Examples of org.apache.shindig.auth.SecurityToken

• org.apache.shindig.auth.SecurityToken
  An abstract representation of a signing token. Use in conjunction with @code SecurityTokenDecoder.

  }

  @Test
  public void testError403() throws Exception {
    serviceProvider.setVagueErrors(true);
    SecurityToken securityToken = getSecurityToken("owner", "owner", GADGET_URL_NO_KEY);
    MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider,
        FakeGadgetSpecFactory.SERVICE_NAME_NO_KEY);

    HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
    assertEquals("", response.getResponseAsString());

    assertEquals(1, base.getAccessTokenRemoveCount());
  }

  @Test
  public void testWrongServiceName() throws Exception {
    SecurityToken securityToken = getSecurityToken("owner", "owner", GADGET_URL);
    MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider,
        "nosuchservice");

    HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
    Map<String, String> metadata = response.getMetadata();

  }

  protected String generateSecurityToken(Gadget gadget) {
    // Find a security token in the context
    try {
      SecurityToken token = gadget.getContext().getToken();

      if (securityTokenCodec != null && token != null) {
        return securityTokenCodec.encodeToken(token);
      }
    } catch (SecurityTokenException e) {

        false /* isSignViewer */,
        ImmutableMap.of("OAUTH_SERVICE_NAME", SERVICE_NAME, "OAUTH_TOKEN_NAME", TOKEN_NAME));
    replay(authInfo);

    String ownerId = "owner eye dee";
    SecurityToken securityToken = new BasicSecurityToken(ownerId, "", "", "",
        APP_URI.toString(), MODULE_ID, CONTAINER_NAME, null, null);

    HttpRequest request = new HttpRequest(DEFAULT_URI)
        .setAuthType(AuthType.SIGNED)
        .setOAuthArguments(new OAuthArguments(authInfo))

        true /* isSignViewer */,
        ImmutableMap.of("OAUTH_SERVICE_NAME", SERVICE_NAME, "OAUTH_TOKEN_NAME", TOKEN_NAME));
    replay(authInfo);

    String viewerId = "viewer eye dee";
    SecurityToken securityToken = new BasicSecurityToken(
        "", viewerId, "", "", APP_URI.toString(), MODULE_ID, CONTAINER_NAME, null, null);

    HttpRequest request = new HttpRequest(DEFAULT_URI)
        .setAuthType(AuthType.SIGNED)
        .setOAuthArguments(new OAuthArguments(authInfo))

        ImmutableMap.of("OAUTH_SERVICE_NAME", SERVICE_NAME, "OAUTH_TOKEN_NAME", TOKEN_NAME,
            "OAUTH_USE_TOKEN", "always"));
    replay(authInfo);

    String userId = "user id";
    SecurityToken securityToken = new BasicSecurityToken(
        userId, userId, "", "", APP_URI.toString(), MODULE_ID, CONTAINER_NAME, null, null);

    HttpRequest request = new HttpRequest(DEFAULT_URI)
        .setAuthType(AuthType.SIGNED)
        .setOAuthArguments(new OAuthArguments(authInfo))

    } catch (IllegalArgumentException e) {
      throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, "Invalid "
              + Param.URL.getKey() + " parameter", HttpResponse.SC_BAD_REQUEST);
    }

    SecurityToken token = AuthInfoUtil.getSecurityTokenFromRequest(request);
    String container = null;
    Uri gadgetUri = null;
    if ("1".equals(getParameter(request, MULTI_PART_FORM_POST, null))) {
      // This endpoint is being used by the proxied-form-post feature.
      // Require a token.
      if (token == null) {
        throw new GadgetException(GadgetException.Code.INVALID_SECURITY_TOKEN);
      }
    }

    // If we have a token, we should use it.
    if (token != null && !token.isAnonymous()) {
      container = token.getContainer();
      String appurl = token.getAppUrl();
      if (appurl != null) {
        gadgetUri = Uri.parse(appurl);
      }
    } else {
      container = getContainer(request);

  /**
   * @param request
   * @return A valid token for the given input.
   */
  private SecurityToken extractAndValidateToken(HttpServletRequest request) throws GadgetException {
    SecurityToken token = AuthInfoUtil.getSecurityTokenFromRequest(request);
    if (token == null) {
      // TODO: Determine appropriate external error code for this.
      throw new GadgetException(GadgetException.Code.INVALID_SECURITY_TOKEN);
    }
    return token;

    // Requests that don't use authentication can share the result.
    return null;
  }

  protected static String getTokenOwner(HttpRequest request) {
    SecurityToken st = request.getSecurityToken();
    if (request.getAuthType() != AuthType.NONE && request.getAuthType() != AuthType.OAUTH2
        && st.getOwnerId() != null
        && st.getOwnerId().equals(st.getViewerId())
        && request.getOAuthArguments().mayUseToken()) {
      return st.getOwnerId();
    }
    // Requests that don't use authentication can share the result.
    return null;
  }

      sendError(servletResponse,
                new ResponseItem(HttpServletResponse.SC_BAD_REQUEST, "Only POST/GET Allowed"));
      return;
    }

    SecurityToken token = getSecurityToken(servletRequest);
    if (token == null) {
      sendSecurityError(servletResponse);
      return;
    }

    HttpUtil.setCORSheader(servletResponse, containerConfig.<String>getList(token.getContainer(), "gadgets.parentOrigins"));

    try {
      String content = null;
      String callback = null; // for JSONP
      Map<String,FormDataItem> formData = Maps.newHashMap();