Author: hsaputra Date: Sat Apr 30 08:44:51 2011 New Revision: 1098064 URL: http://svn.apache.org/viewvc?rev=1098064&view=rev Log: Add provider class for OAuthValidator so custom provider could be injected to OAuthAuhtenticantion Handler.
CR: http://codereview.appspot.com/4444069/ Added: shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthValidatorProvider.java Modified: shindig/trunk/java/common/conf/shindig.properties shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/config/SocialApiGuiceModule.java shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java Modified: shindig/trunk/java/common/conf/shindig.properties URL: http://svn.apache.org/viewvc/shindig/trunk/java/common/conf/shindig.properties?rev=1098064&r1=1098063&r2=1098064&view=diff ============================================================================== --- shindig/trunk/java/common/conf/shindig.properties (original) +++ shindig/trunk/java/common/conf/shindig.properties Sat Apr 30 08:44:51 2011 @@ -28,6 +28,8 @@ shindig.blacklist.file= # The URL base to use for full OAuth support (three-legged) shindig.oauth.base-url=/oauth/ shindig.oauth.authorize-action=/WEB-INF/authorize.jsp +# The range to the past and future of timestamp for OAuth token validation. Default to 5 minutes +shindig.oauth.validator-max-timestamp-age-ms=300000 ### Outbound OAuth support shindig.signing.state-key= Modified: shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/config/SocialApiGuiceModule.java URL: http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/config/SocialApiGuiceModule.java?rev=1098064&r1=1098063&r2=1098064&view=diff ============================================================================== --- shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/config/SocialApiGuiceModule.java (original) +++ shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/config/SocialApiGuiceModule.java Sat Apr 30 08:44:51 2011 @@ -30,6 +30,7 @@ import org.apache.shindig.protocol.conve import org.apache.shindig.protocol.conversion.BeanXStreamConverter; import org.apache.shindig.protocol.conversion.xstream.XStreamConfiguration; import org.apache.shindig.social.core.oauth.AuthenticationHandlerProvider; +import org.apache.shindig.social.core.oauth.OAuthValidatorProvider; import org.apache.shindig.social.core.util.BeanXStreamAtomConverter; import org.apache.shindig.social.core.util.xstream.XStream081Configuration; import org.apache.shindig.social.opensocial.service.ActivityHandler; @@ -40,12 +41,15 @@ import org.apache.shindig.social.opensoc import org.apache.shindig.social.opensocial.service.MessageHandler; import org.apache.shindig.social.opensocial.service.PersonHandler; +import com.google.inject.Singleton; import com.google.common.collect.ImmutableSet; import com.google.inject.AbstractModule; import com.google.inject.TypeLiteral; import com.google.inject.multibindings.Multibinder; import com.google.inject.name.Names; +import net.oauth.OAuthValidator; + /** * Provides social api component injection. Implementor may want to replace this module if they need * to replace some of the internals of the Social API, like for instance the JSON to Bean to JSON @@ -63,6 +67,7 @@ public class SocialApiGuiceModule extend bind(Boolean.class) .annotatedWith(Names.named(AnonymousAuthenticationHandler.ALLOW_UNAUTHENTICATED)) .toInstance(Boolean.TRUE); + bind(XStreamConfiguration.class).to(XStream081Configuration.class); bind(BeanConverter.class).annotatedWith(Names.named("shindig.bean.converter.xml")).to( BeanXStreamConverter.class); @@ -79,6 +84,8 @@ public class SocialApiGuiceModule extend for (Class handler : getHandlers()) { handlerBinder.addBinding().toInstance(handler); } + + bind(OAuthValidator.class).toProvider(OAuthValidatorProvider.class).in(Singleton.class); } /** Modified: shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java URL: http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java?rev=1098064&r1=1098063&r2=1098064&view=diff ============================================================================== --- shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java (original) +++ shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java Sat Apr 30 08:44:51 2011 @@ -26,7 +26,6 @@ import net.oauth.OAuthConsumer; import net.oauth.OAuthException; import net.oauth.OAuthMessage; import net.oauth.OAuthValidator; -import net.oauth.SimpleOAuthValidator; import net.oauth.OAuthProblemException; import net.oauth.server.OAuthServlet; @@ -56,10 +55,12 @@ public class OAuthAuthenticationHandler public static final String REQUESTOR_ID_PARAM = "xoauth_requestor_id"; private final OAuthDataStore store; + private final OAuthValidator validator; @Inject - public OAuthAuthenticationHandler(OAuthDataStore store) { + public OAuthAuthenticationHandler(OAuthDataStore store, OAuthValidator validator) { this.store = store; + this.validator = validator; } public String getName() { @@ -101,7 +102,6 @@ public class OAuthAuthenticationHandler } try { - OAuthValidator validator = new SimpleOAuthValidator(); validator.validateMessage(message, accessor); } catch (OAuthProblemException e) { throw e; Added: shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthValidatorProvider.java URL: http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthValidatorProvider.java?rev=1098064&view=auto ============================================================================== --- shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthValidatorProvider.java (added) +++ shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthValidatorProvider.java Sat Apr 30 08:44:51 2011 @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + */ +package org.apache.shindig.social.core.oauth; + +import com.google.inject.Inject; +import com.google.inject.Provider; + +import com.google.inject.name.Named; +import net.oauth.OAuth; +import net.oauth.OAuthValidator; +import net.oauth.SimpleOAuthValidator; + +/** + * Guice Provider class for OAuthValidator. + */ +public class OAuthValidatorProvider implements Provider<OAuthValidator> { + private final OAuthValidator validator; + + @Inject + public OAuthValidatorProvider(@Named("shindig.oauth.validator-max-timestamp-age-ms") + long maxTimestampAgeMsec) { + validator = new SimpleOAuthValidator(maxTimestampAgeMsec, Double.parseDouble(OAuth.VERSION_1_0)); + } + + public OAuthValidator get() { + return validator; + } +} Modified: shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java URL: http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java?rev=1098064&r1=1098063&r2=1098064&view=diff ============================================================================== --- shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java (original) +++ shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/sample/oauth/SampleOAuthServlet.java Sat Apr 30 08:44:51 2011 @@ -42,7 +42,6 @@ import net.oauth.OAuthException; import net.oauth.OAuthMessage; import net.oauth.OAuthProblemException; import net.oauth.OAuthValidator; -import net.oauth.SimpleOAuthValidator; import net.oauth.OAuth.Parameter; import net.oauth.server.OAuthServlet; @@ -53,11 +52,16 @@ import net.oauth.server.OAuthServlet; * and use a non-in memory data store. */ public class SampleOAuthServlet extends InjectedServlet { - public static final OAuthValidator VALIDATOR = new SimpleOAuthValidator(); + private OAuthValidator validator; private OAuthDataStore dataStore; private String oauthAuthorizeAction; @Inject + public void setValidator(OAuthValidator validator) { + this.validator = validator; + } + + @Inject public void setDataStore(OAuthDataStore dataStore) { this.dataStore = dataStore; } @@ -114,7 +118,7 @@ public class SampleOAuthServlet extends throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN); OAuthAccessor accessor = new OAuthAccessor(consumer); - VALIDATOR.validateMessage(requestMessage, accessor); + validator.validateMessage(requestMessage, accessor); String callback = requestMessage.getParameter(OAuth.OAUTH_CALLBACK); @@ -283,16 +287,14 @@ public class SampleOAuthServlet extends throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_REFUSED); OAuthConsumer consumer = dataStore.getConsumer(consumerKey); - if (consumer == null) throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN); OAuthAccessor accessor = new OAuthAccessor(consumer); - accessor.requestToken = entry.getToken(); accessor.tokenSecret = entry.getTokenSecret(); - VALIDATOR.validateMessage(requestMessage, accessor); + validator.validateMessage(requestMessage, accessor); return entry; } Modified: shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java URL: http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java?rev=1098064&r1=1098063&r2=1098064&view=diff ============================================================================== --- shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java (original) +++ shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java Sat Apr 30 08:44:51 2011 @@ -33,6 +33,9 @@ import org.apache.shindig.common.testing import org.apache.shindig.common.util.CharsetUtil; import org.apache.shindig.social.opensocial.oauth.OAuthDataStore; import org.apache.shindig.social.opensocial.oauth.OAuthEntry; + +import net.oauth.OAuthValidator; +import net.oauth.SimpleOAuthValidator; import org.easymock.EasyMock; import org.junit.Before; import org.junit.Test; @@ -48,6 +51,7 @@ import javax.servlet.http.HttpServletReq public class OAuthAuthenticationHanderTest extends EasyMockTestCase { OAuthDataStore mockStore = mock(OAuthDataStore.class); + OAuthValidator validator = new SimpleOAuthValidator(); OAuthAuthenticationHandler reqHandler; @@ -62,7 +66,7 @@ public class OAuthAuthenticationHanderTe @Before public void setUp() throws Exception { - reqHandler = new OAuthAuthenticationHandler(mockStore); + reqHandler = new OAuthAuthenticationHandler(mockStore, validator); formEncodedPost = new FakeOAuthRequest("POST", TEST_URL, "a=b&c=d", OAuth.FORM_ENCODED); nonFormEncodedPost = new FakeOAuthRequest("POST", TEST_URL, "BODY",
