Author: lmoren
Date: Wed Jul 14 21:34:19 2010
New Revision: 964214
URL: http://svn.apache.org/viewvc?rev=964214&view=rev
Log:
New OAuth Data Provider
Added:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java
(with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java
(with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
(with props)
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
(with props)
Added:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java?rev=964214&view=auto
==============================================================================
---
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java
(added)
+++
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java
Wed Jul 14 21:34:19 2010
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.provider;
+
+/**
+ * @author Lukasz Moren
+ */
+public interface ClientAuthenticationInfo {
+ //oauth calbackurl "out of band" parameter
+ public static final String OAUTH_OOB = "oob";
+
+ String getConsumerKey();
+
+ String getSecretKey();
+
+ String getCallbackURL();
+
+ void setCallbackURL(String callbackURL);
+
+ String getApplicationName();
+}
Propchange:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java?rev=964214&view=auto
==============================================================================
---
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java
(added)
+++
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java
Wed Jul 14 21:34:19 2010
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.provider;
+
+/**
+ * @author Lukasz Moren
+ */
+public class ClientAuthenticationInfoImpl implements ClientAuthenticationInfo {
+ private String consumerKey;
+ private String secretKey;
+ private String callbackURL;
+ private String applicationName;
+
+ public ClientAuthenticationInfoImpl(String consumerKey, String secretKey,
String callbackURL,
+ String applicationName) {
+ this.consumerKey = consumerKey;
+ this.secretKey = secretKey;
+ this.callbackURL = callbackURL;
+ this.applicationName = applicationName;
+ }
+
+ public ClientAuthenticationInfoImpl(String consumerKey, String secretKey,
String callbackURL) {
+ this(consumerKey, secretKey, callbackURL, null);
+ }
+
+ public ClientAuthenticationInfoImpl(String consumerKey, String secretKey) {
+ this(consumerKey, secretKey, null);
+ }
+
+ public String getConsumerKey() {
+ return consumerKey;
+ }
+
+ public String getSecretKey() {
+ return secretKey;
+ }
+
+ public String getCallbackURL() {
+ return callbackURL;
+ }
+
+ public void setCallbackURL(String callbackURL) {
+ this.callbackURL = callbackURL;
+ }
+
+ public String getApplicationName() {
+ return applicationName;
+ }
+
+ public void setApplicationName(String applicationName) {
+ this.applicationName = applicationName;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+
+ ClientAuthenticationInfoImpl that = (ClientAuthenticationInfoImpl)o;
+
+ if (applicationName != null ?
!applicationName.equals(that.applicationName)
+ : that.applicationName != null) {
+ return false;
+ }
+ if (callbackURL != null ? !callbackURL.equals(that.callbackURL) :
that.callbackURL != null) {
+ return false;
+ }
+ if (!consumerKey.equals(that.consumerKey)) {
+ return false;
+ }
+ if (!secretKey.equals(that.secretKey)) {
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ int result = consumerKey.hashCode();
+ result = 31 * result + secretKey.hashCode();
+ result = 31 * result + (callbackURL != null ? callbackURL.hashCode() :
0);
+ result = 31 * result + (applicationName != null ?
applicationName.hashCode() : 0);
+ return result;
+ }
+}
Propchange:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java?rev=964214&view=auto
==============================================================================
---
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
(added)
+++
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
Wed Jul 14 21:34:19 2010
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.auth.oauth.provider;
+
+import net.oauth.OAuthProblemException;
+
+/**
+ * @author Lukasz Moren
+ */
+//todo add client credentials checking
+public interface OAuthDataProvider {
+ ClientAuthenticationInfo getClientAuthenticationInfo(String consumerKey)
throws OAuthProblemException;
+
+ RequestToken generateRequestToken(ClientAuthenticationInfo authInfo);
+
+ AccessToken generateAccessToken(RequestToken requestToken);
+
+ AccessToken getAccessToken(String accessToken) throws
OAuthProblemException;
+
+ RequestToken getRequestToken(String tokenString, String oauthVerifier)
throws OAuthProblemException;
+
+ RequestToken validateRequestToken(String requestToken, String
securityToken) throws OAuthProblemException;
+
+ RequestToken saveSecurityToken(String requestToken);
+
+}
Propchange:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java?rev=964214&view=auto
==============================================================================
---
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
(added)
+++
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
Wed Jul 14 21:34:19 2010
@@ -0,0 +1,176 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.auth.oauth.provider;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthProblemException;
+
+
+/**
+ * @author Lukasz Moren
+ */
+public class OAuthDataProviderImpl implements OAuthDataProvider {
+
+ private Map<String, ClientAuthenticationInfo> clientAuthInfo
+ = new ConcurrentHashMap<String, ClientAuthenticationInfo>();
+
+ private Map<String, Token> oauthTokens
+ = new ConcurrentHashMap<String, Token>();
+
+ public ClientAuthenticationInfo getClientAuthenticationInfo(String
consumerKey)
+ throws OAuthProblemException {
+ ClientAuthenticationInfo authenticationInfo =
clientAuthInfo.get(consumerKey);
+
+ //client credentials not found
+ if (authenticationInfo == null) {
+ OAuthProblemException problemEx = new OAuthProblemException(
+ OAuth.Problems.CONSUMER_KEY_UNKNOWN);
+ problemEx
+ .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
HttpServletResponse.SC_UNAUTHORIZED);
+ throw problemEx;
+ }
+ return authenticationInfo;
+ }
+
+ public RequestToken generateRequestToken(ClientAuthenticationInfo
clientAuthenticationInfo) {
+ String token = OAuthUtils.generateToken();
+ String tokenSecret = OAuthUtils.generateToken();
+
+ RequestToken reqToken = new RequestToken(clientAuthenticationInfo,
token, tokenSecret);
+
+ oauthTokens.put(token, reqToken);
+ return reqToken;
+ }
+
+ public RequestToken saveSecurityToken(String requestToken) {
+ Token token = oauthTokens.get(requestToken);
+
+ if (token == null) {
+ return null;
+ }
+
+ if (RequestToken.class.isAssignableFrom(token.getClass())) {
+ RequestToken req = (RequestToken)token;
+ req.setSecurityToken(generateSecurityToken());
+ oauthTokens.put(requestToken, req);
+
+ return req;
+ }
+ return null;
+ }
+
+ public RequestToken validateRequestToken(String requestTokenString, String
securityToken)
+ throws OAuthProblemException {
+ Token token = oauthTokens.get(requestTokenString);
+
+ if (token == null ||
!RequestToken.class.isAssignableFrom(token.getClass())) {
+ return handleTokenRejectedException();
+ }
+
+ RequestToken requestToken = (RequestToken)token;
+ if (!validateSecurityToken(requestToken.getSecurityToken(),
securityToken)) {
+ throw new
OAuthProblemException(OAuth.Problems.ADDITIONAL_AUTHORIZATION_REQUIRED);
+ }
+
+ requestToken.setOauthVerifier(generateOAuthVerifier());
+
+ return requestToken;
+ }
+
+ public RequestToken getRequestToken(String tokenString, String
oauthVerifier)
+ throws OAuthProblemException {
+ Token token = oauthTokens.get(tokenString);
+ if (token == null ||
(!RequestToken.class.isAssignableFrom(token.getClass()))) {
+ handleTokenRejectedException();
+ }
+ RequestToken requestToken = (RequestToken)token;
+
+ String expectedVerifier = null;
+ if (requestToken != null) {
+ expectedVerifier = requestToken.getOauthVerifier();
+ }
+ if (expectedVerifier == null ||
!expectedVerifier.equals(oauthVerifier)) {
+ OAuthProblemException problemEx = new OAuthProblemException(
+ OAuthMessageValidator.VERIFIER_INVALID);
+ problemEx
+ .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
HttpServletResponse.SC_UNAUTHORIZED);
+ throw problemEx;
+ }
+
+ return requestToken;
+ }
+
+ public AccessToken generateAccessToken(RequestToken requestToken) {
+ String accessTokenString = OAuthUtils.generateToken();
+ String tokenSecretString = OAuthUtils.generateToken();
+ AccessToken accessToken = new
AccessToken(requestToken.getClientAuthenticationInfo(),
+ accessTokenString, tokenSecretString);
+
+ //todo mt correctness??
+ oauthTokens.remove(requestToken.getTokenString());
+ oauthTokens.put(accessTokenString, accessToken);
+
+ return accessToken;
+ }
+
+ public AccessToken getAccessToken(String accessToken) throws
OAuthProblemException {
+ Token token = oauthTokens.get(accessToken);
+ if (token == null ||
!AccessToken.class.isAssignableFrom(token.getClass())) {
+ handleTokenRejectedException();
+ }
+
+ return (AccessToken)token;
+ }
+
+ private RequestToken handleTokenRejectedException() throws
OAuthProblemException {
+ OAuthProblemException problemEx = new OAuthProblemException(
+ OAuth.Problems.TOKEN_REJECTED);
+ problemEx
+ .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
HttpServletResponse.SC_UNAUTHORIZED);
+ throw problemEx;
+ }
+
+ private boolean validateSecurityToken(String securityToken, String
expSecurityToken) {
+ return securityToken.equals(expSecurityToken);
+ }
+
+ protected String generateSecurityToken() {
+ return OAuthUtils.generateToken();
+ }
+
+ protected String generateOAuthVerifier() {
+ return OAuthUtils.generateToken();
+ }
+
+ public Map<String, ClientAuthenticationInfo> getClientAuthInfo() {
+ return clientAuthInfo;
+ }
+
+ public void setClientAuthInfo(Map<String, ClientAuthenticationInfo>
clientAuthInfo) {
+ this.clientAuthInfo = clientAuthInfo;
+ }
+}
Propchange:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
