cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmo...@apache.org
Subject svn commit: r964212 [1/2] - in /cxf/sandbox/oauth_1.0a/rt/rs: oauth/ oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/ oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ oauth/src/...
Date Wed, 14 Jul 2010 21:30:20 GMT
Author: lmoren
Date: Wed Jul 14 21:30:17 2010
New Revision: 964212

URL: http://svn.apache.org/viewvc?rev=964212&view=rev
Log:
- client and server sample apps, 
- access token request endpoint, 
- resource owner authorization endpoint, 
- resource owner confirmation endpoint, 
- added oauth security interceptor

Added:
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationService.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationServiceImpl.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationService.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationServiceImpl.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityInterceptor.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/AccessToken.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/RequestToken.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Token.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/pom.xml   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/controllers/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/controllers/AuthorizeResourceOwnerController.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/controllers/CallbackURLController.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/controllers/GetProtectedResourceController.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/controllers/TemporaryCredentialsController.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/controllers/TokenRequestController.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/model/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/model/OAuthParams.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/webapp/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/webapp/WEB-INF/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/webapp/WEB-INF/spring-servlet.xml   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/webapp/WEB-INF/views/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/webapp/WEB-INF/views/accessToken.jsp
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/webapp/WEB-INF/views/authorizeResourceOwner.jsp
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/webapp/WEB-INF/views/temporaryCredentials.jsp
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/webapp/WEB-INF/views/tokenRequest.jsp
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/webapp/WEB-INF/web.xml   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/webapp/index.jsp
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/pom.xml   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/java/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/java/org/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/java/org/apache/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/java/org/apache/cxf/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/java/org/apache/cxf/rs/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/java/org/apache/cxf/rs/auth/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/java/org/apache/cxf/rs/auth/oauth/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/java/org/apache/cxf/rs/auth/oauth/demo/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/java/org/apache/cxf/rs/auth/oauth/demo/OAuthAuthenticationProcessingFilter.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/java/org/apache/cxf/rs/auth/oauth/demo/SampleResourceProvider.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/java/org/apache/cxf/rs/auth/oauth/demo/TargetURLResolver.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/webapp/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/webapp/WEB-INF/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/webapp/WEB-INF/oauth-beans.xml   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/webapp/WEB-INF/security-beans.xml   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/webapp/WEB-INF/web.xml   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/webapp/index.jsp
    cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/server/src/main/webapp/login.jsp
Removed:
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AccessTokenService.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/UserAuthorizationService.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthToken.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidatorWrapper.java
Modified:
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/   (props changed)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialService.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceImpl.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidatorWrapperImpl.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceTest.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/oauth-beans.xml

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Wed Jul 14 21:30:17 2010
@@ -0,0 +1,2 @@
+*
+target

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml Wed Jul 14 21:30:17 2010
@@ -0,0 +1,93 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.apache.cxf</groupId>
+    <artifactId>cxf-rt-rs-oauth</artifactId>
+    <version>2.3.0-SNAPSHOT</version>
+    <packaging>jar</packaging>
+    <name>Apache CXF OAuth 1.0a</name>
+    <url>http://cxf.apache.org</url>
+
+    <parent>
+        <groupId>org.apache.cxf</groupId>
+        <artifactId>cxf-parent</artifactId>
+        <version>2.3.0-SNAPSHOT</version>
+        <relativePath>../../../parent/pom.xml</relativePath>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-frontend-jaxrs</artifactId>
+            <version>2.3.0-SNAPSHOT</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.geronimo.specs</groupId>
+            <artifactId>geronimo-servlet_2.5_spec</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>net.oauth.core</groupId>
+            <artifactId>oauth</artifactId>
+            <version>20100527</version>
+        </dependency>
+        <dependency>
+            <groupId>net.oauth.core</groupId>
+            <artifactId>oauth-provider</artifactId>
+            <version>20100527</version>
+        </dependency>
+
+        <!--test dependencies-->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-test</artifactId>
+            <version>2.5.6</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-testutils</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-transports-http-jetty</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <repositories>
+        <repository>
+            <id>oauth</id>
+            <name>OAuth Repository</name>
+            <url>http://oauth.googlecode.com/svn/code/maven</url>
+        </repository>
+    </repositories>
+</project>
\ No newline at end of file

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationService.java?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationService.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationService.java Wed Jul 14 21:30:17 2010
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.endpoints;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+
+/**
+ * @author Lukasz Moren
+ */
+@Path("/confirm")
+public interface ResourceOwnerAuthorizationConfirmationService {
+
+    @GET
+    @Produces("application/x-www-form-urlencoded")
+    Response confirmUserDecision(@Context HttpServletRequest request);
+}
\ No newline at end of file

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationService.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationServiceImpl.java?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationServiceImpl.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationServiceImpl.java Wed Jul 14 21:30:17 2010
@@ -0,0 +1,98 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.endpoints;
+
+import java.io.IOException;
+import java.net.URI;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.auth.oauth.provider.ClientAuthenticationInfo;
+import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.auth.oauth.provider.RequestToken;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.common.logging.LogUtils;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+/**
+ * Service is called after successfull resource owner authorization
+ *
+ * @author Lukasz Moren
+ */
+@Path("/confirm")
+public class ResourceOwnerAuthorizationConfirmationServiceImpl
+    implements ResourceOwnerAuthorizationConfirmationService {
+
+    private static final Logger LOG = LogUtils
+        .getL7dLogger(ResourceOwnerAuthorizationConfirmationServiceImpl.class);
+
+    private OAuthDataProvider oAuthDataProvider;
+
+    @GET
+    @Produces("application/x-www-form-urlencoded")
+    public Response confirmUserDecision(@Context HttpServletRequest request) {
+        //service called from confirmation page
+        try {
+
+            OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+            oAuthMessage.requireParameters(OAuth.OAUTH_TOKEN, ResourceOwnerAuthorizationService.SEC_TOKEN);
+
+            //todo how long oauth verifier?, it SHOULD be suitable for manual entry acording to spec
+            //generate oauth verifier
+            RequestToken requestToken = oAuthDataProvider.validateRequestToken(oAuthMessage.getToken(),
+                oAuthMessage.getParameter(ResourceOwnerAuthorizationService.SEC_TOKEN));
+
+
+            ClientAuthenticationInfo clientInfo = requestToken.getClientAuthenticationInfo();
+            StringBuffer callback = new StringBuffer(clientInfo.getCallbackURL()).append("?oauth_token=")
+                .append(oAuthMessage.getToken()).append("&oauth_verifier=")
+                .append(requestToken.getOauthVerifier());
+
+            return Response.status(HttpServletResponse.SC_MOVED_TEMPORARILY)
+                .location(URI.create(callback.toString())).build();
+        }
+
+        catch (OAuthProblemException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
+            }
+            throw OAuthUtils.handleException(e, e.getHttpStatusCode());
+        } catch (IOException e) {
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "OAuth module exception: {0}", new Object[] {e.toString()});
+            }
+            throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    public void setoAuthDataProvider(OAuthDataProvider oAuthDataProvider) {
+        this.oAuthDataProvider = oAuthDataProvider;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationServiceImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationConfirmationServiceImpl.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationService.java?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationService.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationService.java Wed Jul 14 21:30:17 2010
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.endpoints;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+
+/**
+ * @author Lukasz Moren
+ */
+@Path("/")
+public interface ResourceOwnerAuthorizationService {
+
+    public static final String SEC_TOKEN = "sec_token";
+
+    @GET
+    @Path("/")
+    Response authorizeUser(@Context HttpServletRequest request);
+}
\ No newline at end of file

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationService.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationServiceImpl.java?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationServiceImpl.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationServiceImpl.java Wed Jul 14 21:30:17 2010
@@ -0,0 +1,114 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.auth.oauth.endpoints;
+
+import java.io.IOException;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.auth.oauth.provider.OAuthAuthorizationData;
+import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.auth.oauth.provider.RequestToken;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
+import org.apache.cxf.common.logging.LogUtils;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+/**
+ * @author Lukasz Moren
+ */
+@Path("/")
+public class ResourceOwnerAuthorizationServiceImpl implements ResourceOwnerAuthorizationService {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(ResourceOwnerAuthorizationServiceImpl.class);
+
+    private OAuthDataProvider oAuthDataProvider;
+
+    private OAuthMessageValidator oAuthValidator = new OAuthMessageValidator();
+
+    @GET
+    @Path("/")
+    public Response authorizeUser(@Context HttpServletRequest request) {
+        LOG.log(Level.INFO, "Resource Owner Authorization Endpoint invoked");
+
+        //create security token that is passed to sign in page and validate it in confirmation service
+        OAuthAuthorizationData secData = new OAuthAuthorizationData();
+
+        try {
+
+            OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+            oAuthMessage.requireParameters(OAuth.OAUTH_TOKEN);
+
+            oAuthValidator.validateSingleParameters(oAuthMessage);
+
+            RequestToken token = oAuthDataProvider.saveSecurityToken(oAuthMessage.getToken());
+
+            //user credentials not found
+            if (token == null) {
+                if (LOG.isLoggable(Level.WARNING)) {
+                    LOG.log(Level.WARNING, "Request token was not found customer key was not found");
+                }
+                return Response.ok(secData).build();
+            }
+
+            addAdditionalParams(secData, token);
+            return Response.ok(secData).build();
+
+
+        } catch (OAuthProblemException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[] {e.toString()});
+            }
+            throw OAuthUtils.handleException(e, e.getHttpStatusCode());
+        } catch (IOException e) {
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "OAuth module exception: {0}", new Object[] {e.toString()});
+            }
+            throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        } catch (OAuthException e) {
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "OAuth library exception: {0}", new Object[] {e.toString()});
+            }
+            throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    protected void addAdditionalParams(OAuthAuthorizationData secData, RequestToken token) {
+        secData.setOauthToken(token.getTokenString());
+        secData.setSecurityToken(token.getSecurityToken());
+        secData.setApplicationName(token.getClientAuthenticationInfo().getApplicationName());
+    }
+
+    public void setoAuthDataProvider(OAuthDataProvider oAuthDataProvider) {
+        this.oAuthDataProvider = oAuthDataProvider;
+    }
+
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationServiceImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/ResourceOwnerAuthorizationServiceImpl.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialService.java?rev=964212&r1=964211&r2=964212&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialService.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialService.java Wed Jul 14 21:30:17 2010
@@ -18,24 +18,24 @@
  */
 package org.apache.cxf.auth.oauth.endpoints;
 
-import org.springframework.stereotype.Service;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 
+
 /**
  * @author Lukasz Moren
  */
-@Service
 @Path("/initiate")
 public interface TemporaryCredentialService {
     @POST
+    @GET
     @Produces("application/x-www-form-urlencoded")
-    @Consumes("application/x-www-form-urlencoded")
+    @Consumes("*/*")
     Response getTemporaryCredentials(@Context HttpServletRequest request);
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceImpl.java?rev=964212&r1=964211&r2=964212&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceImpl.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceImpl.java Wed Jul 14 21:30:17 2010
@@ -19,53 +19,60 @@
 
 package org.apache.cxf.auth.oauth.endpoints;
 
-import net.oauth.*;
-import net.oauth.server.OAuthServlet;
-import org.apache.cxf.auth.oauth.provider.ClientAuthenticationInfo;
-import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.auth.oauth.provider.OAuthToken;
-import org.apache.cxf.auth.oauth.validation.OAuthValidatorWrapper;
-import org.apache.cxf.auth.oauth.validation.OAuthValidatorWrapperImpl;
-import org.apache.cxf.common.logging.LogUtils;
-import org.springframework.stereotype.Service;
-
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.logging.Level;
-import java.util.logging.Logger;
+
+import org.apache.cxf.auth.oauth.provider.ClientAuthenticationInfo;
+import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.auth.oauth.provider.RequestToken;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
+import org.apache.cxf.common.logging.LogUtils;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
 
 /**
  * @author Lukasz Moren
  */
-@Service
 @Path("/initiate")
-
 public class TemporaryCredentialServiceImpl implements TemporaryCredentialService {
 
     private static final Logger LOG = LogUtils.getL7dLogger(TemporaryCredentialServiceImpl.class);
 
-    //todo change way creating that, inject with spring?
     private OAuthDataProvider oAuthDataProvider;
 
-    private OAuthValidatorWrapper oAuthValidator = new OAuthValidatorWrapperImpl(new SimpleOAuthValidator());
+    private OAuthMessageValidator oAuthValidator = new OAuthMessageValidator();
 
 
     @POST
+    @GET
     @Produces("application/x-www-form-urlencoded")
-    @Consumes("application/x-www-form-urlencoded")
+    @Consumes("*/*")
     public Response getTemporaryCredentials(@Context HttpServletRequest request) {
         //todo add realm optional parameter
         //todo check if entity-body single part?
-        LOG.log(Level.INFO, "temporary credentails endpoint invoked");
         try {
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.log(Level.FINE, "Temporary Service Credentials service invoked by host: {0}",
+                    new Object[] {request.getRemoteHost()});
+            }
             OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
 
             oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
@@ -75,15 +82,13 @@ public class TemporaryCredentialServiceI
                 OAuth.OAUTH_NONCE,
                 OAuth.OAUTH_CALLBACK);
 
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.log(Level.FINE, "All required OAuth parameters are present");
+            }
 
             ClientAuthenticationInfo authenticationInfo = oAuthDataProvider
                 .getClientAuthenticationInfo(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));
 
-            //user credentials not found
-            if (authenticationInfo == null) {
-                return Response.status(HttpServletResponse.SC_UNAUTHORIZED).build();
-            }
-
             OAuthConsumer consumer = new OAuthConsumer(oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK),
                 authenticationInfo.getConsumerKey(), authenticationInfo.getSecretKey(), null);
 
@@ -92,34 +97,51 @@ public class TemporaryCredentialServiceI
             //validate message
             oAuthValidator.validateMessage(oAuthMessage, accessor);
 
+            //set callback url from request, or use preregistered one
+            authenticationInfo = setCallbackURL(authenticationInfo,
+                oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK));
 
-            OAuthToken oAuthToken = oAuthDataProvider
-                .generateOAuthToken(authenticationInfo);
+            RequestToken requestToken = oAuthDataProvider.generateRequestToken(authenticationInfo);
 
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
+            }
             //create response
             Map<String, Object> responseParams = new HashMap<String, Object>();
-            responseParams.put(OAuth.OAUTH_TOKEN, oAuthToken.getOauthToken());
-            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, oAuthToken.getTokenSecret());
+            responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenString());
+            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
             responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);
 
             String response = OAuth.formEncode(responseParams.entrySet());
             return Response.ok(response).build();
 
         } catch (OAuthProblemException e) {
-            e.printStackTrace();  //todo log exception
-            Response.status(e.getHttpStatusCode()).entity(e.toString()).build();
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
+            }
+            throw OAuthUtils.handleException(e, e.getHttpStatusCode());
         } catch (OAuthException e) {
-            Response.status(HttpServletResponse.SC_BAD_REQUEST).build();
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "OAuth library exception: {0}", new Object[] {e.toString()});
+            }
+            throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
         } catch (Exception e) {
-            e.printStackTrace();  //todo log exception
-            Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR).build();
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
+                    new Object[] {e.toString()});
+            }
+            throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
         }
-
-        return Response.status(HttpServletResponse.SC_BAD_REQUEST).build();
     }
 
-    public OAuthDataProvider getoAuthDataProvider() {
-        return oAuthDataProvider;
+    protected ClientAuthenticationInfo setCallbackURL(ClientAuthenticationInfo authenticationInfo,
+                                                      String oauthCallback) {
+
+        if (!oauthCallback.equals(ClientAuthenticationInfo.OAUTH_OOB)) {
+            authenticationInfo.setCallbackURL(oauthCallback);
+        }
+
+        return authenticationInfo;
     }
 
     public void setoAuthDataProvider(OAuthDataProvider oAuthDataProvider) {

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java Wed Jul 14 21:30:17 2010
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.endpoints;
+
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+/**
+ * @author Lukasz Moren
+ */
+@Path("/token")
+public interface TokenCredentialsService {
+
+    @GET
+    @Produces("application/x-www-form-urlencoded")
+    Response getTokenCredentials(@Context HttpServletRequest request);
+}
\ No newline at end of file

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java Wed Jul 14 21:30:17 2010
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.auth.oauth.endpoints;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.auth.oauth.provider.AccessToken;
+import org.apache.cxf.auth.oauth.provider.ClientAuthenticationInfo;
+import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.auth.oauth.provider.RequestToken;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
+import org.apache.cxf.common.logging.LogUtils;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+/**
+ * @author Lukasz Moren
+ */
+@Path("/token")
+public class TokenCredentialsServiceImpl implements TokenCredentialsService {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(TokenCredentialsServiceImpl.class);
+
+    private OAuthDataProvider oAuthDataProvider;
+    private OAuthMessageValidator oAuthValidator = new OAuthMessageValidator();
+
+    @GET
+    @Produces("application/x-www-form-urlencoded")
+    public Response getTokenCredentials(@Context HttpServletRequest request) {
+        try {
+            OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+
+            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
+                OAuth.OAUTH_TOKEN,
+                OAuth.OAUTH_SIGNATURE_METHOD,
+                OAuth.OAUTH_SIGNATURE,
+                OAuth.OAUTH_TIMESTAMP,
+                OAuth.OAUTH_NONCE,
+                OAuth.OAUTH_VERIFIER);
+
+            RequestToken token = oAuthDataProvider
+                .getRequestToken(oAuthMessage.getToken(), oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER));
+
+            ClientAuthenticationInfo authInfo = token.getClientAuthenticationInfo();
+            OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
+                authInfo.getSecretKey(), null);
+            OAuthAccessor accessor = new OAuthAccessor(consumer);
+            oAuthValidator.validateMessage(oAuthMessage, accessor);
+
+            AccessToken accessToken = oAuthDataProvider.generateAccessToken(token);
+
+            //create response
+            Map<String, Object> responseParams = new HashMap<String, Object>();
+            responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenString());
+            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
+
+            String response = OAuth.formEncode(responseParams.entrySet());
+            return Response.ok(response).build();
+
+        } catch (OAuthProblemException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
+            }
+            throw OAuthUtils.handleException(e, e.getHttpStatusCode());
+        } catch (IOException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
+            }
+            throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        } catch (OAuthException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
+            }
+            throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        } catch (URISyntaxException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
+            }
+            throw OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+
+    }
+
+    public void setoAuthDataProvider(OAuthDataProvider oAuthDataProvider) {
+        this.oAuthDataProvider = oAuthDataProvider;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityInterceptor.java?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityInterceptor.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityInterceptor.java Wed Jul 14 21:30:17 2010
@@ -0,0 +1,115 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.interceptors;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cxf.auth.oauth.provider.AccessToken;
+import org.apache.cxf.auth.oauth.provider.ClientAuthenticationInfo;
+import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.transport.http.AbstractHTTPDestination;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+/**
+ * @author Lukasz Moren
+ */
+public class OAuthSecurityInterceptor extends AbstractPhaseInterceptor<Message> {
+    private static final Logger LOG = LogUtils.getL7dLogger(OAuthSecurityInterceptor.class);
+
+    private OAuthDataProvider oAuthDataProvider;
+    private OAuthMessageValidator oAuthValidator = new OAuthMessageValidator();
+
+    public OAuthSecurityInterceptor() {
+        super(Phase.RECEIVE);
+    }
+
+    public OAuthSecurityInterceptor(String phase) {
+        super(phase);
+    }
+
+    public void handleMessage(Message message) throws Fault {
+        HttpServletRequest request = (HttpServletRequest)message.get(AbstractHTTPDestination.HTTP_REQUEST);
+        HttpServletResponse response = (HttpServletResponse)message
+            .get(AbstractHTTPDestination.HTTP_RESPONSE);
+
+        OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+
+        try {
+            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
+                OAuth.OAUTH_TOKEN,
+                OAuth.OAUTH_SIGNATURE_METHOD,
+                OAuth.OAUTH_SIGNATURE,
+                OAuth.OAUTH_TIMESTAMP,
+                OAuth.OAUTH_NONCE);
+
+            AccessToken accessToken = oAuthDataProvider.getAccessToken(oAuthMessage.getToken());
+            ClientAuthenticationInfo authInfo = accessToken.getClientAuthenticationInfo();
+
+
+            OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
+                authInfo.getSecretKey(), null);
+
+            OAuthAccessor accessor = new OAuthAccessor(consumer);
+
+            oAuthValidator.validateMessage(oAuthMessage, accessor);
+
+        } catch (OAuthProblemException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.toString()});
+            }
+            handleException(message, response, e, e.getHttpStatusCode());
+        } catch (OAuthException e) {
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "An OAuth-related problem: {0}", new Object[] {e.toString()});
+            }
+            handleException(message, response, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        } catch (Exception ex) {
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "Server error: {0}", new Object[] {ex.toString()});
+            }
+            handleException(message, response, ex, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    protected void handleException(Message m, HttpServletResponse response, Exception e, int status) {
+        OAuthUtils.handleException(response, e, status);
+        m.getInterceptorChain().abort();
+    }
+
+    public void setoAuthDataProvider(OAuthDataProvider oAuthDataProvider) {
+        this.oAuthDataProvider = oAuthDataProvider;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityInterceptor.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/AccessToken.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/AccessToken.java?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/AccessToken.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/AccessToken.java Wed Jul 14 21:30:17 2010
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.provider;
+
+/**
+ * @author Lukasz Moren
+ */
+public class AccessToken extends Token {
+    public AccessToken(ClientAuthenticationInfo clientAuthenticationInfo, String tokenString,
+                       String tokenSecret) {
+        super(clientAuthenticationInfo, tokenString, tokenSecret);
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/AccessToken.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/AccessToken.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java Wed Jul 14 21:30:17 2010
@@ -0,0 +1,63 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.provider;
+
+import java.io.Serializable;
+
+/**
+ * Additional parameters passed to sign in page
+ *
+ * @author Lukasz Moren
+ */
+public class OAuthAuthorizationData implements Serializable {
+    private String oauthToken;
+    private String securityToken;
+    private String applicationName;
+
+    public OAuthAuthorizationData() {
+    }
+
+    public OAuthAuthorizationData(String oauthToken) {
+        this.oauthToken = oauthToken;
+    }
+
+    public String getOauthToken() {
+        return oauthToken;
+    }
+
+    public void setOauthToken(String oauthToken) {
+        this.oauthToken = oauthToken;
+    }
+
+    public String getSecurityToken() {
+        return securityToken;
+    }
+
+    public void setSecurityToken(String securityToken) {
+        this.securityToken = securityToken;
+    }
+
+    public String getApplicationName() {
+        return applicationName;
+    }
+
+    public void setApplicationName(String applicationName) {
+        this.applicationName = applicationName;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/RequestToken.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/RequestToken.java?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/RequestToken.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/RequestToken.java Wed Jul 14 21:30:17 2010
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.provider;
+
+/**
+ * @author Lukasz Moren
+ */
+public class RequestToken extends Token {
+    protected String securityToken;
+    protected String oauthVerifier;
+
+    public RequestToken(ClientAuthenticationInfo clientAuthenticationInfo, String tokenString,
+                        String tokenSecret) {
+        super(clientAuthenticationInfo, tokenString, tokenSecret);
+    }
+
+    public String getTokenSecret() {
+        return tokenSecret;
+    }
+
+    public String getSecurityToken() {
+        return securityToken;
+    }
+
+    public void setSecurityToken(String securityToken) {
+        this.securityToken = securityToken;
+    }
+
+    public void setOauthVerifier(String oauthVerifier) {
+        this.oauthVerifier = oauthVerifier;
+    }
+
+    public String getOauthVerifier() {
+        return oauthVerifier;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/RequestToken.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/RequestToken.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Token.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Token.java?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Token.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Token.java Wed Jul 14 21:30:17 2010
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.provider;
+
+/**
+ * @author Lukasz Moren
+ */
+public abstract class Token {
+
+    protected String tokenString;
+    protected String tokenSecret;
+    private ClientAuthenticationInfo clientAuthenticationInfo;
+
+    protected Token(ClientAuthenticationInfo clientAuthenticationInfo, String tokenString,
+                    String tokenSecret) {
+        this.clientAuthenticationInfo = clientAuthenticationInfo;
+        this.tokenString = tokenString;
+        this.tokenSecret = tokenSecret;
+    }
+
+    public ClientAuthenticationInfo getClientAuthenticationInfo() {
+        return clientAuthenticationInfo;
+    }
+
+    public String getTokenString() {
+        return tokenString;
+    }
+
+    public String getTokenSecret() {
+        return tokenSecret;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Token.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Token.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java?rev=964212&r1=964211&r2=964212&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java Wed Jul 14 21:30:17 2010
@@ -18,7 +18,15 @@
  */
 package org.apache.cxf.auth.oauth.utils;
 
+import java.io.IOException;
 import java.util.UUID;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
 
 /**
  * @author Lukasz Moren
@@ -34,4 +42,43 @@ public final class OAuthUtils {
     public static String generateToken() {
         return UUID.randomUUID().toString();
     }
+
+    public static WebApplicationException handleException(Exception e, int status) {
+        return handleException(e, status, null);
+    }
+
+    public static WebApplicationException handleException(Exception e, int status,
+                                                          String realm) {
+        if (e instanceof OAuthProblemException) {
+            OAuthProblemException problem = (OAuthProblemException)e;
+            OAuthMessage message = new OAuthMessage(null, null, problem
+                .getParameters().entrySet());
+            try {
+                return new WebApplicationException(
+                    Response.status(status).header("WWW-Authenticate", message.getAuthorizationHeader(realm))
+                        .entity(e.getMessage()).build());
+            } catch (IOException e1) {
+                return new WebApplicationException(
+                    Response.status(status).entity(e.getMessage()).build());
+            }
+        }
+        return new WebApplicationException(
+            Response.status(status).entity(e.getMessage()).build());
+    }
+
+    public static void handleException(HttpServletResponse response, Exception e, int status, String realm,
+                                       boolean sendBody) {
+        try {
+            OAuthServlet.handleException(response, e, realm, sendBody);
+        } catch (Exception ex) {
+            try {
+                response.sendError(status);
+            } catch (IOException e1) {
+            }
+        }
+    }
+
+    public static void handleException(HttpServletResponse response, Exception e, int status) {
+        handleException(response, e, status, null, true);
+    }
 }

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java Wed Jul 14 21:30:17 2010
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.auth.oauth.validation;
+
+import java.io.IOException;
+
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.SimpleOAuthValidator;
+
+
+/**
+ * @author Lukasz Moren
+ */
+public class OAuthMessageValidator extends SimpleOAuthValidator {
+
+    public static final String VERIFIER_INVALID = "verifier_invalid";
+
+    public OAuthMessageValidator() {
+    }
+
+    public void validateSingleParameters(OAuthMessage message) throws IOException, OAuthException {
+        super.checkSingleParameters(message);
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidatorWrapperImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidatorWrapperImpl.java?rev=964212&r1=964211&r2=964212&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidatorWrapperImpl.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidatorWrapperImpl.java Wed Jul 14 21:30:17 2010
@@ -19,19 +19,19 @@
 
 package org.apache.cxf.auth.oauth.validation;
 
+import java.io.IOException;
+import java.net.URISyntaxException;
+
 import net.oauth.OAuthAccessor;
 import net.oauth.OAuthException;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthValidator;
 
-import java.net.URISyntaxException;
-import java.io.IOException;
-
 
 /**
  * @author Lukasz Moren
  */
-public class OAuthValidatorWrapperImpl implements OAuthValidatorWrapper {
+public class OAuthValidatorWrapperImpl implements OAuthValidator {
     private OAuthValidator validator;
 
     public OAuthValidatorWrapperImpl(OAuthValidator validator) {
@@ -39,7 +39,7 @@ public class OAuthValidatorWrapperImpl i
     }
 
     public void validateMessage(OAuthMessage message, OAuthAccessor accessor)
-            throws OAuthException, IOException, URISyntaxException {
+        throws OAuthException, IOException, URISyntaxException {
         validator.validateMessage(message, accessor);
     }
 
@@ -50,6 +50,4 @@ public class OAuthValidatorWrapperImpl i
     public void setValidator(OAuthValidator validator) {
         this.validator = validator;
     }
-
-
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceTest.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceTest.java?rev=964212&r1=964211&r2=964212&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceTest.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceTest.java Wed Jul 14 21:30:17 2010
@@ -20,8 +20,14 @@
 
 package org.apache.cxf.auth.oauth.endpoints;
 
-import net.oauth.OAuth;
-import net.oauth.OAuthProblemException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.util.UUID;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriBuilder;
+
 import org.apache.cxf.endpoint.Server;
 import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
 import org.apache.cxf.jaxrs.client.WebClient;
@@ -29,12 +35,8 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
-import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriBuilder;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URI;
+import net.oauth.OAuth;
+import net.oauth.OAuthProblemException;
 
 /**
  * @author Lukasz Moren
@@ -51,7 +53,7 @@ public class TemporaryCredentialServiceT
         URI uri = UriBuilder.fromUri(new URI(TEMPORARY_CREDENTIALS_URL))
             .queryParam("oauth_consumer_key", 12345678).queryParam("oauth_signature_method", "PLAINTEXT")
             .queryParam("oauth_callback", "http%3A%2F%2Fprinter.example.com%2Fready")
-            .queryParam("oauth_signature", "secret%26").queryParam("oauth_nonce", "sfsdfsdfs")
+            .queryParam("oauth_signature", "secret%26").queryParam("oauth_nonce", UUID.randomUUID())
             .queryParam("oauth_timestamp", String.valueOf(System.currentTimeMillis() / 1000))
             .buildFromEncoded();
 
@@ -74,7 +76,7 @@ public class TemporaryCredentialServiceT
             .append("=12345678&").append(OAuth.OAUTH_SIGNATURE_METHOD)
             .append("=PLAINTEXT&").append(OAuth.OAUTH_SIGNATURE)
             .append("=secret%26&")
-            .append(OAuth.OAUTH_NONCE).append("=sfsdfsdfs&")
+            .append(OAuth.OAUTH_NONCE).append("=").append(UUID.randomUUID()).append("&")
             .append(OAuth.OAUTH_TIMESTAMP).append("=").append(timestamp)
             .append("&").append(OAuth.OAUTH_CALLBACK)
             .append("=http%3A%2F%2Fprinter.example.com%2Fready");
@@ -83,11 +85,11 @@ public class TemporaryCredentialServiceT
         cl.accept("application/x-www-form-urlencoded");
 
 
-        Response r = cl.post(formEncodedBody.toString());
-        assertEquals(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, r.getStatus());
+//        Response r = cl.post(formEncodedBody.toString());
+//        assertEquals(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, r.getStatus());
 
         cl.header("Content-Type", OAuth.FORM_ENCODED);
-        r = cl.post(formEncodedBody.toString());
+        Response r = cl.post(formEncodedBody.toString());
         validateOAuthMessage(r);
     }
 
@@ -107,7 +109,7 @@ public class TemporaryCredentialServiceT
             .append(OAuth.OAUTH_CONSUMER_KEY).append("=\"12345678\",")
             .append(OAuth.OAUTH_SIGNATURE_METHOD).append("=\"PLAINTEXT\",")
             .append(OAuth.OAUTH_SIGNATURE).append("=\"secret%26\",")
-            .append(OAuth.OAUTH_NONCE).append("=\"sfsdfsdfs\",")
+            .append(OAuth.OAUTH_NONCE).append("=\"").append(UUID.randomUUID()).append("\",")
             .append(OAuth.OAUTH_TIMESTAMP).append("=\"").append(timestamp)
             .append("\",").append(OAuth.OAUTH_CALLBACK)
             .append("=\"http%3A%2F%2Fprinter.example.com%2Fready\"");
@@ -131,13 +133,13 @@ public class TemporaryCredentialServiceT
 
 
     @Before
-    public void initService() {
+    public void initService() throws Exception {
         JAXRSServerFactoryBean sf = (JAXRSServerFactoryBean)ctx.getBean("oauthServer");
         s = sf.create();
     }
 
     @After
-    public void stopService() {
+    public void stopService() throws Exception {
         if (s != null) {
             s.destroy();
         }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/oauth-beans.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/oauth-beans.xml?rev=964212&r1=964211&r2=964212&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/oauth-beans.xml (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/oauth-beans.xml Wed Jul 14 21:30:17 2010
@@ -1,17 +1,59 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
 <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxrs="http://cxf.apache.org/jaxrs"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd">
 
     <!--<import resource="classpath:META-INF/cxf/cxf-servlet.xml"/>-->
     <import resource="classpath:META-INF/cxf/cxf-extension-http-jetty.xml"/>
+    <!--<import resource="classpath:META-INF/cxf/cxf.xml"/>-->
+    <!--<import resource="classpath:META-INF/cxf/cxf-extension-jaxrs-binding.xml"/>-->
+    <!--<import resource="classpath:META-INF/cxf/cxf-extension-http.xml"/>-->
+    <!--<import resource="classpath:META-INF/cxf/cxf-extension-xml.xml"/>-->
 
-    <jaxrs:server id="oauthServer" address="http://localhost:9001/auth/oauth">
+
+    <jaxrs:server id="oauthAuthorization" address="http://localhost:9001/auth/oauth/authorize">
+        <jaxrs:serviceBeans>
+            <ref bean="resourceOwnerAuthorizationEndpoint"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="dispatchProvider"/>
+        </jaxrs:providers>
+    </jaxrs:server>
+
+    <bean id="dispatchProvider" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider">
+        <property name="resourcePath" value="/WEB-INF/confirm.jsp"/>
+        <property name="scope" value="request"/>
+    </bean>
+
+    <jaxrs:server id="oauthServer" address="http://localhost:9001/auth/oauth/">
         <jaxrs:serviceBeans>
             <ref bean="temporaryCredentialService"/>
         </jaxrs:serviceBeans>
     </jaxrs:server>
 
+    <bean id="resourceOwnerAuthorizationEndpoint"
+          class="org.apache.cxf.auth.oauth.endpoints.ResourceOwnerAuthorizationServiceImpl">
+        <property name="oAuthDataProvider" ref="oauthDataProvider"/>
+    </bean>
+
     <bean id="temporaryCredentialService"
           class="org.apache.cxf.auth.oauth.endpoints.TemporaryCredentialServiceImpl">
         <property name="oAuthDataProvider" ref="oauthDataProvider"/>

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Wed Jul 14 21:30:17 2010
@@ -0,0 +1,4 @@
+auth.oauth.demo.iml
+auth.oauth.demo.ipr
+auth.oauth.demo.iws
+target

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/pom.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/pom.xml?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/pom.xml (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/pom.xml Wed Jul 14 21:30:17 2010
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
+		 	http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.apache.cxf</groupId>
+    <artifactId>cxf-rt-rs-oauth_samples-client</artifactId>
+    <version>2.3.0-SNAPSHOT</version>
+    <name>OAuth 1.0a client</name>
+    <url>http://cxf.apache.org</url>
+    <packaging>war</packaging>
+
+    <parent>
+        <groupId>org.apache.cxf</groupId>
+        <artifactId>cxf-parent</artifactId>
+        <version>2.3.0-SNAPSHOT</version>
+        <relativePath>../../../../parent/pom.xml</relativePath>
+    </parent>
+
+    <build>
+        <finalName>oauth_1.0_client</finalName>
+        <plugins>
+            <plugin>
+                <groupId>org.mortbay.jetty</groupId>
+                <artifactId>maven-jetty-plugin</artifactId>
+                <version>6.1.24</version>
+                <configuration>
+                    <webAppConfig>
+                        <contextPath>/</contextPath>
+                    </webAppConfig>
+                    <connectors>
+                        <connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
+                            <port>8080</port>
+                            <maxIdleTime>60000</maxIdleTime>
+                        </connector>
+                    </connectors>
+                    <scanIntervalSeconds>10</scanIntervalSeconds>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>1.5</source>
+                    <target>1.5</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-core</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-beans</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.oauth.core</groupId>
+            <artifactId>oauth-consumer</artifactId>
+            <version>${oauth.lib.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.oauth.core</groupId>
+            <artifactId>oauth-provider</artifactId>
+            <version>${oauth.lib.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.5</version>
+        </dependency>
+        <dependency>
+            <artifactId>standard</artifactId>
+            <groupId>taglibs</groupId>
+            <version>1.1.2</version>
+            <type>jar</type>
+            <scope>runtime</scope>
+        </dependency>
+
+    </dependencies>
+
+    <properties>
+        <!--Spring 3 required to be deployable at GAE-->
+        <spring.version>3.0.2.RELEASE</spring.version>
+        <oauth.lib.version>20100527</oauth.lib.version>
+    </properties>
+</project>
\ No newline at end of file

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/pom.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/pom.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/pom.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/controllers/AuthorizeResourceOwnerController.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/controllers/AuthorizeResourceOwnerController.java?rev=964212&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/controllers/AuthorizeResourceOwnerController.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/controllers/AuthorizeResourceOwnerController.java Wed Jul 14 21:30:17 2010
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.sample.client.controllers;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cxf.auth.oauth.sample.client.model.OAuthParams;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+/**
+ * @author Lukasz Moren
+ */
+@Controller
+public class AuthorizeResourceOwnerController {
+
+    @RequestMapping("/authorizeResourceOwner")
+    public void handleRequest(@ModelAttribute(value = "oAuthParams") OAuthParams oAuthParams,
+                              HttpServletResponse response) throws Exception {
+
+        String oauthToken = oAuthParams.getOauthToken();
+        String resourceOwnerAuthorizationEndpoint = oAuthParams.getResourceOwnerAuthorizationEndpoint();
+        if (resourceOwnerAuthorizationEndpoint == null || "".equals(resourceOwnerAuthorizationEndpoint)) {
+            oAuthParams.setErrorMessage("Missing resource owner authorization URI");
+        }
+
+        if (oauthToken == null || "".equals(oauthToken)) {
+            oAuthParams.setErrorMessage("Missing oauth token");
+        }
+
+        response
+            .sendRedirect(
+                resourceOwnerAuthorizationEndpoint + "?oauth_token=" + oauthToken);
+    }
+}
\ No newline at end of file

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/controllers/AuthorizeResourceOwnerController.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth_demo/client/src/main/java/org/apache/cxf/auth/oauth/sample/client/controllers/AuthorizeResourceOwnerController.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date



Mime
View raw message