .buildJSONMessage();
                return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
            }

            //do checking for different grant types
            if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
                .equals(GrantType.AUTHORIZATION_CODE.toString())) {
                if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE))) {
                    OAuthResponse response = OAuthASResponse
                        .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_GRANT)
                        .setErrorDescription("invalid authorization code")
                        .buildJSONMessage();
                    return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
                }
            } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
                .equals(GrantType.PASSWORD.toString())) {
                if (!Common.PASSWORD.equals(oauthRequest.getPassword())
                    || !Common.USERNAME.equals(oauthRequest.getUsername())) {
                    OAuthResponse response = OAuthASResponse
                        .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_GRANT)
                        .setErrorDescription("invalid username or password")
                        .buildJSONMessage();
                    return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
                }
            } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
                .equals(GrantType.REFRESH_TOKEN.toString())) {
                OAuthResponse response = OAuthASResponse
                    .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                    .setError(OAuthError.TokenResponse.INVALID_GRANT)
                    .setErrorDescription("invalid username or password")
View Full Code Here

Examples of org.apache.amber.oauth2.as.request.OAuthTokenRequest

        expect(request.getParameter("param")).andStubReturn("someparam");
        replay(request);

        OAuthRequest req = null;
        try {
            req = new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }

        verify(request);
        reset(request);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE)).andStubReturn(null);
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://www.example.com/red");
        expect(request.getParameter("param")).andStubReturn("someparam");
        replay(request);

        try {
            req = new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
View Full Code Here

Examples of org.apache.amber.oauth2.as.request.OAuthTokenRequest

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }

        verify(request);

        reset(request);
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.GET);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE)).andStubReturn("authorization_code");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
        verify(request);

        reset(request);
        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(GrantType.PASSWORD.toString());
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.GET);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }

        verify(request);

        reset(request);
        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(GrantType.REFRESH_TOKEN.toString());
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.GET);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
        verify(request);
        reset(request);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(null);
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.GET);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
View Full Code Here

Examples of org.apache.amber.oauth2.as.request.OAuthTokenRequest

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
        verify(request);
        reset(request);

        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.JSON);

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE)).andStubReturn("authorization_code");

        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }

        verify(request);

        reset(request);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(GrantType.PASSWORD.toString());
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.JSON);

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }

        verify(request);

        reset(request);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(GrantType.REFRESH_TOKEN.toString());
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.JSON);

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }

        verify(request);

        reset(request);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(null);
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.JSON);

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
View Full Code Here

Examples of org.apache.amber.oauth2.as.request.OAuthTokenRequest

        expect(request.getParameter(OAuth.OAUTH_CODE)).andStubReturn("test_code");
        expect(request.getParameter(OAuth.OAUTH_CLIENT_SECRET)).andStubReturn("secret");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }

        verify(request);

        reset(request);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(GrantType.AUTHORIZATION_CODE.toString());
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("client_id");
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn(null);
        expect(request.getParameter(OAuth.OAUTH_CODE)).andStubReturn("test_code");
        expect(request.getParameter(OAuth.OAUTH_CLIENT_SECRET)).andStubReturn("secret");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
        verify(request);

        reset(request);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(GrantType.AUTHORIZATION_CODE.toString());
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("client_id");
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
        expect(request.getParameter(OAuth.OAUTH_CODE)).andStubReturn(null);
        expect(request.getParameter(OAuth.OAUTH_CLIENT_SECRET)).andStubReturn("secret");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
View Full Code Here

Examples of org.apache.amber.oauth2.as.request.OAuthTokenRequest

        expect(request.getParameter(OAuth.OAUTH_USERNAME)).andStubReturn(null);
        expect(request.getParameter(OAuth.OAUTH_PASSWORD)).andStubReturn("test_password");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
        verify(request);

        reset(request);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(GrantType.PASSWORD.toString());
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("client_id");
        expect(request.getParameter(OAuth.OAUTH_USERNAME)).andStubReturn("test_username");
        expect(request.getParameter(OAuth.OAUTH_PASSWORD)).andStubReturn("");
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://www.example.com/red");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }

        verify(request);

        reset(request);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(GrantType.PASSWORD.toString());
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://www.example.com/red");

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn(null);
        expect(request.getParameter(OAuth.OAUTH_USERNAME)).andStubReturn("test_username");
        expect(request.getParameter(OAuth.OAUTH_PASSWORD)).andStubReturn("test_password");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
View Full Code Here

Examples of org.apache.amber.oauth2.as.request.OAuthTokenRequest

        expect(request.getParameter(OAuth.OAUTH_REFRESH_TOKEN)).andStubReturn(null);
        expect(request.getParameter(OAuth.OAUTH_CLIENT_SECRET)).andStubReturn("secret");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }

        verify(request);

        reset(request);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(GrantType.REFRESH_TOKEN.toString());
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://www.example.com/red");

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("");
        expect(request.getParameter(OAuth.OAUTH_REFRESH_TOKEN)).andStubReturn("refresh_token");
        expect(request.getParameter(OAuth.OAUTH_CLIENT_SECRET)).andStubReturn("secret");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }

        verify(request);

        reset(request);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(GrantType.REFRESH_TOKEN.toString());
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://www.example.com/red");

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn(null);
        expect(request.getParameter(OAuth.OAUTH_REFRESH_TOKEN)).andStubReturn(null);
        expect(request.getParameter(OAuth.OAUTH_CLIENT_SECRET)).andStubReturn("secret");
        replay(request);

        try {
            new OAuthTokenRequest(request);
            fail("Exception expected");
        } catch (OAuthProblemException e) {
            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
View Full Code Here

Examples of org.apache.amber.oauth2.as.request.OAuthTokenRequest

        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
        expect(request.getParameter(OAuth.OAUTH_CODE)).andStubReturn("test_code");
        expect(request.getParameter(OAuth.OAUTH_CLIENT_SECRET)).andStubReturn("test_secret");
        replay(request);

        OAuthTokenRequest req = null;
        try {
            req = new OAuthTokenRequest(request);

        } catch (OAuthProblemException e) {
            fail("Exception not expected");
        }
        Assert.assertEquals(GrantType.AUTHORIZATION_CODE.toString(), req.getGrantType());
        Assert.assertEquals("test_client", req.getClientId());
        Assert.assertEquals("http://example.com/callback", req.getRedirectURI());
        Assert.assertEquals("test_code", req.getCode());

        verify(request);
        reset(request);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(GrantType.PASSWORD.toString());
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("client_id");
        expect(request.getParameter(OAuth.OAUTH_USERNAME)).andStubReturn("username_test");
        expect(request.getParameter(OAuth.OAUTH_PASSWORD)).andStubReturn("test_password");
        replay(request);

        try {
            req = new OAuthTokenRequest(request);

        } catch (OAuthProblemException e) {
            fail("Exception not expected");
        }
        Assert.assertEquals("client_id", req.getClientId());
        Assert.assertEquals("username_test", req.getUsername());
        Assert.assertEquals("test_password", req.getPassword());

        verify(request);
        reset(request);

        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE)).andStubReturn(GrantType.CLIENT_CREDENTIALS.toString());
        replay(request);

        try {
            req = new OAuthTokenRequest(request);

        } catch (OAuthProblemException e) {
            fail("Exception not expected");
        }
//        Assert.assertEquals("test_assertion", req.getAssertion());
//        Assert.assertEquals("test_type", req.getAssertionType());

        verify(request);
        reset(request);

        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
            .andStubReturn(GrantType.REFRESH_TOKEN.toString());
        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);

        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("client_id");
        expect(request.getParameter(OAuth.OAUTH_REFRESH_TOKEN)).andStubReturn("refresh_token");
        expect(request.getParameter(OAuth.OAUTH_CLIENT_SECRET)).andStubReturn("secret");
        replay(request);

        try {
            req = new OAuthTokenRequest(request);

        } catch (OAuthProblemException e) {
            fail("Exception not expected");
        }
        Assert.assertEquals("client_id", req.getClientId());
        Assert.assertEquals("refresh_token", req.getRefreshToken());
        Assert.assertEquals("secret", req.getClientSecret());

        verify(request);


    }
View Full Code Here

Examples of org.apache.oltu.oauth2.as.request.OAuthTokenRequest

    public HttpEntity token(HttpServletRequest request)
            throws URISyntaxException, OAuthSystemException {

        try {
            //构建OAuth请求
            OAuthTokenRequest oauthRequest = new OAuthTokenRequest(request);

            //检查提交的客户端id是否正确
            if (!oAuthService.checkClientId(oauthRequest.getClientId())) {
                OAuthResponse response =
                        OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                                .setError(OAuthError.TokenResponse.INVALID_CLIENT)
                                .setErrorDescription(Constants.INVALID_CLIENT_DESCRIPTION)
                                .buildJSONMessage();
                return new ResponseEntity(response.getBody(), HttpStatus.valueOf(response.getResponseStatus()));
            }

            // 检查客户端安全KEY是否正确
            if (!oAuthService.checkClientSecret(oauthRequest.getClientSecret())) {
                OAuthResponse response =
                        OAuthASResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED)
                                .setError(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT)
                                .setErrorDescription(Constants.INVALID_CLIENT_DESCRIPTION)
                                .buildJSONMessage();
                return new ResponseEntity(response.getBody(), HttpStatus.valueOf(response.getResponseStatus()));
            }

            String authCode = oauthRequest.getParam(OAuth.OAUTH_CODE);
            // 检查验证类型,此处只检查AUTHORIZATION_CODE类型,其他的还有PASSWORD或REFRESH_TOKEN
            if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE).equals(GrantType.AUTHORIZATION_CODE.toString())) {
                if (!oAuthService.checkAuthCode(authCode)) {
                    OAuthResponse response = OAuthASResponse
                            .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                            .setError(OAuthError.TokenResponse.INVALID_GRANT)
                            .setErrorDescription("错误的授权码")
View Full Code Here

Examples of org.apache.oltu.oauth2.as.request.OAuthTokenRequest

    public @ResponseBody String createAuthorizationToken(final HttpServletRequest request,
                                                         final HttpServletResponse response)
            throws OAuthSystemException, IOException
    {
        // Attempt to build an OAuth request from the HTTP request.
        OAuthTokenRequest oauthRequest;
        try {
            oauthRequest = new OAuthTokenRequest(request);
        }
        // If the HTTP request was not a valid OAuth token request, then we
        // have no other choice but to reject it as a bad request.
        catch (OAuthProblemException e) {
            // Build the OAuth response.
            OAuthResponse oauthResponse = OAuthResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
                    .buildJSONMessage();

            // Set the HTTP response status code from the OAuth response.
            response.setStatus(oauthResponse.getResponseStatus());

            // Return the error message.
            return oauthResponse.getBody();
        }

        // Attempt to get the client.
        Application application = oAuth2MgmtService.getApplicationForClientId(oauthRequest.getClientId());
        // If the client is unknown, respond as such.
        if (application == null) {
            // Create the OAuth response.
            OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                    .setError(OAuthError.TokenResponse.INVALID_CLIENT)
                    .setErrorDescription("The client is unknown: " + oauthRequest.getClientId())
                    .buildJSONMessage();

            // Set the status and return the error message.
            response.setStatus(oauthResponse.getResponseStatus());
            return oauthResponse.getBody();
        }

        // Get the given client secret.
        String applicationSecret = oauthRequest.getClientSecret();
        if (applicationSecret == null) {
            // Create the OAuth response.
            OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                    .setError(OAuthError.TokenResponse.INVALID_CLIENT)
                    .setErrorDescription("The client secret is required.")
                    .buildJSONMessage();

            // Set the status and return the error message.
            response.setStatus(oauthResponse.getResponseStatus());
            return oauthResponse.getBody();
        }
        // Make sure the client gave the right secret.
        else if (!applicationSecret.equals(application.sharedSecret)) {
            // Create the OAuth response.
            OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                    .setError(OAuthError.TokenResponse.INVALID_CLIENT)
                    .setErrorDescription("The client secret is incorrect.")
                    .buildJSONMessage();

            // Set the status and return the error message.
            response.setStatus(oauthResponse.getResponseStatus());
            return oauthResponse.getBody();
        }

        // Get the grant-type.
        GrantType grantType;
        String grantTypeString = oauthRequest.getGrantType();
        if (GrantType.AUTHORIZATION_CODE.toString().equals(grantTypeString)) {
            grantType = GrantType.AUTHORIZATION_CODE;
        }
        else if (GrantType.CLIENT_CREDENTIALS.toString().equals(grantTypeString)) {
            grantType = GrantType.CLIENT_CREDENTIALS;
        }
        else if (GrantType.PASSWORD.toString().equals(grantTypeString)) {
            grantType = GrantType.PASSWORD;
        }
        else if (GrantType.REFRESH_TOKEN.toString().equals(grantTypeString)) {
            grantType = GrantType.REFRESH_TOKEN;
        }
        else {
            // Create the OAuth response.
            OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                    .setError(OAuthError.TokenResponse.INVALID_GRANT)
                    .setErrorDescription("The grant type is unknown: " + grantTypeString)
                    .buildJSONMessage();
            // Set the status and return the error message.
            response.setStatus(oauthResponse.getResponseStatus());
            return oauthResponse.getBody();
        }

        // Handle the different types of token requests.
        AuthorizationToken token;
        if (GrantType.AUTHORIZATION_CODE.equals(grantType)) {
            // Attempt to get the code.
            String codeString = oauthRequest.getCode();
            if (codeString == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("An authorization code must be given to be exchanged  for an authorization token.")
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Attempt to lookup the actual AuthorizationCode object.
            AuthorizationCode code = oAuth2MgmtService.getCode(codeString);
            // If the code doesn't exist, reject the request.
            if (code == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The given authorization code is unknown: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Verify that the client asking for a token is the same as the one
            // that requested the code.
            if (code.applicationId != application.getId()) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("This client is not allowed to reference this code: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // If the code has expired, reject the request.
            if (System.currentTimeMillis() > code.expirationTime) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The given authorization code has expired: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Use the code to lookup the response information and error out if
            // a user has not yet verified it.
            AuthorizationCodeResponse codeResponse = oAuth2MgmtService.getResponse(code.code);
            if (codeResponse == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("A user has not yet verified the code: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Determine if the user granted access and, if not, error out.
            if (!codeResponse.granted) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The user denied the authorization: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Create a new token.
            token = new AuthorizationToken(codeResponse);
        }
        // Handle a third-party refreshing an existing token.
        else if (GrantType.REFRESH_TOKEN.equals(grantType)) {
            // Get the refresh token from the request.
            String refreshToken = oauthRequest.getRefreshToken();
            if (refreshToken == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("A refresh token must be given to be exchanged for a new authorization token.")
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.