Package org.apache.oltu.oauth2.common.token

Examples of org.apache.oltu.oauth2.common.token.OAuthToken


    final HttpServletRequest request,
    final HttpServletResponse response)
    throws OAuthSystemException, IOException {
   
    // Attempt to build an OAuth request from the HTTP request.
    OAuthTokenRequest oauthRequest;
    try {
      oauthRequest = new OAuthTokenRequest(request);
      }
    // If the HTTP request was not a valid OAuth token request, then we
    // have no other choice but to reject it as a bad request.
    catch(OAuthProblemException e) {
      // Build the OAuth response.
          OAuthResponse oauthResponse =
            OAuthResponse
                .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                .error(e)
                .buildJSONMessage();

          // Set the HTTP response status code from the OAuth response.
          response.setStatus(oauthResponse.getResponseStatus());
         
          // Return the error message.
          return oauthResponse.getBody();
      }
   
    // Attempt to get the client.
    ThirdParty thirdParty =
      ThirdPartyBin
        .getInstance().getThirdParty(oauthRequest.getClientId());
    // If the client is unknown, respond as such.
    if(thirdParty == null) {
      // Create the OAuth response.
      OAuthResponse oauthResponse =
        OAuthASResponse
          .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
          .setError(TokenResponse.INVALID_CLIENT)
          .setErrorDescription(
            "The client is unknown: " + oauthRequest.getClientId())
          .buildJSONMessage();
     
      // Set the status and return the error message.
      response.setStatus(oauthResponse.getResponseStatus());
      return oauthResponse.getBody();
    }
   
    // Get the given client secret.
    String thirdPartySecret = oauthRequest.getClientSecret();
    if(thirdPartySecret == null) {
      // Create the OAuth response.
      OAuthResponse oauthResponse =
        OAuthASResponse
          .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
          .setError(TokenResponse.INVALID_CLIENT)
          .setErrorDescription("The client secret is required.")
          .buildJSONMessage();
     
      // Set the status and return the error message.
      response.setStatus(oauthResponse.getResponseStatus());
      return oauthResponse.getBody();
    }
    // Make sure the client gave the right secret.
    else if(! thirdPartySecret.equals(thirdParty.getSecret())) {
      // Create the OAuth response.
      OAuthResponse oauthResponse =
        OAuthASResponse
          .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
          .setError(TokenResponse.INVALID_CLIENT)
          .setErrorDescription("The client secret is incorrect.")
          .buildJSONMessage();
     
      // Set the status and return the error message.
      response.setStatus(oauthResponse.getResponseStatus());
      return oauthResponse.getBody();
    }
   
    // Get the grant-type.
    GrantType grantType;
    String grantTypeString = oauthRequest.getGrantType();
    if(GrantType.AUTHORIZATION_CODE.toString().equals(grantTypeString)) {
      grantType = GrantType.AUTHORIZATION_CODE;
    }
    else if(GrantType.CLIENT_CREDENTIALS.toString().equals(grantTypeString)) {
      grantType = GrantType.CLIENT_CREDENTIALS;
    }
    else if(GrantType.PASSWORD.toString().equals(grantTypeString)) {
      grantType = GrantType.PASSWORD;
    }
    else if(GrantType.REFRESH_TOKEN.toString().equals(grantTypeString)) {
      grantType = GrantType.REFRESH_TOKEN;
    }
    else {
      // Create the OAuth response.
      OAuthResponse oauthResponse =
        OAuthASResponse
          .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
          .setError(TokenResponse.INVALID_GRANT)
          .setErrorDescription(
            "The grant type is unknown: " + grantTypeString)
          .buildJSONMessage();
     
      // Set the status and return the error message.
      response.setStatus(oauthResponse.getResponseStatus());
      return oauthResponse.getBody();
    }
   
    // Handle the different types of token requests.
    AuthorizationToken token;
    if(GrantType.AUTHORIZATION_CODE.equals(grantType)) {
      // Attempt to get the code.
      String codeString = oauthRequest.getCode();
      if(codeString == null) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
          OAuthASResponse
            .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
            .setError(TokenResponse.INVALID_REQUEST)
            .setErrorDescription(
              "An authorization code must be given to be " +
                "exchanged for an authorization token.")
            .buildJSONMessage();
       
        // Set the status and return the error message.
        response.setStatus(oauthResponse.getResponseStatus());
        return oauthResponse.getBody();
      }
     
      // Attempt to lookup the actual AuthorizationCode object.
      AuthorizationCode code =
        AuthorizationCodeBin.getInstance().getCode(codeString);
      // If the code doesn't exist, reject the request.
      if(code == null) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
          OAuthASResponse
            .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
            .setError(TokenResponse.INVALID_REQUEST)
            .setErrorDescription(
              "The given authorization code is unknown: " +
                codeString)
            .buildJSONMessage();
       
        // Set the status and return the error message.
        response.setStatus(oauthResponse.getResponseStatus());
        return oauthResponse.getBody();
      }
     
      // Verify that the client asking for a token is the same as the one
      // that requested the code.
      if(! code.getThirdParty().getId().equals(thirdParty.getId())) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
          OAuthASResponse
            .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
            .setError(TokenResponse.INVALID_REQUEST)
            .setErrorDescription(
              "This client is not allowed to reference this " +
                "code: " +
                codeString)
            .buildJSONMessage();
       
        // Set the status and return the error message.
        response.setStatus(oauthResponse.getResponseStatus());
        return oauthResponse.getBody();
      }

      // If the code has expired, reject the request.
      if(System.currentTimeMillis() > code.getExpirationTime()) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
          OAuthASResponse
            .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
            .setError(TokenResponse.INVALID_REQUEST)
            .setErrorDescription(
              "The given authorization code has expired: " +
                codeString)
            .buildJSONMessage();
       
        // Set the status and return the error message.
        response.setStatus(oauthResponse.getResponseStatus());
        return oauthResponse.getBody();
      }
     
      // Use the code to lookup the response information and error out if
      // a user has not yet verified it.
      AuthorizationCodeResponse codeResponse =
        AuthorizationCodeResponseBin
          .getInstance().getResponse(code.getCode());
      if(codeResponse == null) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
          OAuthASResponse
            .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
            .setError(TokenResponse.INVALID_REQUEST)
            .setErrorDescription(
              "A user has not yet verified the code: " +
                codeString)
            .buildJSONMessage();
       
        // Set the status and return the error message.
        response.setStatus(oauthResponse.getResponseStatus());
        return oauthResponse.getBody();
      }
     
      // Determine if the user granted access and, if not, error out.
      if(! codeResponse.getGranted()) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
          OAuthASResponse
            .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
            .setError(TokenResponse.INVALID_REQUEST)
            .setErrorDescription(
              "The user denied the authorization: " + codeString)
            .buildJSONMessage();
       
        // Set the status and return the error message.
        response.setStatus(oauthResponse.getResponseStatus());
        return oauthResponse.getBody();
      }
     
      // Create a new token.
      token = new AuthorizationToken(codeResponse);
    }
    // Handle a third-party refreshing an existing token.
    else if(GrantType.REFRESH_TOKEN.equals(grantType)) {
      // Get the refresh token from the request.
      String refreshToken = oauthRequest.getRefreshToken();
      if(refreshToken == null) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
          OAuthASResponse
            .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
View Full Code Here


    }

    private String extractUsername(String code) {

        try {
            OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());

            OAuthClientRequest accessTokenRequest = OAuthClientRequest
                    .tokenLocation(accessTokenUrl)
                    .setGrantType(GrantType.AUTHORIZATION_CODE)
                    .setClientId(clientId)
                    .setClientSecret(clientSecret)
                    .setCode(code)
                    .setRedirectURI(redirectUrl)
                    .buildQueryMessage();

            OAuthAccessTokenResponse oAuthResponse = oAuthClient.accessToken(accessTokenRequest, OAuth.HttpMethod.POST);

            String accessToken = oAuthResponse.getAccessToken();
            Long expiresIn = oAuthResponse.getExpiresIn();

            OAuthClientRequest userInfoRequest = new OAuthBearerClientRequest(userInfoUrl)
                    .setAccessToken(accessToken).buildQueryMessage();

            OAuthResourceResponse resourceResponse = oAuthClient.resource(userInfoRequest, OAuth.HttpMethod.GET, OAuthResourceResponse.class);
            String username = resourceResponse.getBody();
            return username;
        } catch (Exception e) {
            e.printStackTrace();
            throw new OAuth2AuthenticationException(e);
View Full Code Here

   * @param url The url to call.
   * @return The body of the response.
   * @throws OAuthException If an error occurs while making the call.
   */
  protected String getServerResponse(String url) throws OAuthException{
    OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
    OAuthClientRequest request;
    try {
      request = new OAuthBearerClientRequest(url)
      .setAccessToken(getAccessToken())
      .buildQueryMessage();
    } catch (OAuthSystemException e1) {
      throw new OAuthException("An error occured while authenticating the user");
    }
    OAuthResourceResponse response;
    try {
      response = oAuthClient.resource(request, OAuth.HttpMethod.GET, OAuthResourceResponse.class);
    } catch (OAuthProblemException e) {
      throw new OAuthException("An error occured while authenticating the user");
    } catch (OAuthSystemException e) {
      throw new OAuthException("An error occured while authenticating the user");
    }
View Full Code Here

      throw new OAuthException("No code provided");

    try {
      OAuthClientRequest request = OAuthClientRequest.tokenProvider(oauthParams.getProviderType()).setGrantType(oauthParams.getGrantType()).setClientId(oauthParams.getClientKey()).setClientSecret(oauthParams.getClientSecret()).setRedirectURI(oauthParams.getRedirectURI()).setCode(code).buildBodyMessage();

      OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());

      // Send request to oauth server
      OAuthAccessTokenResponse oauthAccessTokenResponse = oAuthClient.accessToken(request, oauthParams.getTokenResponseClass());

      OAuthConsumer consumer = oauthParams.getNewOAuthConsumer(oauthAccessTokenResponse);
      return consumer;
    } catch (OAuthSystemException e) {
      // Error building request
View Full Code Here

            .setRedirectURI(Common.REDIRECT_URL)
            .setClientId(Common.CLIENT_ID)
            .setClientSecret(Common.CLIENT_SECRET)
            .buildBodyMessage();

        OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
        OAuthAccessTokenResponse response = oAuthClient.accessToken(request);
        assertNotNull(response.getAccessToken());
        assertNotNull(response.getExpiresIn());
    }
View Full Code Here

            .setCode(Common.AUTHORIZATION_CODE)
            .setClientId(Common.CLIENT_ID)
            .setClientSecret("wrongSecret")
            .buildBodyMessage();

        OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());

        try {
            oAuthClient.accessToken(request);
            fail("exception expected");
        } catch (OAuthProblemException e) {
            assertEquals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT, e.getError());
        }
    }
View Full Code Here

            .setGrantType(null)
            .setClientId(Common.CLIENT_ID)
            .setClientSecret(Common.CLIENT_SECRET)
            .buildBodyMessage();

        OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());

        try {
            oAuthClient.accessToken(request);
            fail("exception expected");
        } catch (OAuthProblemException e) {
            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
    }
View Full Code Here

        OAuthClientRequest request = OAuthClientRequest
            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
            .setClientId(Common.CLIENT_ID)
            .buildBodyMessage();

        OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());

        try {
            oAuthClient.accessToken(request);
            fail("exception expected");
        } catch (OAuthProblemException e) {
            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
    }
View Full Code Here

            .setClientId("unknownid")
            .setClientSecret(Common.CLIENT_SECRET)
            .setRedirectURI(Common.REDIRECT_URL)
            .buildBodyMessage();

        OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());

        try {
            oAuthClient.accessToken(request);
            fail("exception expected");
        } catch (OAuthProblemException e) {
            assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.getError());
        }
    }
View Full Code Here

            .setRedirectURI(Common.REDIRECT_URL)
            .setClientId(Common.CLIENT_ID)
            .setClientSecret(Common.CLIENT_SECRET)
            .buildBodyMessage();

        OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient());

        try {
            oAuthclient.accessToken(request);
            fail("exception expected");
        } catch (OAuthProblemException e) {
            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
        }
    }
View Full Code Here

TOP

Related Classes of org.apache.oltu.oauth2.common.token.OAuthToken

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.