Examples of RequestToken

Examples of org.apache.cxf.rs.security.oauth.data.RequestToken

74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
        try {
            OAuthMessage oAuthMessage =
                OAuthUtils.getOAuthMessage(mc, request, REQUIRED_PARAMETERS);
            new DefaultOAuthValidator().checkSingleParameter(oAuthMessage);

            RequestToken token = dataProvider.getRequestToken(oAuthMessage.getToken());
            if (token == null) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
           
            String decision = oAuthMessage.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
           
            OAuthAuthorizationData secData = new OAuthAuthorizationData();
            if (!compareRequestSessionTokens(request, oAuthMessage)) {
                if (decision != null) {
                    // this is a user decision request, the session has expired or been possibly hijacked
                    LOG.warning("Session authenticity token is missing or invalid");
                    throw ExceptionUtils.toBadRequestException(null, null);
                }
                // assume it is an initial authorization request
                addAuthenticityTokenToSession(secData, request);
                return Response.ok(
                        addAdditionalParams(secData, dataProvider, token)).build();
            }
           
           
            boolean allow = OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision);

            Map<String, String> queryParams = new HashMap<String, String>();
            if (allow) {
                SecurityContext sc = (SecurityContext)mc.get(SecurityContext.class.getName());
                List<String> roleNames = Collections.emptyList();
                if (sc instanceof LoginSecurityContext) {
                    roleNames = new ArrayList<String>();
                    Set<Principal> roles = ((LoginSecurityContext)sc).getUserRoles();
                    for (Principal p : roles) {
                        roleNames.add(p.getName());
                    }
                }
                token.setSubject(new UserSubject(sc.getUserPrincipal() == null
                    ? null : sc.getUserPrincipal().getName(), roleNames));
               
                AuthorizationInput input = new AuthorizationInput();
                input.setToken(token);
                
                Set<OAuthPermission> approvedScopesSet = new HashSet<OAuthPermission>();
               
                List<OAuthPermission> originalScopes = token.getScopes();
                for (OAuthPermission perm : originalScopes) {
                    String param = oAuthMessage.getParameter(perm.getPermission() + "_status");
                    if (param != null && OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(param)) {
                        approvedScopesSet.add(perm);
                    }
                }
                List<OAuthPermission> approvedScopes = new LinkedList<OAuthPermission>(approvedScopesSet);
                if (approvedScopes.isEmpty()) {
                    approvedScopes = originalScopes;
                } else if (approvedScopes.size() < originalScopes.size()) {
                    for (OAuthPermission perm : originalScopes) {
                        if (perm.isDefault() && !approvedScopes.contains(perm)) {
                            approvedScopes.add(perm);   
                        }
                    }
                }
               
                input.setApprovedScopes(approvedScopes);
               
                String verifier = dataProvider.finalizeAuthorization(input);
                queryParams.put(OAuth.OAUTH_VERIFIER, verifier);
            } else {
                dataProvider.removeToken(token);
            }
            queryParams.put(OAuth.OAUTH_TOKEN, token.getTokenKey());
            if (token.getState() != null) {
                queryParams.put(OAuthConstants.X_OAUTH_STATE, token.getState());
            }
            String callbackValue = getCallbackValue(token);
            if (OAuthConstants.OAUTH_CALLBACK_OOB.equals(callbackValue)) {
                OOBAuthorizationResponse bean = convertQueryParamsToOOB(queryParams);
                return Response.ok().entity(bean).build();
View Full Code Here

Examples of org.apache.cxf.rs.security.oauth.data.RequestToken

56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
    public Response handle(HttpServletRequest request, OAuthDataProvider dataProvider) {
        try {
            OAuthMessage oAuthMessage =
                OAuthUtils.getOAuthMessage(request, REQUIRED_PARAMETERS);

            RequestToken requestToken = dataProvider.getRequestToken(oAuthMessage.getToken());
            if (requestToken == null) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
            String oauthVerifier = oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER);
            if (oauthVerifier == null || !oauthVerifier.equals(requestToken.getVerifier())) {
                throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
            }
           
            OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken,
                                       dataProvider);

            AccessToken accessToken = dataProvider.createAccessToken(requestToken);

            //create response
View Full Code Here

Examples of org.apache.cxf.rs.security.oauth.data.RequestToken

59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
        try {
            OAuthMessage oAuthMessage =
                OAuthUtils.getOAuthMessage(request, REQUIRED_PARAMETERS);
            new DefaultOAuthValidator().checkSingleParameter(oAuthMessage);

            RequestToken token = dataProvider.getRequestToken(oAuthMessage.getToken());
            if (token == null) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
           
            OAuthAuthorizationData secData = new OAuthAuthorizationData();
            if (!compareRequestSessionTokens(request, oAuthMessage)) {
                addAuthenticityTokenToSession(secData, request);
                return Response.ok(
                        addAdditionalParams(secData, dataProvider, token)).build();
            }
           
            String decision = oAuthMessage.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
            boolean allow = OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision);

            Map<String, String> queryParams = new HashMap<String, String>();
            if (allow) {
                String verifier = dataProvider.setRequestTokenVerifier(token);
                queryParams.put(OAuth.OAUTH_VERIFIER, verifier);
            } else {
                dataProvider.removeToken(token);
            }
            queryParams.put(OAuth.OAUTH_TOKEN, token.getTokenKey());
            if (token.getState() != null) {
                queryParams.put("state", token.getState());
            }
            URI callback = buildCallbackURI(getCallbackURI(token), queryParams);
            return Response.seeOther(callback).build();
           
        } catch (OAuthProblemException e) {
View Full Code Here

Examples of org.apache.cxf.rs.security.oauth.data.RequestToken

92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
            reg.setUris(uris);
            reg.setScopes(scopes);
            reg.setLifetime(tokenLifetime);
            reg.setIssuedAt(System.currentTimeMillis() / 1000);
           
            RequestToken requestToken = dataProvider.createRequestToken(reg);

            if (LOG.isLoggable(Level.FINE)) {
                LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
            }
            //create response
            Map<String, Object> responseParams = new HashMap<String, Object>();
            responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenKey());
            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
            responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);

            String responseBody = OAuth.formEncode(responseParams.entrySet());

            return Response.ok(responseBody).build();
View Full Code Here

Examples of org.apache.cxf.rs.security.oauth.data.RequestToken

56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
    public Response handle(MessageContext mc, OAuthDataProvider dataProvider) {
        try {
            OAuthMessage oAuthMessage =
                OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);

            RequestToken requestToken = dataProvider.getRequestToken(oAuthMessage.getToken());
            if (requestToken == null) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
           
            String oauthVerifier = oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER);
            if (oauthVerifier == null) {
                if (requestToken.getSubject() != null && requestToken.isPreAuthorized()) {
                    LOG.fine("Preauthorized request token");
                } else {
                    throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
                }
            } else if (!oauthVerifier.equals(requestToken.getVerifier())) {
                throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
            }
           
            OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken,
                                       dataProvider);

            AccessTokenRegistration reg = new AccessTokenRegistration();
            reg.setRequestToken(requestToken);
            AccessToken accessToken = dataProvider.createAccessToken(reg);
View Full Code Here

Examples of org.apache.cxf.rs.security.oauth.data.RequestToken

92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
            reg.setUris(uris);
            reg.setScopes(scopes);
            reg.setLifetime(tokenLifetime);
            reg.setIssuedAt(System.currentTimeMillis() / 1000);
           
            RequestToken requestToken = dataProvider.createRequestToken(reg);

            if (LOG.isLoggable(Level.FINE)) {
                LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
            }
            //create response
            Map<String, Object> responseParams = new HashMap<String, Object>();
            responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenKey());
            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
            responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);

            String responseBody = OAuth.formEncode(responseParams.entrySet());

            return Response.ok(responseBody).build();
View Full Code Here

Examples of org.apache.cxf.rs.security.oauth.data.RequestToken

88
89
90
91
92
93
94
95
96
97
98
99
100
    public RequestToken createRequestToken(RequestTokenRegistration reg) throws OAuthServiceException {
        String token = generateToken();
        String tokenSecret = generateToken();

        RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret,
                                                 reg.getLifetime(), reg.getIssuedAt());
        reqToken.setScopes(reg.getScopes());
        reqToken.setUris(reg.getUris());
        reqToken.setCallback(reg.getCallback());
        oauthTokens.put(token, reqToken);
        return reqToken;
    }
View Full Code Here

Examples of org.apache.cxf.rs.security.oauth.data.RequestToken

84
85
86
87
88
89
90
91
92
93
94
95
96
    public RequestToken createRequestToken(RequestTokenRegistration reg) throws OAuthServiceException {
        String token = generateToken();
        String tokenSecret = generateToken();

        RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret,
                                                 reg.getLifetime(), reg.getIssuedAt());
        reqToken.setScopes(reg.getScopes());
        reqToken.setUris(reg.getUris());
       
        oauthTokens.put(token, reqToken);
        return reqToken;
    }
View Full Code Here

Examples of org.apache.cxf.rs.security.oauth.data.RequestToken

56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
    public Response handle(MessageContext mc, OAuthDataProvider dataProvider) {
        try {
            OAuthMessage oAuthMessage =
                OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);

            RequestToken requestToken = dataProvider.getRequestToken(oAuthMessage.getToken());
            if (requestToken == null) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
            String oauthVerifier = oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER);
            if (oauthVerifier == null || !oauthVerifier.equals(requestToken.getVerifier())) {
                throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
            }
           
            OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken,
                                       dataProvider);

            AccessToken accessToken = dataProvider.createAccessToken(requestToken);

            //create response
View Full Code Here

Examples of org.apache.cxf.rs.security.oauth.data.RequestToken

68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
        try {
            OAuthMessage oAuthMessage =
                OAuthUtils.getOAuthMessage(mc, request, REQUIRED_PARAMETERS);
            new DefaultOAuthValidator().checkSingleParameter(oAuthMessage);

            RequestToken token = dataProvider.getRequestToken(oAuthMessage.getToken());
            if (token == null) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
           
            OAuthAuthorizationData secData = new OAuthAuthorizationData();
            if (!compareRequestSessionTokens(request, oAuthMessage)) {
                addAuthenticityTokenToSession(secData, request);
                return Response.ok(
                        addAdditionalParams(secData, dataProvider, token)).build();
            }
           
            String decision = oAuthMessage.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
            boolean allow = OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision);

            Map<String, String> queryParams = new HashMap<String, String>();
            if (allow) {
                SecurityContext sc = mc.getSecurityContext();
                List<String> roleNames = Collections.emptyList();
                if (sc instanceof LoginSecurityContext) {
                    roleNames = new ArrayList<String>();
                    Set<Principal> roles = ((LoginSecurityContext)sc).getUserRoles();
                    for (Principal p : roles) {
                        roleNames.add(p.getName());
                    }
                }
                token.setSubject(new UserSubject(sc.getUserPrincipal().getName(),
                                                 roleNames));
               
                String verifier = dataProvider.setRequestTokenVerifier(token);
                queryParams.put(OAuth.OAUTH_VERIFIER, verifier);
            } else {
                dataProvider.removeToken(token);
            }
            queryParams.put(OAuth.OAUTH_TOKEN, token.getTokenKey());
            if (token.getState() != null) {
                queryParams.put("state", token.getState());
            }
            URI callback = buildCallbackURI(getCallbackURI(token), queryParams);
            return Response.seeOther(callback).build();
           
        } catch (OAuthProblemException e) {
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.