I dropped some useful servlet testing stuff into gadgets.testing last week -- we can pull this up into common and it would probably make some of the servlet handling stuff here cleaner as well.
On Fri, Jun 20, 2008 at 6:00 PM, <[EMAIL PROTECTED]> wrote: > Author: doll > Date: Fri Jun 20 18:00:35 2008 > New Revision: 670110 > > URL: http://svn.apache.org/viewvc?rev=670110&view=rev > Log: > SHINDIG-290 > Patch from Dirk Balfanz. First impl of some basic oauth code. These classes > still need to be filled in, this is just a start. > > > Added: > > > incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/ > > > incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java > > > incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java > > > incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/ > > > incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java > > > incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java > Modified: > > incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml > incubator/shindig/trunk/java/social-api/pom.xml > > Modified: > incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml?rev=670110&r1=670109&r2=670110&view=diff > > ============================================================================== > --- > incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml > (original) > +++ > incubator/shindig/trunk/java/server/src/main/webapp/WEB-INF/web.social.xml > Fri Jun 20 18:00:35 2008 > @@ -29,6 +29,16 @@ > > <param-value>org.apache.shindig.common.CommonGuiceModule:org.apache.shindig.social.SocialApiGuiceModule</param-value> > </context-param> > > + <filter> > + <filter-name>oauthFilter</filter-name> > + > > <filter-class>org.apache.shindig.social.oauth.OAuthServletFilter</filter-class> > + </filter> > + > + <filter-mapping> > + <filter-name>oauthFilter</filter-name> > + <url-pattern>/social/*</url-pattern> > + </filter-mapping> > + > <listener> > > <listener-class>org.apache.shindig.common.servlet.GuiceServletContextListener</listener-class> > </listener> > > Modified: incubator/shindig/trunk/java/social-api/pom.xml > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/pom.xml?rev=670110&r1=670109&r2=670110&view=diff > > ============================================================================== > --- incubator/shindig/trunk/java/social-api/pom.xml (original) > +++ incubator/shindig/trunk/java/social-api/pom.xml Fri Jun 20 18:00:35 > 2008 > @@ -100,5 +100,10 @@ > <artifactId>jetty</artifactId> > <scope>test</scope> > </dependency> > + <dependency> > + <groupId>net.oauth</groupId> > + <artifactId>core</artifactId> > + <scope>compile</scope> > + </dependency> > </dependencies> > </project> > > Added: > incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java?rev=670110&view=auto > > ============================================================================== > --- > incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java > (added) > +++ > incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthContext.java > Fri Jun 20 18:00:35 2008 > @@ -0,0 +1,127 @@ > +/* > + * Licensed to the Apache Software Foundation (ASF) under one > + * or more contributor license agreements. See the NOTICE file > + * distributed with this work for additional information > + * regarding copyright ownership. The ASF licenses this file > + * to you under the Apache License, Version 2.0 (the > + * "License"); you may not use this file except in compliance > + * with the License. You may obtain a copy of the License at > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, > + * software distributed under the License is distributed on an > + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > + * KIND, either express or implied. See the License for the > + * specific language governing permissions and limitations under the > License. > + */ > +package org.apache.shindig.social.oauth; > + > +import javax.servlet.http.HttpServletRequest; > + > +/** > + * A class that encapsulates the OAuth-related authentication information > about > + * an HTTP request. If a servlet requires that a request was made by a > specific > + * client, it could to the following: > + * > + * public void doGet(HttpServletRequest req, HttpServletResponse resp) { > + * ... > + * OAuthContext authContext = OAuthContext.forRequest(req); > + * if (authContext.getAuthMethod() == OAuthContext.AuthMethod.NONE) { > + * respondWithError(); > + * } else { > + * String consumer = authContext.getConsumerKey(); > + * if (clientIsAllowed(consumer)) { > + * handleRequest(req, resp); > + * } else { > + * respondWithError(): > + * } > + * } > + */ > +public class OAuthContext { > + > + /* > + * The different authentication methods. > + */ > + public enum AuthMethod { > + NONE, // no authentication attempted, or authentication failed > + > + OAUTH, // OAuth succeeded, which means we'll have a consumer key and > an > + // OAuth token > + > + SIGNED // SignedFetch succeeded, in which case we'll just have a > consumer > + // key > + } > + > + static final String OAUTH_CONTEXT = > + "org.apache.shindig.social.oauth.context"; > + > + private AuthMethod authMethod; > + private String consumerKey; > + private String oauthToken; > + > + /** > + * Returns the OAuth context object for this http request. If no OAuth > + * context object exists, then a newly-created context object for this > + * request is returned. > + */ > + public static OAuthContext fromRequest(HttpServletRequest req) { > + OAuthContext result = (OAuthContext)req.getAttribute(OAUTH_CONTEXT); > + return (result == null) > + ? newContextForRequest(req) > + : result; > + } > + > + /** > + * Makes a new OAuth context object and stores it in the > HttpServletRequest > + * @param req > + * @return the newly-created object. > + */ > + static OAuthContext newContextForRequest(HttpServletRequest req) { > + OAuthContext context = new OAuthContext(); > + req.setAttribute(OAUTH_CONTEXT, context); > + return context; > + } > + > + // newly-created contexts know of no authentication > + OAuthContext() { > + this.authMethod = AuthMethod.NONE; > + this.consumerKey = null; > + this.oauthToken = null; > + } > + > + /** > + * Returns the method of authentication used by the client. > + */ > + public AuthMethod getAuthMethod() { > + return authMethod; > + } > + > + public void setAuthMethod(AuthMethod method) { > + authMethod = method; > + } > + > + /** > + * Returns the consumer key that was authenticated by the server. This > value > + * should only be trusted if getAuthMethod() returns OAUTH or SIGNED. > + */ > + public String getConsumerKey() { > + return consumerKey; > + } > + > + public void setConsumerKey(String key) { > + consumerKey = key; > + } > + > + /** > + * Returns the OAuth token that was authenticated by the server. This > value > + * should only be trusted if getAuthMethod() return OAUTH. > + */ > + public String getOAuthToken() { > + return oauthToken; > + } > + > + public void setOAuthToken(String token) { > + oauthToken = token; > + } > +} > > Added: > incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java?rev=670110&view=auto > > ============================================================================== > --- > incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java > (added) > +++ > incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/oauth/OAuthServletFilter.java > Fri Jun 20 18:00:35 2008 > @@ -0,0 +1,87 @@ > +/* > + * Licensed to the Apache Software Foundation (ASF) under one > + * or more contributor license agreements. See the NOTICE file > + * distributed with this work for additional information > + * regarding copyright ownership. The ASF licenses this file > + * to you under the Apache License, Version 2.0 (the > + * "License"); you may not use this file except in compliance > + * with the License. You may obtain a copy of the License at > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, > + * software distributed under the License is distributed on an > + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > + * KIND, either express or implied. See the License for the > + * specific language governing permissions and limitations under the > License. > + */ > +package org.apache.shindig.social.oauth; > + > +import net.oauth.OAuth; > +import net.oauth.OAuthMessage; > +import net.oauth.server.OAuthServlet; > + > +import org.apache.commons.lang.NotImplementedException; > + > +import java.io.IOException; > + > +import javax.servlet.Filter; > +import javax.servlet.FilterChain; > +import javax.servlet.FilterConfig; > +import javax.servlet.ServletException; > +import javax.servlet.ServletRequest; > +import javax.servlet.ServletResponse; > +import javax.servlet.http.HttpServletRequest; > +import javax.servlet.http.HttpServletResponse; > + > +public class OAuthServletFilter implements Filter { > + > + > + public void init(FilterConfig filterConfig) { > + } > + > + public void destroy() { > + } > + > + public void doFilter(ServletRequest request, ServletResponse response, > + FilterChain chain) throws IOException, ServletException { > + > + if (!(request instanceof HttpServletRequest)) { > + throw new ServletException("OAuth filter can only handle HTTP"); > + } > + > + if (!(response instanceof HttpServletResponse)) { > + throw new ServletException("OAuth filter can only handle HTTP"); > + } > + > + HttpServletRequest req = (HttpServletRequest)request; > + HttpServletResponse res = (HttpServletResponse)response; > + OAuthContext authContext = OAuthContext.newContextForRequest(req); > + > + OAuthMessage requestMessage = OAuthServlet.getMessage(req, null); > + > + if (requestMessage.getParameter(OAuth.OAUTH_SIGNATURE) == null) { > + // doesn't seem to be an OAuth request > + chain.doFilter(request, response); > + return; > + } > + > + if (requestMessage.getToken() == null) { > + handleSignedFetch(requestMessage, authContext); > + } else { > + handleFullOAuth(requestMessage, authContext); > + } > + > + chain.doFilter(request, response); > + } > + > + private void handleFullOAuth(OAuthMessage requestMessage, > + OAuthContext authContext) { > + throw new NotImplementedException("full OAuth support not yet > implemented"); > + } > + > + private void handleSignedFetch(OAuthMessage requestMessage, > + OAuthContext context) { > + // TODO implement this method > + } > +} > > Added: > incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java?rev=670110&view=auto > > ============================================================================== > --- > incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java > (added) > +++ > incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthContextTest.java > Fri Jun 20 18:00:35 2008 > @@ -0,0 +1,303 @@ > +/* > + * Licensed to the Apache Software Foundation (ASF) under one > + * or more contributor license agreements. See the NOTICE file > + * distributed with this work for additional information > + * regarding copyright ownership. The ASF licenses this file > + * to you under the Apache License, Version 2.0 (the > + * "License"); you may not use this file except in compliance > + * with the License. You may obtain a copy of the License at > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, > + * software distributed under the License is distributed on an > + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > + * KIND, either express or implied. See the License for the > + * specific language governing permissions and limitations under the > License. > + */ > +package org.apache.shindig.social.oauth; > + > +import junit.framework.TestCase; > + > +import org.apache.shindig.social.oauth.OAuthContext.AuthMethod; > + > +import java.io.BufferedReader; > +import java.security.Principal; > +import java.util.Collections; > +import java.util.Enumeration; > +import java.util.HashMap; > +import java.util.Locale; > +import java.util.Map; > + > +import javax.servlet.RequestDispatcher; > +import javax.servlet.ServletInputStream; > +import javax.servlet.http.Cookie; > +import javax.servlet.http.HttpServletRequest; > +import javax.servlet.http.HttpSession; > + > +public class OAuthContextTest extends TestCase { > + > + public void testGettersAndSetters() throws Exception { > + OAuthContext context = new OAuthContext(); > + > + // first, make sure it's constructed in the right state > + assertEquals(OAuthContext.AuthMethod.NONE, context.getAuthMethod()); > + assertNull(context.getConsumerKey()); > + assertNull(context.getOAuthToken()); > + > + // then, test the getters and setters > + context.setAuthMethod(AuthMethod.OAUTH); > + assertEquals(OAuthContext.AuthMethod.OAUTH, context.getAuthMethod()); > + > + context.setConsumerKey("consumer"); > + assertEquals("consumer", context.getConsumerKey()); > + > + context.setOAuthToken("token"); > + assertEquals("token", context.getOAuthToken()); > + } > + > + public void testCreationAndOverriding() throws Exception { > + > + HttpServletRequest request = new FakeHttpServletRequest(); > + > + // make sure that we always get a OAuthContext object > + OAuthContext context = OAuthContext.fromRequest(request); > + > + assertNotNull(context); > + > + // make sure that we can override existing contexts > + OAuthContext context2 = OAuthContext.newContextForRequest(request); > + > + assertNotSame(context, context2); > + assertEquals(OAuthContext.AuthMethod.NONE, context2.getAuthMethod()); > + > + OAuthContext context3 = OAuthContext.fromRequest(request); > + assertSame(context2, context3); > + } > + > + public static class FakeHttpServletRequest implements HttpServletRequest > { > + > + private HashMap<String, Object> attributes = new HashMap<String, > Object>(); > + > + public String getAuthType() { > + return null; > + } > + > + public String getContextPath() { > + return null; > + } > + > + public Cookie[] getCookies() { > + return null; > + } > + > + public long getDateHeader(String name) { > + return 0; > + } > + > + public String getHeader(String name) { > + return null; > + } > + > + @SuppressWarnings("unchecked") > + public Enumeration getHeaderNames() { > + return null; > + } > + > + @SuppressWarnings("unchecked") > + public Enumeration getHeaders(String name) { > + return null; > + } > + > + public int getIntHeader(String name) { > + return 0; > + } > + > + public String getMethod() { > + return null; > + } > + > + public String getPathInfo() { > + return null; > + } > + > + public String getPathTranslated() { > + return null; > + } > + > + public String getQueryString() { > + return null; > + } > + > + public String getRemoteUser() { > + return null; > + } > + > + public String getRequestURI() { > + return null; > + } > + > + public StringBuffer getRequestURL() { > + return new StringBuffer("http://foo.com/bar";); > + } > + > + public String getRequestedSessionId() { > + return null; > + } > + > + public String getServletPath() { > + return null; > + } > + > + public HttpSession getSession() { > + return null; > + } > + > + public HttpSession getSession(boolean create) { > + return null; > + } > + > + public Principal getUserPrincipal() { > + return null; > + } > + > + public boolean isRequestedSessionIdFromCookie() { > + return false; > + } > + > + public boolean isRequestedSessionIdFromURL() { > + return false; > + } > + > + public boolean isRequestedSessionIdFromUrl() { > + return false; > + } > + > + public boolean isRequestedSessionIdValid() { > + return false; > + } > + > + public boolean isUserInRole(String role) { > + return false; > + } > + > + public Object getAttribute(String name) { > + return attributes.get(name); > + } > + > + @SuppressWarnings("unchecked") > + public Enumeration getAttributeNames() { > + return Collections.enumeration(attributes.keySet()); > + } > + > + public String getCharacterEncoding() { > + return null; > + } > + > + public int getContentLength() { > + return 0; > + } > + > + public String getContentType() { > + return null; > + } > + > + public ServletInputStream getInputStream() { > + return null; > + } > + > + public String getLocalAddr() { > + return null; > + } > + > + public String getLocalName() { > + return null; > + } > + > + public int getLocalPort() { > + return 0; > + } > + > + public Locale getLocale() { > + return null; > + } > + > + @SuppressWarnings("unchecked") > + public Enumeration getLocales() { > + return null; > + } > + > + public String getParameter(String name) { > + return null; > + } > + > + @SuppressWarnings("unchecked") > + public Map getParameterMap() { > + return new HashMap(); > + } > + > + @SuppressWarnings("unchecked") > + public Enumeration getParameterNames() { > + return null; > + } > + > + public String[] getParameterValues(String name) { > + return new String[0]; > + } > + > + public String getProtocol() { > + return null; > + } > + > + public BufferedReader getReader() { > + return null; > + } > + > + public String getRealPath(String path) { > + return null; > + } > + > + public String getRemoteAddr() { > + return null; > + } > + > + public String getRemoteHost() { > + return null; > + } > + > + public int getRemotePort() { > + return 0; > + } > + > + public RequestDispatcher getRequestDispatcher(String path) { > + return null; > + } > + > + public String getScheme() { > + return null; > + } > + > + public String getServerName() { > + return null; > + } > + > + public int getServerPort() { > + return 0; > + } > + > + public boolean isSecure() { > + return false; > + } > + > + public void removeAttribute(String name) { > + attributes.remove(name); > + } > + > + public void setAttribute(String name, Object o) { > + attributes.put(name, o); > + } > + > + public void setCharacterEncoding(String env) { > + } > + } > +} > > Added: > incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java?rev=670110&view=auto > > ============================================================================== > --- > incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java > (added) > +++ > incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/oauth/OAuthServletFilterTest.java > Fri Jun 20 18:00:35 2008 > @@ -0,0 +1,53 @@ > +/* > + * Licensed to the Apache Software Foundation (ASF) under one > + * or more contributor license agreements. See the NOTICE file > + * distributed with this work for additional information > + * regarding copyright ownership. The ASF licenses this file > + * to you under the Apache License, Version 2.0 (the > + * "License"); you may not use this file except in compliance > + * with the License. You may obtain a copy of the License at > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, > + * software distributed under the License is distributed on an > + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > + * KIND, either express or implied. See the License for the > + * specific language governing permissions and limitations under the > License. > + */ > +package org.apache.shindig.social.oauth; > + > +import org.apache.shindig.social.EasyMockTestCase; > +import > org.apache.shindig.social.oauth.OAuthContextTest.FakeHttpServletRequest; > + > +import javax.servlet.FilterChain; > +import javax.servlet.http.HttpServletResponse; > + > +public class OAuthServletFilterTest extends EasyMockTestCase { > + > + private FakeHttpServletRequest request; > + private HttpServletResponse response; > + private FilterChain chain; > + > + private OAuthServletFilter filter; > + > + @Override > + protected void setUp() throws Exception { > + super.setUp(); > + > + request = new FakeHttpServletRequest(); > + response = mock(HttpServletResponse.class); > + chain = mock(FilterChain.class); > + > + filter = new OAuthServletFilter(); > + } > + > + public void testUnauthenticated() throws Exception { > + filter.doFilter(request, response, chain); > + > + assertEquals(OAuthContext.AuthMethod.NONE, > + OAuthContext.fromRequest(request).getAuthMethod()); > + } > + > + > +} > > >
