Package org.apache.oltu.oauth2.httpclient4

Examples of org.apache.oltu.oauth2.httpclient4.HttpClient4

            return oauthResponse.getBody();

        // Get the grant-type.
        GrantType grantType;
        String grantTypeString = oauthRequest.getGrantType();
        if (GrantType.AUTHORIZATION_CODE.toString().equals(grantTypeString)) {
            grantType = GrantType.AUTHORIZATION_CODE;
        else if (GrantType.CLIENT_CREDENTIALS.toString().equals(grantTypeString)) {
            grantType = GrantType.CLIENT_CREDENTIALS;
        else if (GrantType.PASSWORD.toString().equals(grantTypeString)) {
            grantType = GrantType.PASSWORD;
        else if (GrantType.REFRESH_TOKEN.toString().equals(grantTypeString)) {
            grantType = GrantType.REFRESH_TOKEN;
        else {
            // Create the OAuth response.
            OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                    .setErrorDescription("The grant type is unknown: " + grantTypeString)
            // Set the status and return the error message.
            return oauthResponse.getBody();

        // Handle the different types of token requests.
        AuthorizationToken token;
        if (GrantType.AUTHORIZATION_CODE.equals(grantType)) {
            // Attempt to get the code.
            String codeString = oauthRequest.getCode();
            if (codeString == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setErrorDescription("An authorization code must be given to be exchanged  for an authorization token.")

                // Set the status and return the error message.
                return oauthResponse.getBody();

            // Attempt to lookup the actual AuthorizationCode object.
            AuthorizationCode code = oAuth2MgmtService.getCode(codeString);
            // If the code doesn't exist, reject the request.
            if (code == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setErrorDescription("The given authorization code is unknown: " + codeString)

                // Set the status and return the error message.
                return oauthResponse.getBody();

            // Verify that the client asking for a token is the same as the one
            // that requested the code.
            if (code.applicationId != application.getId()) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setErrorDescription("This client is not allowed to reference this code: " + codeString)

                // Set the status and return the error message.
                return oauthResponse.getBody();

            // If the code has expired, reject the request.
            if (System.currentTimeMillis() > code.expirationTime) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setErrorDescription("The given authorization code has expired: " + codeString)

                // Set the status and return the error message.
                return oauthResponse.getBody();

            // Use the code to lookup the response information and error out if
            // a user has not yet verified it.
            AuthorizationCodeResponse codeResponse = oAuth2MgmtService.getResponse(code.code);
            if (codeResponse == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setErrorDescription("A user has not yet verified the code: " + codeString)

                // Set the status and return the error message.
                return oauthResponse.getBody();

            // Determine if the user granted access and, if not, error out.
            if (!codeResponse.granted) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setErrorDescription("The user denied the authorization: " + codeString)

                // Set the status and return the error message.
                return oauthResponse.getBody();

            // Create a new token.
            token = new AuthorizationToken(codeResponse);
        // Handle a third-party refreshing an existing token.
        else if (GrantType.REFRESH_TOKEN.equals(grantType)) {
            // Get the refresh token from the request.
            String refreshToken = oauthRequest.getRefreshToken();
            if (refreshToken == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setErrorDescription("A refresh token must be given to be exchanged for a new authorization token.")

                // Set the status and return the error message.
                return oauthResponse.getBody();
            // Use the refresh token to lookup the actual refresh token.
            AuthorizationToken currentToken = oAuth2MgmtService.getTokenFromRefreshToken(refreshToken);
            if (currentToken == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setErrorDescription("The refresh token is unknown.")

                // Set the status and return the error message.
                return oauthResponse.getBody();

            // Verify that the client asking for a token is the same as the one
            // that was issued the refresh token.
            // This is probably a very serious offense and should probably
            // raise some serious red flags!
            if (!oAuth2MgmtService.getApplicationForToken(currentToken).getId().equals(application.getId())) {

                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setErrorDescription("This token does not belong to this client.")

                // Set the status and return the error message.
                return oauthResponse.getBody();

            // Create a new authorization token from the current one.
            token = new AuthorizationToken(currentToken);
        // If the grant-type is unknown, then we do not yet understand how
        // the request is built and, therefore, can do nothing more than
        // reject it via an OmhException.
        else {
            // Create the OAuth response.
            OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                    .setErrorDescription("The grant type must be one of '" + GrantType.AUTHORIZATION_CODE.toString() +
                        "' or '" + GrantType.REFRESH_TOKEN.toString() + "': " + grantType.toString())

            // Set the status and return the error message.
            return oauthResponse.getBody();
View Full Code Here

      return oauthResponse.getBody();
    // Get the grant-type.
    GrantType grantType;
    String grantTypeString = oauthRequest.getGrantType();
    if(GrantType.AUTHORIZATION_CODE.toString().equals(grantTypeString)) {
      grantType = GrantType.AUTHORIZATION_CODE;
    else if(GrantType.CLIENT_CREDENTIALS.toString().equals(grantTypeString)) {
      grantType = GrantType.CLIENT_CREDENTIALS;
    else if(GrantType.PASSWORD.toString().equals(grantTypeString)) {
      grantType = GrantType.PASSWORD;
    else if(GrantType.REFRESH_TOKEN.toString().equals(grantTypeString)) {
      grantType = GrantType.REFRESH_TOKEN;
    else {
      // Create the OAuth response.
      OAuthResponse oauthResponse =
            "The grant type is unknown: " + grantTypeString)
      // Set the status and return the error message.
      return oauthResponse.getBody();
    // Handle the different types of token requests.
    AuthorizationToken token;
    if(GrantType.AUTHORIZATION_CODE.equals(grantType)) {
      // Attempt to get the code.
      String codeString = oauthRequest.getCode();
      if(codeString == null) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
              "An authorization code must be given to be " +
                "exchanged for an authorization token.")
        // Set the status and return the error message.
        return oauthResponse.getBody();
      // Attempt to lookup the actual AuthorizationCode object.
      AuthorizationCode code =
      // If the code doesn't exist, reject the request.
      if(code == null) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
              "The given authorization code is unknown: " +
        // Set the status and return the error message.
        return oauthResponse.getBody();
      // Verify that the client asking for a token is the same as the one
      // that requested the code.
      if(! code.getThirdParty().getId().equals(thirdParty.getId())) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
              "This client is not allowed to reference this " +
                "code: " +
        // Set the status and return the error message.
        return oauthResponse.getBody();

      // If the code has expired, reject the request.
      if(System.currentTimeMillis() > code.getExpirationTime()) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
              "The given authorization code has expired: " +
        // Set the status and return the error message.
        return oauthResponse.getBody();
      // Use the code to lookup the response information and error out if
      // a user has not yet verified it.
      AuthorizationCodeResponse codeResponse =
      if(codeResponse == null) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
              "A user has not yet verified the code: " +
        // Set the status and return the error message.
        return oauthResponse.getBody();
      // Determine if the user granted access and, if not, error out.
      if(! codeResponse.getGranted()) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
              "The user denied the authorization: " + codeString)
        // Set the status and return the error message.
        return oauthResponse.getBody();
      // Create a new token.
      token = new AuthorizationToken(codeResponse);
    // Handle a third-party refreshing an existing token.
    else if(GrantType.REFRESH_TOKEN.equals(grantType)) {
      // Get the refresh token from the request.
      String refreshToken = oauthRequest.getRefreshToken();
      if(refreshToken == null) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
              "An refresh token must be given to be exchanged " +
                "for a new authorization token.")
        // Set the status and return the error message.
        return oauthResponse.getBody();
      // Use the refresh token to lookup the actual refresh token.
      AuthorizationToken currentToken =
      if(currentToken == null) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
            .setErrorDescription("The refresh token is unknown.")
        // Set the status and return the error message.
        return oauthResponse.getBody();
      // Verify that the client asking for a token is the same as the one
      // that was issued the refresh token.
      // This is probably a very serious offense and should probably
      // raise some serious red flags!
          .getThirdParty().getId().equals(thirdParty.getId())) {
        // Create the OAuth response.
        OAuthResponse oauthResponse =
              "This token does not belong to this client.")
        // Set the status and return the error message.
        return oauthResponse.getBody();
      // Create a new authorization token from the current one.
      token = new AuthorizationToken(currentToken);
    // If the grant-type is unknown, then we do not yet understand how
    // the request is built and, therefore, can do nothing more than
    // reject it via an OmhException.
    else {
      // Create the OAuth response.
      OAuthResponse oauthResponse =
            "The grant type must be one of '" +
              GrantType.AUTHORIZATION_CODE.toString() +
              "' or '" +
              GrantType.REFRESH_TOKEN.toString() +
              "': " +
      // Set the status and return the error message.
      return oauthResponse.getBody();
View Full Code Here

    public String getScope() {
        return getParam(OAuth.OAUTH_SCOPE);

    public OAuthToken getOAuthToken() {
        return new BasicOAuthToken(getAccessToken(), getExpiresIn(), getRefreshToken(), getScope());
View Full Code Here

  public String getTokenType() {
    return getParam(OAuth.OAUTH_TOKEN_TYPE);

  public OAuthToken getOAuthToken() {
    return new BasicOAuthToken(getAccessToken(), getExpiresIn(), getRefreshToken(), getScope());
View Full Code Here


        OAuthRegistrationClient oauthclient = new OAuthRegistrationClient(new URLConnectionClient());
        OAuthClientRegistrationResponse response = oauthclient.clientInfo(request);

        assertEquals(CommonExt.CLIENT_ID, response.getClientId());
        assertEquals(CommonExt.CLIENT_SECRET, response.getClientSecret());
        assertEquals(CommonExt.EXPIRES_IN, response.getExpiresIn());
        assertEquals(CommonExt.ISSUED_AT, response.getIssuedAt());
View Full Code Here


        OAuthRegistrationClient oauthclient = new OAuthRegistrationClient(new URLConnectionClient());
        try {
            OAuthClientRegistrationResponse response = oauthclient.clientInfo(request);
            fail("exception expected");
        } catch (OAuthProblemException e) {
View Full Code Here


        OAuthRegistrationClient oauthclient = new OAuthRegistrationClient(new URLConnectionClient());
        OAuthClientRegistrationResponse response = oauthclient.clientInfo(request);

        assertEquals(CommonExt.CLIENT_ID, response.getClientId());
        assertEquals(CommonExt.CLIENT_SECRET, response.getClientSecret());
        assertEquals(CommonExt.EXPIRES_IN, response.getExpiresIn());
        assertEquals(CommonExt.ISSUED_AT, response.getIssuedAt());

View Full Code Here


        OAuthRegistrationClient oauthclient = new OAuthRegistrationClient(new URLConnectionClient());
        try {
            OAuthClientRegistrationResponse response = oauthclient.clientInfo(request);
            fail("exception expected");
        } catch (OAuthProblemException e) {
View Full Code Here

    public OAuthClientRegistrationResponse() {

    protected void init(String body, String contentType, int responseCode) throws OAuthProblemException {
        validator = new RegistrationValidator();
        super.init(body, contentType, responseCode);
View Full Code Here

    private class SpyingOauthClientStub extends OAuthClient {

        OAuthClientRequest oAuthClientRequest;

        public SpyingOauthClientStub() {
            super(new HttpClient4());
View Full Code Here


Related Classes of org.apache.oltu.oauth2.httpclient4.HttpClient4

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact