Author: doll
Date: Thu Aug 7 13:27:43 2008
New Revision: 683703
URL: http://svn.apache.org/viewvc?rev=683703&view=rev
Log:
The DataServiceServlet now uses the security token setup by the
AuthenticationServletFilter to auth requests.
Modified:
incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndModule.java
incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndServer.java
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/service/DataServiceServlet.java
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/opensocial/service/DataServiceServletTest.java
Modified:
incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndModule.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndModule.java?rev=683703&r1=683702&r2=683703&view=diff
==============================================================================
---
incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndModule.java
(original)
+++
incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndModule.java
Thu Aug 7 13:27:43 2008
@@ -20,6 +20,7 @@
import org.apache.shindig.common.servlet.ParameterFetcher;
import org.apache.shindig.social.core.util.BeanJsonConverter;
import org.apache.shindig.social.core.util.BeanXmlConverter;
+import org.apache.shindig.social.core.oauth.AnonymousAuthenticationHandler;
import org.apache.shindig.social.opensocial.service.BeanConverter;
import org.apache.shindig.social.opensocial.service.DataServiceServletFetcher;
@@ -36,8 +37,13 @@
.toInstance("sampledata/canonicaldb.json");
bind(ParameterFetcher.class).annotatedWith(Names.named("DataServiceServlet"))
.to(DataServiceServletFetcher.class);
-
bind(BeanConverter.class).annotatedWith(Names.named("bean.converter.xml")).to(BeanXmlConverter.class);
-
bind(BeanConverter.class).annotatedWith(Names.named("bean.converter.json")).to(BeanJsonConverter.class);
+ bind(BeanConverter.class).annotatedWith(Names.named("bean.converter.xml"))
+ .to(BeanXmlConverter.class);
+ bind(BeanConverter.class).annotatedWith(Names.named("bean.converter.json"))
+ .to(BeanJsonConverter.class);
+ bind(Boolean.class)
+
.annotatedWith(Names.named(AnonymousAuthenticationHandler.ALLOW_UNAUTHENTICATED))
+ .toInstance(Boolean.FALSE);
}
}
Modified:
incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndServer.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndServer.java?rev=683703&r1=683702&r2=683703&view=diff
==============================================================================
---
incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndServer.java
(original)
+++
incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndServer.java
Thu Aug 7 13:27:43 2008
@@ -25,6 +25,8 @@
import org.apache.shindig.gadgets.servlet.GadgetRenderingServlet;
import org.apache.shindig.gadgets.servlet.HttpGuiceModule;
import org.apache.shindig.social.opensocial.service.DataServiceServlet;
+import org.apache.shindig.social.core.oauth.AuthenticationServletFilter;
+
import org.mortbay.jetty.Server;
import org.mortbay.jetty.handler.ResourceHandler;
import org.mortbay.jetty.servlet.Context;
@@ -113,6 +115,7 @@
ServletHolder jsonServletHolder = new ServletHolder(new ForceErrorServlet(
new DataServiceServlet()));
context.addServlet(jsonServletHolder, JSON_BASE);
+ context.addFilter(AuthenticationServletFilter.class, JSON_BASE, 0);
// Attach the ConcatProxyServlet - needed for
ServletHolder concatHolder = new ServletHolder(new ConcatProxyServlet());
Modified:
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/service/DataServiceServlet.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/service/DataServiceServlet.java?rev=683703&r1=683702&r2=683703&view=diff
==============================================================================
---
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/service/DataServiceServlet.java
(original)
+++
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/opensocial/service/DataServiceServlet.java
Thu Aug 7 13:27:43 2008
@@ -18,13 +18,11 @@
package org.apache.shindig.social.opensocial.service;
import org.apache.shindig.common.SecurityToken;
-import org.apache.shindig.common.SecurityTokenDecoder;
-import org.apache.shindig.common.SecurityTokenException;
import org.apache.shindig.common.servlet.InjectedServlet;
-import org.apache.shindig.common.servlet.ParameterFetcher;
import org.apache.shindig.common.util.ImmediateFuture;
import org.apache.shindig.social.ResponseError;
import org.apache.shindig.social.ResponseItem;
+import org.apache.shindig.social.core.oauth.AuthenticationServletFilter;
import com.google.common.collect.Maps;
import com.google.inject.Inject;
@@ -61,11 +59,9 @@
private static final Logger logger = Logger.getLogger(
"org.apache.shindig.social.opensocial.spi");
- private transient SecurityTokenDecoder securityTokenDecoder;
private transient Map<String, Class<? extends DataRequestHandler>> handlers;
private transient BeanConverter jsonConverter;
private transient BeanConverter xmlConverter;
- private transient ParameterFetcher parameterFetcher;
private static final String JSON_BATCH_ROUTE = "jsonBatch";
@@ -75,22 +71,12 @@
}
@Inject
- public void setSecurityTokenDecoder(SecurityTokenDecoder
securityTokenDecoder) {
- this.securityTokenDecoder = securityTokenDecoder;
- }
-
- @Inject
public void setBeanConverters(@Named("bean.converter.json") BeanConverter
jsonConverter,
@Named("bean.converter.xml") BeanConverter xmlConverter) {
this.jsonConverter = jsonConverter;
this.xmlConverter = xmlConverter;
}
- @Inject
- public void setParameterFetcher(@Named("DataServiceServlet")
ParameterFetcher parameterFetcher) {
- this.parameterFetcher = parameterFetcher;
- }
-
// Only for testing use. Do not override the injector.
public void setInjector(Injector injector) {
this.injector = injector;
@@ -121,13 +107,11 @@
servletRequest.setCharacterEncoding("UTF-8");
- SecurityToken token = null;
- try {
- // TODO: Integrate this with the oauth filter.
- token = getSecurityToken(servletRequest);
- } catch (SecurityTokenException e) {
+ SecurityToken token = getSecurityToken(servletRequest);
+ if (token == null) {
sendError(servletResponse, new
ResponseItem<Object>(ResponseError.UNAUTHORIZED,
- "The security token was invalid", null));
+ "The request did not have a proper security token nor oauth message
and unauthenticated "
+ + "requests are not allowed", null));
return;
}
@@ -241,8 +225,8 @@
return new ResponseItem<Void>(ResponseError.INTERNAL_ERROR,
t.getMessage(), null);
}
- SecurityToken getSecurityToken(HttpServletRequest servletRequest) throws
SecurityTokenException {
- return
securityTokenDecoder.createToken(parameterFetcher.fetch(servletRequest));
+ SecurityToken getSecurityToken(HttpServletRequest servletRequest) {
+ return ((AuthenticationServletFilter.SecurityTokenRequest)
servletRequest).getToken();
}
BeanConverter getConverterForRequest(HttpServletRequest servletRequest) {
Modified:
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java?rev=683703&r1=683702&r2=683703&view=diff
==============================================================================
---
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java
(original)
+++
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java
Thu Aug 7 13:27:43 2008
@@ -17,15 +17,15 @@
*/
package org.apache.shindig.social.dataservice.integration;
-import org.apache.shindig.common.BasicSecurityTokenDecoder;
+import org.apache.shindig.common.testing.FakeGadgetToken;
import org.apache.shindig.social.SocialApiTestsGuiceModule;
+import org.apache.shindig.social.core.oauth.AuthenticationServletFilter;
import org.apache.shindig.social.core.util.BeanJsonConverter;
import org.apache.shindig.social.core.util.BeanXmlConverter;
import org.apache.shindig.social.opensocial.service.ActivityHandler;
import org.apache.shindig.social.opensocial.service.AppDataHandler;
import org.apache.shindig.social.opensocial.service.DataRequestHandler;
import org.apache.shindig.social.opensocial.service.DataServiceServlet;
-import org.apache.shindig.social.opensocial.service.DataServiceServletFetcher;
import org.apache.shindig.social.opensocial.service.HandlerProvider;
import org.apache.shindig.social.opensocial.service.PersonHandler;
@@ -36,7 +36,6 @@
import org.json.JSONObject;
import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamConstants;
@@ -44,16 +43,18 @@
import javax.xml.stream.XMLStreamReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
+import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
-import java.io.IOException;
import java.util.Map;
import java.util.Vector;
public abstract class AbstractLargeRestfulTests extends TestCase {
- private HttpServletRequest req;
+ private AuthenticationServletFilter.SecurityTokenRequest req;
private HttpServletResponse res;
private DataServiceServlet servlet;
+ private static final FakeGadgetToken FAKE_GADGET_TOKEN = new
FakeGadgetToken()
+ .setOwnerId("john.doe").setViewerId("john.doe");
@Override
protected void setUp() throws Exception {
@@ -67,10 +68,8 @@
servlet.setInjector(Guice.createInjector(new SocialApiTestsGuiceModule()));
servlet.setBeanConverters(new BeanJsonConverter(
Guice.createInjector(new SocialApiTestsGuiceModule())), new
BeanXmlConverter());
- servlet.setSecurityTokenDecoder(new BasicSecurityTokenDecoder());
- servlet.setParameterFetcher(new DataServiceServletFetcher());
- req = EasyMock.createMock(HttpServletRequest.class);
+ req =
EasyMock.createMock(AuthenticationServletFilter.SecurityTokenRequest.class);
res = EasyMock.createMock(HttpServletResponse.class);
}
@@ -95,8 +94,8 @@
EasyMock.expect(req.getMethod()).andStubReturn(method);
EasyMock.expect(req.getParameter("format")).andStubReturn(null);
EasyMock.expect(req.getParameter("X-HTTP-Method-Override")).andStubReturn(method);
- EasyMock.expect(req.getParameter("st")).andStubReturn(
- "john.doe:john.doe:app:container.com:foo:bar");
+
+ EasyMock.expect(req.getToken()).andStubReturn(FAKE_GADGET_TOKEN);
Vector<String> vector = new Vector<String>(extraParams.keySet());
EasyMock.expect(req.getParameterNames()).andStubReturn(vector.elements());
Modified:
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/opensocial/service/DataServiceServletTest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/opensocial/service/DataServiceServletTest.java?rev=683703&r1=683702&r2=683703&view=diff
==============================================================================
---
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/opensocial/service/DataServiceServletTest.java
(original)
+++
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/opensocial/service/DataServiceServletTest.java
Thu Aug 7 13:27:43 2008
@@ -17,14 +17,13 @@
*/
package org.apache.shindig.social.opensocial.service;
-import org.apache.shindig.common.BasicSecurityTokenDecoder;
-import org.apache.shindig.common.SecurityTokenDecoder;
import org.apache.shindig.common.SecurityTokenException;
import org.apache.shindig.common.testing.FakeGadgetToken;
import org.apache.shindig.common.util.ImmediateFuture;
import org.apache.shindig.social.ResponseError;
import org.apache.shindig.social.ResponseItem;
import org.apache.shindig.social.SocialApiTestsGuiceModule;
+import org.apache.shindig.social.core.oauth.AuthenticationServletFilter;
import org.apache.shindig.social.core.util.BeanJsonConverter;
import org.apache.shindig.social.core.util.BeanXmlConverter;
@@ -34,11 +33,9 @@
import org.easymock.classextension.EasyMock;
import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
-import java.util.Collections;
import java.util.StringTokenizer;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
@@ -46,13 +43,15 @@
import java.util.concurrent.TimeoutException;
public class DataServiceServletTest extends TestCase {
- private HttpServletRequest req;
+ private static final FakeGadgetToken FAKE_GADGET_TOKEN = new
FakeGadgetToken()
+ .setOwnerId("john.doe").setViewerId("john.doe");
+
+ private AuthenticationServletFilter.SecurityTokenRequest req;
private HttpServletResponse res;
private DataServiceServlet servlet;
private PersonHandler peopleHandler;
private ActivityHandler activityHandler;
private AppDataHandler appDataHandler;
- private BasicSecurityTokenDecoder tokenDecoder;
private Injector injector;
private BeanJsonConverter jsonConverter;
private BeanXmlConverter xmlConverter;
@@ -65,7 +64,7 @@
protected void setUp() throws Exception {
servlet = new DataServiceServlet();
- req = EasyMock.createMock(HttpServletRequest.class);
+ req =
EasyMock.createMock(AuthenticationServletFilter.SecurityTokenRequest.class);
res = EasyMock.createMock(HttpServletResponse.class);
jsonConverter = EasyMock.createMock(BeanJsonConverter.class);
xmlConverter = EasyMock.createMock(BeanXmlConverter.class);
@@ -81,11 +80,6 @@
new AppDataHandler(null)));
servlet.setBeanConverters(jsonConverter, xmlConverter);
-
- servlet.setParameterFetcher(new DataServiceServletFetcher());
-
- tokenDecoder = EasyMock.createMock(BasicSecurityTokenDecoder.class);
- servlet.setSecurityTokenDecoder(tokenDecoder);
}
private void setupInjector() {
@@ -132,10 +126,10 @@
res.sendError(500, "FAILED");
- EasyMock.replay(req, res, appDataHandler, tokenDecoder, injector,
jsonConverter);
+ EasyMock.replay(req, res, appDataHandler, injector, jsonConverter);
servlet.service(req, res);
- EasyMock.verify(req, res, appDataHandler, tokenDecoder, injector,
jsonConverter);
- EasyMock.reset(req, res, appDataHandler, tokenDecoder, injector,
jsonConverter);
+ EasyMock.verify(req, res, appDataHandler, injector, jsonConverter);
+ EasyMock.reset(req, res, appDataHandler, injector, jsonConverter);
}
private void verifyHandlerWasFoundForPathInfo(String peoplePathInfo,
DataRequestHandler handler)
@@ -161,10 +155,10 @@
EasyMock.expect(res.getWriter()).andReturn(writerMock);
writerMock.write(jsonObject);
- EasyMock.replay(req, res, handler, tokenDecoder, injector, jsonConverter);
+ EasyMock.replay(req, res, handler, injector, jsonConverter);
servlet.service(req, res);
- EasyMock.verify(req, res, handler, tokenDecoder, injector, jsonConverter);
- EasyMock.reset(req, res, handler, tokenDecoder, injector, jsonConverter);
+ EasyMock.verify(req, res, handler, injector, jsonConverter);
+ EasyMock.reset(req, res, handler, injector, jsonConverter);
}
private void setupRequest(String pathInfo, String actualMethod, String
overrideMethod)
@@ -179,12 +173,7 @@
overrideMethod);
EasyMock.expect(req.getParameter(DataServiceServlet.FORMAT_PARAM)).andReturn(null);
- String tokenString = "owner:viewer:app:container.com:foo:bar";
- EasyMock.expect(req.getParameter(DataServiceServlet.SECURITY_TOKEN_PARAM))
- .andReturn(tokenString);
-
- FakeGadgetToken token = new FakeGadgetToken();
-
EasyMock.expect(tokenDecoder.createToken(Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
tokenString))).andReturn(token);
+ EasyMock.expect(req.getToken()).andReturn(FAKE_GADGET_TOKEN);
}
public void testInvalidRoute() throws Exception {
@@ -195,24 +184,6 @@
assertEquals(ResponseError.BAD_REQUEST, responseItem.getError());
}
- public void testSecurityTokenException() throws Exception {
- String tokenString = "owner:viewer:app:container.com:foo:bar";
- EasyMock.expect(req.getParameter(DataServiceServlet.SECURITY_TOKEN_PARAM))
- .andReturn(tokenString);
- EasyMock.expect(tokenDecoder.createToken(
- Collections.singletonMap(SecurityTokenDecoder.SECURITY_TOKEN_NAME,
tokenString)))
- .andThrow(new SecurityTokenException(""));
-
- EasyMock.replay(req, tokenDecoder);
- try {
- servlet.getSecurityToken(req);
- fail("The route should have thrown an exception due to the invalid
security token.");
- } catch (SecurityTokenException e) {
- // Expected
- }
- EasyMock.verify(req, tokenDecoder);
- }
-
public void testGetHttpMethodFromParameter() throws Exception {
String method = "POST";
assertEquals(method, servlet.getHttpMethodFromParameter(method, null));
