Examples of org.springframework.security.oauth.provider.token.OAuthProviderToken

• org.springframework.security.oauth.provider.token.OAuthProviderToken
  @author Ryan Heaton

      }
    };

    ConsumerDetails details = mock(ConsumerDetails.class);
    SignatureSecret secret = mock(SignatureSecret.class);
    OAuthProviderToken token = mock(OAuthProviderToken.class);
    OAuthSignatureMethod sigMethod = mock(OAuthSignatureMethod.class);

    ConsumerCredentials credentials = new ConsumerCredentials("id", "sig", "method", "base", "token");
    when(details.getAuthorities()).thenReturn(new ArrayList<GrantedAuthority>());
    when(details.getSignatureSecret()).thenReturn(secret);
    filter.setTokenServices(tokenServices);
    when(tokenServices.getToken("token")).thenReturn(token);
    filter.setSignatureMethodFactory(signatureFactory);
    when(token.getSecret()).thenReturn("shhh!!!");
    when(signatureFactory.getSignatureMethod("method", secret, "shhh!!!")).thenReturn(sigMethod);

    ConsumerAuthentication authentication = new ConsumerAuthentication(details, credentials);
    filter.validateSignature(authentication);

  /**
   * test onValidSignature
   */
  @Test
  public void testOnValidSignature() throws Exception {
    final OAuthProviderToken authToken = mock(OAuthProviderToken.class);
    UnauthenticatedRequestTokenProcessingFilter filter = new UnauthenticatedRequestTokenProcessingFilter() {
      @Override
      protected OAuthProviderToken createOAuthToken(ConsumerAuthentication authentication) {
        return authToken;
      }
    };
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpServletResponse response = mock(HttpServletResponse.class);
    FilterChain filterChain = mock(FilterChain.class);
    ConsumerCredentials creds = new ConsumerCredentials("key", "sig", "meth", "base", "tok");
    ConsumerDetails consumerDetails = mock(ConsumerDetails.class);

    when(authToken.getConsumerKey()).thenReturn("chi");
    when(authToken.getValue()).thenReturn("tokvalue");
    when(authToken.getSecret()).thenReturn("shhhhhh");
    when(consumerDetails.getAuthorities()).thenReturn(new ArrayList<GrantedAuthority>());
    when(consumerDetails.getConsumerKey()).thenReturn("chi");
    response.setContentType("text/plain;charset=utf-8");
    StringWriter writer = new StringWriter();
    when(response.getWriter()).thenReturn(new PrintWriter(writer));

    String token = request.getParameter("oauth_token");
    if (token == null) {
      throw new IllegalArgumentException("A request token to authorize must be provided.");
    }

    OAuthProviderToken providerToken = tokenServices.getToken(token);
    ConsumerDetails consumer = consumerDetailsService
        .loadConsumerByConsumerKey(providerToken.getConsumerKey());

    String callback = request.getParameter("oauth_callback");
    TreeMap<String, Object> model = new TreeMap<String, Object>();
    model.put("oauth_token", token);
    if (callback != null) {

  }

  protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException {
    //signature is verified; create the token, send the response.
    ConsumerAuthentication authentication = (ConsumerAuthentication) SecurityContextHolder.getContext().getAuthentication();
    OAuthProviderToken authToken = createOAuthToken(authentication);
    if (!authToken.getConsumerKey().equals(authentication.getConsumerDetails().getConsumerKey())) {
      throw new IllegalStateException("The consumer key associated with the created auth token is not valid for the authenticated consumer.");
    }

    String tokenValue = authToken.getValue();
    String callback = authentication.getOAuthParameters().get(OAuthConsumerParameter.oauth_callback.toString());

    StringBuilder responseValue = new StringBuilder(OAuthProviderParameter.oauth_token.toString())
      .append('=')
      .append(OAuthCodec.oauthEncode(tokenValue))
      .append('&')
      .append(OAuthProviderParameter.oauth_token_secret.toString())
      .append('=')
      .append(OAuthCodec.oauthEncode(authToken.getSecret()));
    if (callback != null) {
      responseValue.append('&')
        .append(OAuthProviderParameter.oauth_callback_confirmed.toString())
        .append("=true");
    }

  protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    ConsumerAuthentication authentication = (ConsumerAuthentication) SecurityContextHolder.getContext().getAuthentication();
    String token = authentication.getConsumerCredentials().getToken();
    OAuthAccessProviderToken accessToken = null;
    if (StringUtils.hasText(token)) {
      OAuthProviderToken authToken = getTokenServices().getToken(token);
      if (authToken == null) {
        throw new AccessDeniedException("Invalid access token.");
      }
      else if (!authToken.isAccessToken()) {
        throw new AccessDeniedException("Token should be an access token.");
      }
      else if (authToken instanceof OAuthAccessProviderToken) {
        accessToken = (OAuthAccessProviderToken) authToken;
      }

    String requestToken = request.getParameter(getTokenParameterName());
    if (requestToken == null) {
      throw new InvalidOAuthParametersException("An OAuth token id is required.");
    }

    OAuthProviderToken token = getTokenServices().getToken(requestToken);
    if (token == null) {
      throw new InvalidOAuthTokenException("No callback value has been provided for request token " + requestToken + ".");
    }

    String callbackURL = token.getCallbackUrl();
    if (isRequire10a() && callbackURL == null) {
      throw new InvalidOAuthTokenException("No callback value has been provided for request token " + requestToken + ".");
    }

    if (callbackURL != null) {

    if (isRequire10a()) {
      String verifier = oauthParams.get(OAuthConsumerParameter.oauth_verifier.toString());
      if (verifier == null) {
        throw new InvalidOAuthParametersException(messages.getMessage("AccessTokenProcessingFilter.missingVerifier", "Missing verifier."));
      }
      OAuthProviderToken requestToken = getTokenServices().getToken(token);
      if (!verifier.equals(requestToken.getVerifier())) {
        throw new InvalidOAuthParametersException(messages.getMessage("AccessTokenProcessingFilter.missingVerifier", "Invalid verifier."));
      }
    }
  }

  }

  protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException {
    //signature is verified; create the token, send the response.
    ConsumerAuthentication authentication = (ConsumerAuthentication) SecurityContextHolder.getContext().getAuthentication();
    OAuthProviderToken authToken = createOAuthToken(authentication);
    if (!authToken.getConsumerKey().equals(authentication.getConsumerDetails().getConsumerKey())) {
      throw new IllegalStateException("The consumer key associated with the created auth token is not valid for the authenticated consumer.");
    }

    String tokenValue = authToken.getValue();

    StringBuilder responseValue = new StringBuilder(OAuthProviderParameter.oauth_token.toString())
      .append('=')
      .append(OAuthCodec.oauthEncode(tokenValue))
      .append('&')
      .append(OAuthProviderParameter.oauth_token_secret.toString())
      .append('=')
      .append(OAuthCodec.oauthEncode(authToken.getSecret()));
    response.setContentType(getResponseContentType());
    response.getWriter().print(responseValue.toString());
    response.flushBuffer();
  }

   * @param authentication The authentication request.
   */
  protected void validateSignature(ConsumerAuthentication authentication) throws AuthenticationException {
    SignatureSecret secret = authentication.getConsumerDetails().getSignatureSecret();
    String token = authentication.getConsumerCredentials().getToken();
    OAuthProviderToken authToken = null;
    if (token != null && !"".equals(token)) {
      authToken = getTokenServices().getToken(token);
    }

    String signatureMethod = authentication.getConsumerCredentials().getSignatureMethod();
    OAuthSignatureMethod method;
    try {
      method = getSignatureMethodFactory().getSignatureMethod(signatureMethod, secret, authToken != null ? authToken.getSecret() : null);
    }
    catch (UnsupportedSignatureMethodException e) {
      throw new OAuthException(e.getMessage(), e);
    }