Examples of org.apache.cxf.rs.security.oauth.data.AccessToken

Package org.apache.cxf.rs.security.oauth.data

Examples of org.apache.cxf.rs.security.oauth.data.AccessToken

org.apache.cxf.rs.security.oauth.data.AccessToken
Access Token representation

        Exception, OAuthProblemException {
        if (LOG.isLoggable(Level.FINE)) {
            LOG.log(Level.FINE, "OAuth security filter for url: {0}", req.getRequestURL());
        }
        
        AccessToken accessToken = null;
        Client client = null;
        
        OAuthMessage oAuthMessage = OAuthServlet.getMessage(new CustomHttpServletWrapper(req), 
                                                            OAuthServlet.getRequestURL(req));
        if (oAuthMessage.getParameter(OAuth.OAUTH_TOKEN) != null) {
            oAuthMessage.requireParameters(REQUIRED_PARAMETERS);


            accessToken = dataProvider.getAccessToken(oAuthMessage.getToken());


            //check if access token is not null
            if (accessToken == null) {
                LOG.warning("Access token is unavailable");
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
            client = accessToken.getClient(); 
            
            OAuthUtils.validateMessage(oAuthMessage, client, accessToken, 
                                       dataProvider, validator);    
        } else {
            String consumerKey = null;
            String consumerSecret = null;
            
            String authHeader = oAuthMessage.getHeader("Authorization");
            if (authHeader != null) {
                if (authHeader.startsWith("OAuth")) {
                    consumerKey = oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY);
                    consumerSecret = oAuthMessage.getParameter(OAuthConstants.OAUTH_CONSUMER_SECRET);
                } else if (authHeader.startsWith("Basic")) {
                    AuthorizationPolicy policy = getAuthorizationPolicy(authHeader);
                    if (policy != null) {
                        consumerKey = policy.getUserName();
                        consumerSecret = policy.getPassword();
                    }
                }
            }
            
            if (consumerKey != null) {
                client = dataProvider.getClient(consumerKey);
            }
            if (client == null) {
                LOG.warning("Client is invalid");
                throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
            }
            
            if (consumerSecret != null && !consumerSecret.equals(client.getSecretKey())) {
                LOG.warning("Client secret is invalid");
                throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
            } else {
                OAuthUtils.validateMessage(oAuthMessage, client, null, 
                                           dataProvider, validator);
            }
            accessToken = client.getPreAuthorizedToken();
            if (accessToken == null || !accessToken.isPreAuthorized()) {
                LOG.warning("Preauthorized access token is unavailable");
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
        }


        List<OAuthPermission> permissions = accessToken.getScopes();
        List<OAuthPermission> matchingPermissions = new ArrayList<OAuthPermission>();
        
        for (OAuthPermission perm : permissions) {
            boolean uriOK = checkRequestURI(req, perm.getUris());
            boolean verbOK = checkHttpVerb(req, perm.getHttpVerbs());

View Full Code Here

            }
            
            OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken,
                                       dataProvider);


            AccessToken accessToken = dataProvider.createAccessToken(requestToken);


            //create response
            Map<String, Object> responseParams = new HashMap<String, Object>();
            responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenKey());
            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());


            String responseString = OAuth.formEncode(responseParams.entrySet());
            return Response.ok(responseString).build();


        } catch (OAuthProblemException e) {

View Full Code Here

        Exception, OAuthProblemException {
        if (LOG.isLoggable(Level.FINE)) {
            LOG.log(Level.FINE, "OAuth security filter for url: {0}", req.getRequestURL());
        }
        
        AccessToken accessToken = null;
        Client client = null;
        
        OAuthMessage oAuthMessage = OAuthServlet.getMessage(req, req.getRequestURL().toString());
        if (oAuthMessage.getParameter(OAuth.OAUTH_TOKEN) != null) {
            oAuthMessage.requireParameters(REQUIRED_PARAMETERS);


            accessToken = dataProvider.getAccessToken(oAuthMessage.getToken());


            //check if access token is not null
            if (accessToken == null) {
                LOG.warning("Access token is unavailable");
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
            client = accessToken.getClient(); 
            
        } else {
            String consumerKey = oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY);
            String consumerSecret = oAuthMessage.getParameter("oauth_consumer_secret");
            client = dataProvider.getClient(consumerKey);

View Full Code Here

            OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken,
                                       dataProvider);


            AccessTokenRegistration reg = new AccessTokenRegistration();
            reg.setRequestToken(requestToken);
            AccessToken accessToken = dataProvider.createAccessToken(reg);


            //create response
            Map<String, Object> responseParams = new HashMap<String, Object>();
            responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenKey());
            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());


            String responseString = OAuth.formEncode(responseParams.entrySet());
            return Response.ok(responseString).build();


        } catch (OAuthProblemException e) {

View Full Code Here

        Exception, OAuthProblemException {
        if (LOG.isLoggable(Level.FINE)) {
            LOG.log(Level.FINE, "OAuth security filter for url: {0}", req.getRequestURL());
        }
        
        AccessToken accessToken = null;
        Client client = null;
        
        OAuthMessage oAuthMessage = OAuthServlet.getMessage(req, req.getRequestURL().toString());
        if (oAuthMessage.getParameter(OAuth.OAUTH_TOKEN) != null) {
            oAuthMessage.requireParameters(REQUIRED_PARAMETERS);


            accessToken = dataProvider.getAccessToken(oAuthMessage.getToken());


            //check if access token is not null
            if (accessToken == null) {
                LOG.warning("Access token is unavailable");
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
            client = accessToken.getClient(); 
            
        } else {
            // TODO: the secret may not be included and only used to create a signature
            //       so the header will effectively be similar to the one used during 
            //       RequestToken requests; we'd need to handle this case too

View Full Code Here

        requestToken = getRequestToken(requestToken.getTokenKey());


        String accessTokenString = generateToken();
        String tokenSecretString = generateToken();


        AccessToken accessToken = new AccessToken(client, accessTokenString,
            tokenSecretString, 3600, System.currentTimeMillis() / 1000);


        accessToken.setScopes(requestToken.getScopes());
        accessToken.setUris(requestToken.getUris());


        synchronized (oauthTokens) {
            oauthTokens.remove(requestToken.getTokenKey());
            oauthTokens.put(accessTokenString, accessToken);
            synchronized (userAuthorizedClients) {

View Full Code Here

        requestToken = getRequestToken(requestToken.getTokenKey());


        String accessTokenString = generateToken();
        String tokenSecretString = generateToken();


        AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString,
                                                  3600, System.currentTimeMillis() / 1000);


        accessToken.setScopes(requestToken.getScopes());
        accessToken.setUris(requestToken.getUris());


        synchronized (oauthTokens) {
            oauthTokens.remove(requestToken.getTokenKey());
            oauthTokens.put(accessTokenString, accessToken);
            synchronized (userAuthorizedClients) {

View Full Code Here

            }
            
            OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken,
                                       dataProvider);


            AccessToken accessToken = dataProvider.createAccessToken(requestToken);


            //create response
            Map<String, Object> responseParams = new HashMap<String, Object>();
            responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenKey());
            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());


            String responseString = OAuth.formEncode(responseParams.entrySet());
            return Response.ok(responseString).build();


        } catch (OAuthProblemException e) {

View Full Code Here

            OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken,
                                       dataProvider);


            AccessTokenRegistration reg = new AccessTokenRegistration();
            reg.setRequestToken(requestToken);
            AccessToken accessToken = dataProvider.createAccessToken(reg);


            //create response
            Map<String, Object> responseParams = new HashMap<String, Object>();
            responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenKey());
            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());


            String responseString = OAuth.formEncode(responseParams.entrySet());
            return Response.ok(responseString).build();


        } catch (OAuthProblemException e) {

View Full Code Here

        Exception, OAuthProblemException {
        if (LOG.isLoggable(Level.FINE)) {
            LOG.log(Level.FINE, "OAuth security filter for url: {0}", req.getRequestURL());
        }
        
        AccessToken accessToken = null;
        Client client = null;
        
        OAuthMessage oAuthMessage = OAuthServlet.getMessage(new CustomHttpServletWrapper(req), 
                                                            OAuthServlet.getRequestURL(req));
        if (oAuthMessage.getParameter(OAuth.OAUTH_TOKEN) != null) {
            oAuthMessage.requireParameters(REQUIRED_PARAMETERS);


            accessToken = dataProvider.getAccessToken(oAuthMessage.getToken());


            //check if access token is not null
            if (accessToken == null) {
                LOG.warning("Access token is unavailable");
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
            client = accessToken.getClient(); 
            
            OAuthUtils.validateMessage(oAuthMessage, client, accessToken, dataProvider);    
        } else {
            String consumerKey = null;
            String consumerSecret = null;
            
            String authHeader = oAuthMessage.getHeader("Authorization");
            if (authHeader != null) {
                if (authHeader.startsWith("OAuth")) {
                    consumerKey = oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY);
                    consumerSecret = oAuthMessage.getParameter(OAuthConstants.OAUTH_CONSUMER_SECRET);
                } else if (authHeader.startsWith("Basic")) {
                    AuthorizationPolicy policy = getAuthorizationPolicy(authHeader);
                    if (policy != null) {
                        consumerKey = policy.getUserName();
                        consumerSecret = policy.getPassword();
                    }
                }
            }
            
            if (consumerKey != null) {
                client = dataProvider.getClient(consumerKey);
            }
            if (client == null) {
                LOG.warning("Client is invalid");
                throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
            }
            
            if (consumerSecret != null && !consumerSecret.equals(client.getSecretKey())) {
                LOG.warning("Client secret is invalid");
                throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
            } else {
                OAuthUtils.validateMessage(oAuthMessage, client, null, dataProvider);
            }
            accessToken = client.getPreAuthorizedToken();
            if (accessToken == null || !accessToken.isPreAuthorized()) {
                LOG.warning("Preauthorized access token is unavailable");
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
        }


        List<OAuthPermission> permissions = accessToken.getScopes();
        List<OAuthPermission> matchingPermissions = new ArrayList<OAuthPermission>();
        
        for (OAuthPermission perm : permissions) {
            boolean uriOK = checkRequestURI(req, perm.getUris());
            boolean verbOK = checkHttpVerb(req, perm.getHttpVerbs());

View Full Code Here

0 1

TOP

Related Classes of org.apache.cxf.rs.security.oauth.data.AccessToken

demo.oauth.server.controllers.MemoryOAuthDataProvider

oauth.manager.OAuthManager

org.apache.cxf.rs.security.oauth.filters.AbstractAuthFilter

org.apache.cxf.rs.security.oauth.services.AccessTokenHandler

org.apache.cxf.rs.security.oauth.test.MemoryOAuthDataProvider

org.apache.cxf.systest.jaxrs.security.oauth.MemoryOAuthDataProvider

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.