Package org.apache.cxf.rs.security.oauth.data

Examples of org.apache.cxf.rs.security.oauth.data.RequestToken


        return (RequestToken) token;
    }

    public String finalizeAuthorization(AuthorizationInput input) throws
            OAuthServiceException {
        RequestToken requestToken = input.getToken();
        requestToken.setVerifier(generateToken());
        return requestToken.getVerifier();
    }
View Full Code Here


    }

    public AccessToken createAccessToken(AccessTokenRegistration reg) throws
        OAuthServiceException {

        RequestToken requestToken = reg.getRequestToken();

        Client client = requestToken.getClient();
        requestToken = getRequestToken(requestToken.getTokenKey());

        String accessTokenString = generateToken();
        String tokenSecretString = generateToken();

        AccessToken accessToken = new AccessToken(client, accessTokenString,
            tokenSecretString, 3600, System.currentTimeMillis() / 1000);

        accessToken.setScopes(requestToken.getScopes());
        synchronized (oauthTokens) {
            oauthTokens.remove(requestToken.getTokenKey());
            oauthTokens.put(accessTokenString, accessToken);
            synchronized (userAuthorizedClients) {
                userAuthorizedClients.add(client.getConsumerKey(), client.getConsumerKey());
            }
        }
View Full Code Here

                           OAuthValidator validator) {
        try {
            OAuthMessage oAuthMessage =
                OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);

            RequestToken requestToken = dataProvider.getRequestToken(oAuthMessage.getToken());
            if (requestToken == null) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
           
            String oauthVerifier = oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER);
            if (StringUtils.isEmpty(oauthVerifier)) {
                if (requestToken.getSubject() != null && requestToken.isPreAuthorized()) {
                    LOG.fine("Preauthorized request token");
                } else {
                    throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
                }
            } else if (!oauthVerifier.equals(requestToken.getVerifier())) {
                throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
            }
           
            OAuthUtils.validateMessage(oAuthMessage,
                                       requestToken.getClient(),
                                       requestToken,
                                       dataProvider,
                                       validator);

            AccessTokenRegistration reg = new AccessTokenRegistration();
View Full Code Here

        try {
            OAuthMessage oAuthMessage =
                OAuthUtils.getOAuthMessage(mc, request, REQUIRED_PARAMETERS);
            new DefaultOAuthValidator().checkSingleParameter(oAuthMessage);

            RequestToken token = dataProvider.getRequestToken(oAuthMessage.getToken());
            if (token == null) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
           
            String decision = oAuthMessage.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
           
            OAuthAuthorizationData secData = new OAuthAuthorizationData();
            if (!compareRequestSessionTokens(request, oAuthMessage)) {
                if (decision != null) {
                    // this is a user decision request, the session has expired or been possibly hijacked
                    LOG.warning("Session authenticity token is missing or invalid");
                    throw new WebApplicationException(400);
                }
                // assume it is an initial authorization request
                addAuthenticityTokenToSession(secData, request);
                return Response.ok(
                        addAdditionalParams(secData, dataProvider, token)).build();
            }
           
           
            boolean allow = OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision);

            Map<String, String> queryParams = new HashMap<String, String>();
            if (allow) {
                SecurityContext sc = (SecurityContext)mc.get(SecurityContext.class.getName());
                List<String> roleNames = Collections.emptyList();
                if (sc instanceof LoginSecurityContext) {
                    roleNames = new ArrayList<String>();
                    Set<Principal> roles = ((LoginSecurityContext)sc).getUserRoles();
                    for (Principal p : roles) {
                        roleNames.add(p.getName());
                    }
                }
                token.setSubject(new UserSubject(sc.getUserPrincipal() == null
                    ? null : sc.getUserPrincipal().getName(), roleNames));
               
                AuthorizationInput input = new AuthorizationInput();
                input.setToken(token);
                
                Set<OAuthPermission> approvedScopesSet = new HashSet<OAuthPermission>();
               
                List<OAuthPermission> originalScopes = token.getScopes();
                for (OAuthPermission perm : originalScopes) {
                    String param = oAuthMessage.getParameter(perm.getPermission() + "_status");
                    if (param != null && OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(param)) {
                        approvedScopesSet.add(perm);
                    }
                }
                List<OAuthPermission> approvedScopes = new LinkedList<OAuthPermission>(approvedScopesSet);
                if (approvedScopes.isEmpty()) {
                    approvedScopes = originalScopes;
                } else if (approvedScopes.size() < originalScopes.size()) {
                    for (OAuthPermission perm : originalScopes) {
                        if (perm.isDefault() && !approvedScopes.contains(perm)) {
                            approvedScopes.add(perm);   
                        }
                    }
                }
               
                input.setApprovedScopes(approvedScopes);
               
                String verifier = dataProvider.finalizeAuthorization(input);
                queryParams.put(OAuth.OAUTH_VERIFIER, verifier);
            } else {
                dataProvider.removeToken(token);
            }
            queryParams.put(OAuth.OAUTH_TOKEN, token.getTokenKey());
            if (token.getState() != null) {
                queryParams.put(OAuthConstants.X_OAUTH_STATE, token.getState());
            }
            String callbackValue = getCallbackValue(token);
            if (OAuthConstants.OAUTH_CALLBACK_OOB.equals(callbackValue)) {
                OOBAuthorizationResponse bean = convertQueryParamsToOOB(queryParams);
                return Response.ok().entity(bean).build();
View Full Code Here

            reg.setState(oAuthMessage.getParameter(OAuthConstants.X_OAUTH_STATE));
            reg.setScopes(scopes);
            reg.setLifetime(tokenLifetime);
            reg.setIssuedAt(System.currentTimeMillis() / 1000);
           
            RequestToken requestToken = dataProvider.createRequestToken(reg);

            if (LOG.isLoggable(Level.FINE)) {
                LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
            }
            //create response
            Map<String, Object> responseParams = new HashMap<String, Object>();
            responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenKey());
            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
            responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);

            String responseBody = OAuth.formEncode(responseParams.entrySet());

            return Response.ok(responseBody).build();
View Full Code Here

    public RequestToken createRequestToken(RequestTokenRegistration reg) throws OAuthServiceException {
        String token = generateToken();
        String tokenSecret = generateToken();

        RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret,
                                                 reg.getLifetime(), reg.getIssuedAt());
        reqToken.setScopes(getPermissionsInfo(reg.getScopes()));
       
        oauthTokens.put(token, reqToken);
        return reqToken;
    }
View Full Code Here

        return (RequestToken)oauthTokens.get(tokenString);
    }

    public String finalizeAuthorization(AuthorizationInput input) throws
            OAuthServiceException {
        RequestToken requestToken = input.getToken();
        requestToken.setVerifier(generateToken());
        return requestToken.getVerifier();
    }
View Full Code Here

    }

    public AccessToken createAccessToken(AccessTokenRegistration reg) throws
            OAuthServiceException {

        RequestToken requestToken = reg.getRequestToken();
       
        Client client = requestToken.getClient();
        requestToken = getRequestToken(requestToken.getTokenKey());

        String accessTokenString = generateToken();
        String tokenSecretString = generateToken();

        AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString,
                                                  3600, System.currentTimeMillis() / 1000);

        accessToken.setScopes(requestToken.getScopes());
       
        synchronized (oauthTokens) {
            oauthTokens.remove(requestToken.getTokenKey());
            oauthTokens.put(accessTokenString, accessToken);
            synchronized (userAuthorizedClients) {
                userAuthorizedClients.add(client.getConsumerKey(), client.getConsumerKey());
            }
        }
View Full Code Here

        try {
            OAuthMessage oAuthMessage =
                OAuthUtils.getOAuthMessage(request, REQUIRED_PARAMETERS);
            new DefaultOAuthValidator().checkSingleParameter(oAuthMessage);

            RequestToken token = dataProvider.getRequestToken(oAuthMessage.getToken());
            if (token == null) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
           
            OAuthAuthorizationData secData = new OAuthAuthorizationData();
            if (!compareRequestSessionTokens(request, oAuthMessage)) {
                addAuthenticityTokenToSession(secData, request);
                return Response.ok(
                        addAdditionalParams(secData, dataProvider, token)).build();
            }
           
            String decision = oAuthMessage.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
            boolean allow = OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision);

            Map<String, String> queryParams = new HashMap<String, String>();
            if (allow) {
                SecurityContext sc =
                    (SecurityContext)request.getAttribute(SecurityContext.class.getName());
                if (sc != null) {
                    UserSubject subject = new UserSubject();
                    subject.setLogin(sc.getUserPrincipal().getName());
                    if (sc instanceof LoginSecurityContext) {
                        List<String> roleNames = new ArrayList<String>();
                        Set<Principal> roles = ((LoginSecurityContext)sc).getUserRoles();
                        for (Principal p : roles) {
                            roleNames.add(p.getName());
                        }
                        subject.setRoles(roleNames);
                    }
                    token.setSubject(subject);
                }
                String verifier = dataProvider.setRequestTokenVerifier(token);
                queryParams.put(OAuth.OAUTH_VERIFIER, verifier);
            } else {
                dataProvider.removeToken(token);
            }
            queryParams.put(OAuth.OAUTH_TOKEN, token.getTokenKey());
            if (token.getState() != null) {
                queryParams.put("state", token.getState());
            }
            URI callback = buildCallbackURI(getCallbackURI(token), queryParams);
            return Response.seeOther(callback).build();
           
        } catch (OAuthProblemException e) {
View Full Code Here

TOP

Related Classes of org.apache.cxf.rs.security.oauth.data.RequestToken

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.