Package org.glassfish.jersey.oauth1.signature

Examples of org.glassfish.jersey.oauth1.signature.OAuth1Parameters

175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
    }


    private OAuth1SecurityContext getSecurityContext(ContainerRequestContext request) throws OAuth1Exception {
        OAuthServerRequest osr = new OAuthServerRequest(request);
        OAuth1Parameters params = new OAuth1Parameters().readRequest(osr);

        // apparently not signed with any OAuth parameters; unauthorized
        if (params.size() == 0) {
            throw newUnauthorizedException();
        }

        // get required OAuth parameters
        String consumerKey = requiredOAuthParam(params.getConsumerKey());
        String token = params.getToken();
        String timestamp = requiredOAuthParam(params.getTimestamp());
        String nonce = requiredOAuthParam(params.getNonce());

        // enforce other supported and required OAuth parameters
        requiredOAuthParam(params.getSignature());
        supportedOAuthParam(params.getVersion(), versions);

        // retrieve secret for consumer key
        OAuth1Consumer consumer = provider.getConsumer(consumerKey);
        if (consumer == null) {
            throw newUnauthorizedException();
View Full Code Here
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
        final AccessToken tokenFromProperties
                = (AccessToken) request.getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_ACCESS_TOKEN);
        request.removeProperty(OAuth1ClientSupport.OAUTH_PROPERTY_ACCESS_TOKEN);

        OAuth1Parameters parameters = (OAuth1Parameters) request.getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_PARAMETERS);
        if (parameters == null) {
            parameters = (OAuth1Parameters) request.getConfiguration()
                    .getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_PARAMETERS);
        } else {
            request.removeProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_PARAMETERS);
        }

        OAuth1Secrets secrets = (OAuth1Secrets) request.getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_SECRETS);
        if (secrets == null) {
            secrets = (OAuth1Secrets) request.getConfiguration().getProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_SECRETS);
        } else {
            request.removeProperty(OAuth1ClientSupport.OAUTH_PROPERTY_OAUTH_SECRETS);
        }

        if (request.getHeaders().containsKey("Authorization")) {
            return;
        }

        // Make modifications to clones.
        final OAuth1Parameters paramCopy = parameters.clone();
        final OAuth1Secrets secretsCopy = secrets.clone();

        checkParametersConsistency(paramCopy, secretsCopy);

        if (consumerFromProperties != null) {
            paramCopy.consumerKey(consumerFromProperties.getConsumerKey());
            secretsCopy.consumerSecret(consumerFromProperties.getConsumerSecret());
        }

        if (tokenFromProperties != null) {
            paramCopy.token(tokenFromProperties.getToken());
            secretsCopy.tokenSecret(tokenFromProperties.getAccessTokenSecret());
        }

        if (paramCopy.getTimestamp() == null) {
            paramCopy.setTimestamp();
        }

        if (paramCopy.getNonce() == null) {
            paramCopy.setNonce();
        }

        try {
            oAuthSignature.get().sign(new RequestWrapper(request, messageBodyWorkers.get()), paramCopy, secretsCopy);
        } catch (OAuth1SignatureException se) {
View Full Code Here
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
    @Produces(MediaType.APPLICATION_FORM_URLENCODED)
    @TokenResource
    public Response postAccessTokenRequest(@Context ContainerRequestContext requestContext, @Context Request req) {
        boolean sigIsOk = false;
        OAuthServerRequest request = new OAuthServerRequest(requestContext);
        OAuth1Parameters params = new OAuth1Parameters();
        params.readRequest(request);

        if (params.getToken() == null) {
            throw new WebApplicationException(new Throwable("oauth_token MUST be present."), 400);
        }

        String consKey = params.getConsumerKey();
        if (consKey == null) {
            throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
        }

        OAuth1Token rt = provider.getRequestToken(params.getToken());
        if (rt == null) {
            // token invalid
            throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
        }

        OAuth1Consumer consumer = rt.getConsumer();
        if (consumer == null || !consKey.equals(consumer.getKey())) {
            // token invalid
            throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);

        }

        OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret(consumer.getSecret()).tokenSecret(rt.getSecret());
        try {
            sigIsOk = oAuth1Signature.verify(request, params, secrets);
        } catch (OAuth1SignatureException ex) {
            Logger.getLogger(AccessTokenResource.class.getName()).log(Level.SEVERE, null, ex);
        }

        if (!sigIsOk) {
            // signature invalid
            throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
        }

        // We're good to go.
        OAuth1Token at = provider.newAccessToken(rt, params.getVerifier());

        if (at == null) {
            throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
        }
View Full Code Here
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
    @Consumes("application/x-www-form-urlencoded")
    @Produces("application/x-www-form-urlencoded")
    @TokenResource
    public Response postReqTokenRequest() {
        OAuthServerRequest request = new OAuthServerRequest(requestContext);
        OAuth1Parameters params = new OAuth1Parameters();
        params.readRequest(request);

        String tok = params.getToken();
        if ((tok != null) && (!tok.contentEquals(""))) {
            throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
        }

        String consKey = params.getConsumerKey();
        if (consKey == null) {
            throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
        }

        OAuth1Consumer consumer = provider.getConsumer(consKey);
        if (consumer == null) {
            throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
        }
        OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret(consumer.getSecret()).tokenSecret("");

        boolean sigIsOk = false;
        try {
            sigIsOk = oAuth1Signature.verify(request, params, secrets);
        } catch (OAuth1SignatureException ex) {
            Logger.getLogger(RequestTokenResource.class.getName()).log(Level.SEVERE, null, ex);
        }

        if (!sigIsOk) {
            throw new OAuth1Exception(Response.Status.BAD_REQUEST, null);
        }

        MultivaluedMap<String, String> parameters = new MultivaluedHashMap<String, String>();
        for (String n : request.getParameterNames()) {
            parameters.put(n, request.getParameterValues(n));
        }

        OAuth1Token rt = provider.newRequestToken(consKey, params.getCallback(), parameters);

        Form resp = new Form();
        resp.param(OAuth1Parameters.TOKEN, rt.getToken());
        resp.param(OAuth1Parameters.TOKEN_SECRET, rt.getSecret());
        resp.param(OAuth1Parameters.CALLBACK_CONFIRMED, "true");
View Full Code Here
61
62
63
64
65
66
67
     * Create a new builder instance.
     *
     * @param consumerCredentials Consumer credentials.
     */
    OAuth1BuilderImpl(final ConsumerCredentials consumerCredentials) {
        this(new OAuth1Parameters(), new OAuth1Secrets(), consumerCredentials);
    }
View Full Code Here
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
        OAuthServerRequest osr = new OAuthServerRequest(request);

        OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret("kd94hf93k423kf44");

        OAuth1Parameters params = new OAuth1Parameters().readRequest(osr);

        // ensure parameters correctly parsed into OAuth parameters object
        assertEquals(params.getConsumerKey(), "dpf43f3p2l4k3l03");
        assertEquals(params.getSignatureMethod(), "PLAINTEXT");
        assertEquals(params.getSignature(), secrets.getConsumerSecret() + "&");
        assertEquals(params.getTimestamp(), "1191242090");
        assertEquals(params.getNonce(), "hsu94j3884jdopsl");
        assertEquals(params.getVersion(), "1.0");

        try {
            // verify the plaintext signature
            assertTrue(oAuth1Signature.verify(osr, params, secrets));
        } catch (OAuth1SignatureException ose) {
View Full Code Here
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
        assertThat(authorizationUri, containsString("authorize?oauth_token=hh5s93j4hdidpola"));

        // For the purpose of the test I need parameters (and there is no way how to do it now).
        final Field paramField = authFlow.getClass().getDeclaredField("parameters");
        paramField.setAccessible(true);
        final OAuth1Parameters params = (OAuth1Parameters) paramField.get(authFlow);

        // Update parameters.
        params.timestamp("1191242092").nonce("dji430splmx33448");

        final AccessToken accessToken = authFlow.finish();
        assertThat(accessToken, equalTo(new AccessToken("nnch734d00sl2jdk", "pfkkdhi9sl3r4s00")));

        // Update parameters before creating a feature (i.e. changing signature method).
        params.nonce("kllo9940pd9333jh").signatureMethod("HMAC-SHA1").timestamp("1191242096");

        // Check Authorized Client.
        final Client flowClient = authFlow.getAuthorizedClient().register(LoggingFilter.class);

        String responseEntity = flowClient.target(uri).path("/photos")
View Full Code Here
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
        OAuthServerRequest osr = new OAuthServerRequest(request);

        OAuth1Secrets secrets = new OAuth1Secrets().
                consumerSecret("kd94hf93k423kf44").tokenSecret("hdhd0244k9j7ao03");

        OAuth1Parameters params = new OAuth1Parameters().readRequest(osr);

        // ensure query parameters correctly parsed into OAuth parameters object
        assertEquals(params.getConsumerKey(), "dpf43f3p2l4k3l03");
        assertEquals(params.getToken(), "hh5s93j4hdidpola");
        assertEquals(params.getSignatureMethod(), "PLAINTEXT");
        assertEquals(params.getSignature(), secrets.getConsumerSecret() + "&" + secrets.getTokenSecret());
        assertEquals(params.getTimestamp(), "1191242092");
        assertEquals(params.getNonce(), "dji430splmx33448");
        assertEquals(params.getVersion(), "1.0");

        try {
            // verify the plaintext signature
            assertTrue(oAuth1Signature.verify(osr, params, secrets));
        } catch (OAuth1SignatureException ose) {
View Full Code Here
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
        OAuthServerRequest osr = new OAuthServerRequest(request);

        OAuth1Secrets secrets = new OAuth1Secrets().
                consumerSecret("kd94hf93k423kf44").tokenSecret("pfkkdhi9sl3r4s00");

        OAuth1Parameters params = new OAuth1Parameters().readRequest(osr);

        // ensure query parameters are as expected
        assertEquals(file, "vacation.jpg");
        assertEquals(size, "original");

        // ensure query parameters correctly parsed into OAuth parameters object
        assertEquals(params.getConsumerKey(), "dpf43f3p2l4k3l03");
        assertEquals(params.getToken(), "nnch734d00sl2jdk");
        assertEquals(params.getSignatureMethod(), "HMAC-SHA1");
        assertEquals(params.getTimestamp(), "1191242096");
        assertEquals(params.getNonce(), "kllo9940pd9333jh");
        assertEquals(params.getVersion(), "1.0");

        try {
            // verify the HMAC-SHA1 signature
            assertTrue(oAuth1Signature.verify(osr, params, secrets));
        } catch (OAuth1SignatureException ose) {
View Full Code Here
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
        OAuth1Consumer consumer = provider.getConsumer(consumerKey);
        if (consumer == null) {
            throw newUnauthorizedException();
        }

        OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret(consumer.getSecret());
        OAuth1SecurityContext sc;
        String nonceKey;

        if (token == null) {
            if (consumer.getPrincipal() == null) {
                throw newUnauthorizedException();
            }
            nonceKey = "c:" + consumerKey;
            sc = new OAuth1SecurityContext(consumer, request.getSecurityContext().isSecure());
        } else {
            OAuth1Token accessToken = provider.getAccessToken(token);
            if (accessToken == null) {
                throw newUnauthorizedException();
            }

            OAuth1Consumer atConsumer = accessToken.getConsumer();
            if (atConsumer == null || !consumerKey.equals(atConsumer.getKey())) {
                throw newUnauthorizedException();
            }

            nonceKey = "t:" + token;
            secrets.tokenSecret(accessToken.getSecret());
            sc = new OAuth1SecurityContext(accessToken, request.getSecurityContext().isSecure());
        }

        if (!verifySignature(osr, params, secrets)) {
            throw newUnauthorizedException();
View Full Code Here
TOP

Related Classes of org.glassfish.jersey.oauth1.signature.OAuth1Parameters

  • org.glassfish.hk2.api.ServiceLocator
  • org.glassfish.jersey.client.oauth1.OAuth1BuilderImpl
  • org.glassfish.jersey.client.oauth1.OAuth1ClientFilter
  • org.glassfish.jersey.server.oauth1.internal.AccessTokenResource
  • org.glassfish.jersey.server.oauth1.internal.RequestTokenResource
  • org.glassfish.jersey.server.oauth1.OAuth1ServerFilter
  • org.glassfish.jersey.tests.e2e.oauth.AccessTokenResource
  • org.glassfish.jersey.tests.e2e.oauth.OauthClientAuthorizationFlowTest
  • org.glassfish.jersey.tests.e2e.oauth.PhotosResource
  • org.glassfish.jersey.tests.e2e.oauth.RequestTokenResource
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.