Package org.apache.shindig.social.opensocial.oauth

Examples of org.apache.shindig.social.opensocial.oauth.OAuthEntry


  // the requestToken
  private void createAccessToken(HttpServletRequest servletRequest,
                                 HttpServletResponse servletResponse) throws ServletException, IOException, OAuthException, URISyntaxException {
    OAuthMessage requestMessage = OAuthServlet.getMessage(servletRequest, null);

    OAuthEntry entry = getValidatedEntry(requestMessage);
    if (entry == null)
      throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);

    if (entry.getCallbackToken() != null) {
      // We're using the fixed protocol
      String clientCallbackToken = requestMessage.getParameter(OAuth.OAUTH_VERIFIER);
      if (!entry.getCallbackToken().equals(clientCallbackToken)) {
        dataStore.disableToken(entry);
        servletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "This token is not authorized");
        return;
      }
    } else if (!entry.isAuthorized()) {
      // Old protocol.  Catch consumers trying to convert a token to one that's not authorized
      dataStore.disableToken(entry);
      servletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "This token is not authorized");
      return;
    }

    // turn request token into access token
    OAuthEntry accessEntry = dataStore.convertToAccessToken(entry);

    sendResponse(servletResponse, OAuth.newList(
                   OAuth.OAUTH_TOKEN, accessEntry.getToken(),
                   OAuth.OAUTH_TOKEN_SECRET, accessEntry.getTokenSecret(),
                   "user_id", entry.getUserId()));
  }
View Full Code Here



  private OAuthEntry getValidatedEntry(OAuthMessage requestMessage)
    throws IOException, ServletException, OAuthException, URISyntaxException {

    OAuthEntry entry = dataStore.getEntry(requestMessage.getToken());
    if (entry == null)
      throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);

    if (entry.getType() != OAuthEntry.Type.REQUEST)
      throw new OAuthProblemException(OAuth.Problems.TOKEN_USED);

    if (entry.isExpired())
      throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);

    // find consumer key, compare with supplied value, if present.

    if  (requestMessage.getConsumerKey() == null) {
      OAuthProblemException e = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
      e.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CONSUMER_KEY);
      throw e;
    }

    String consumerKey = entry.getConsumerKey();
    if (!consumerKey.equals(requestMessage.getConsumerKey()))
      throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_REFUSED);

    OAuthConsumer consumer = dataStore.getConsumer(consumerKey);

    if (consumer == null)
      throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
   
    OAuthAccessor accessor = new OAuthAccessor(consumer);

    accessor.requestToken = entry.getToken();
    accessor.tokenSecret = entry.getTokenSecret();

    VALIDATOR.validateMessage(requestMessage, accessor);

    return entry;
  }
View Full Code Here

  }

  // Generate a valid requestToken for the given consumerKey
  public OAuthEntry generateRequestToken(String consumerKey, String oauthVersion,
                                         String signedCallbackUrl) {
    OAuthEntry entry = new OAuthEntry();
    entry.setAppId(consumerKey);
    entry.setConsumerKey(consumerKey);
    entry.setDomain("samplecontainer.com");
    entry.setContainer("default");

    entry.setToken(UUID.randomUUID().toString());
    entry.setTokenSecret(UUID.randomUUID().toString());

    entry.setType(OAuthEntry.Type.REQUEST);
    entry.setIssueTime(new Date());
    entry.setOauthVersion(oauthVersion);
    if (signedCallbackUrl != null) {
      entry.setCallbackUrlSigned(true);
      entry.setCallbackUrl(signedCallbackUrl);
    }

    oauthEntries.put(entry.getToken(), entry);
    return entry;
  }
View Full Code Here

  // Turns the request token into an access token
  public OAuthEntry convertToAccessToken(OAuthEntry entry) {
    Preconditions.checkNotNull(entry);
    Preconditions.checkState(entry.getType() == OAuthEntry.Type.REQUEST, "Token must be a request token");

    OAuthEntry accessEntry = new OAuthEntry(entry);

    accessEntry.setToken(UUID.randomUUID().toString());
    accessEntry.setTokenSecret(UUID.randomUUID().toString());

    accessEntry.setType(OAuthEntry.Type.ACCESS);
    accessEntry.setIssueTime(new Date());

    oauthEntries.remove(entry.getToken());
    oauthEntries.put(accessEntry.getToken(), accessEntry);

    return accessEntry;
  }
View Full Code Here

    }
  }

  protected SecurityToken verifyMessage(OAuthMessage message)
    throws OAuthProblemException {
    OAuthEntry entry = getOAuthEntry(message);
    OAuthConsumer authConsumer = getConsumer(message);

    OAuthAccessor accessor = new OAuthAccessor(authConsumer);

    if (entry != null) {
      accessor.tokenSecret = entry.getTokenSecret();
      accessor.accessToken = entry.getToken();
    }

    try {
      OAuthValidator validator = new SimpleOAuthValidator();
      validator.validateMessage(message, accessor);
View Full Code Here

    }
    return getTokenFromVerifiedRequest(message, entry, authConsumer);
  }

  protected OAuthEntry getOAuthEntry(OAuthMessage message) throws OAuthProblemException {
    OAuthEntry entry = null;
    String token = getParameter(message, OAuth.OAUTH_TOKEN);
    if (!StringUtils.isEmpty(token))  {
      entry = store.getEntry(token);
      if (entry == null) {
        OAuthProblemException e = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        e.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "cannot find token");
        throw e;
      } else if (entry.getType() != OAuthEntry.Type.ACCESS) {
        OAuthProblemException e = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        e.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "token is not an access token");
        throw e;
      } else if (entry.isExpired()) {
        throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
      }
    }
    return entry;
  }
View Full Code Here

                      EasyMock.eq(TOKEN))).
      andReturn(authEntry).anyTimes();
  }

  private OAuthEntry createOAuthEntry() {
    OAuthEntry authEntry = new OAuthEntry();
    authEntry.setAppId(APP_ID);
    authEntry.setAuthorized(true);
    authEntry.setConsumerKey(FakeOAuthRequest.CONSUMER_KEY);
    authEntry.setToken(TOKEN);
    authEntry.setTokenSecret(FakeOAuthRequest.CONSUMER_SECRET);
    authEntry.setType(OAuthEntry.Type.ACCESS);
    authEntry.setUserId(FakeOAuthRequest.REQUESTOR);
    authEntry.setIssueTime(new Date());
    authEntry.setDomain(DOMAIN);
    authEntry.setContainer(CONTAINER);
    return authEntry;
  }
View Full Code Here

    verify();
  }

  @Test
  public void testVerifyFailTokenSecretMismatch() throws Exception {
    OAuthEntry authEntry = createOAuthEntry();
    authEntry.setTokenSecret("badsecret");
    expectTokenEntry(authEntry);
    expectConsumer();
    replay();
    HttpServletRequest request = formEncodedPost.sign(TOKEN,
                                                      FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
View Full Code Here

    verify();
  }

  @Test
  public void testVerifyFailTokenIsRequest() throws Exception {
    OAuthEntry authEntry = createOAuthEntry();
    authEntry.setType(OAuthEntry.Type.REQUEST);
    expectTokenEntry(authEntry);
    expectConsumer();
    replay();
    HttpServletRequest request = formEncodedPost.sign(TOKEN,
                                                      FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
View Full Code Here

    verify();
  }

  @Test
  public void testVerifyFailTokenIsExpired() throws Exception {
    OAuthEntry authEntry = createOAuthEntry();
    authEntry.setIssueTime(new Date(System.currentTimeMillis() - (OAuthEntry.ONE_YEAR + 1)));
    authEntry.setType(OAuthEntry.Type.REQUEST);
    expectTokenEntry(authEntry);
    expectConsumer();
    replay();
    HttpServletRequest request = formEncodedPost.sign(TOKEN,
                                                      FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
View Full Code Here

TOP

Related Classes of org.apache.shindig.social.opensocial.oauth.OAuthEntry

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.