cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmo...@apache.org
Subject svn commit: r964214 - in /cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider: ClientAuthenticationInfo.java ClientAuthenticationInfoImpl.java OAuthDataProvider.java OAuthDataProviderImpl.java
Date Wed, 14 Jul 2010 21:34:20 GMT
Author: lmoren
Date: Wed Jul 14 21:34:19 2010
New Revision: 964214

URL: http://svn.apache.org/viewvc?rev=964214&view=rev
Log:
New OAuth Data Provider

Added:
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java
  (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java
  (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
  (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
  (with props)

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java?rev=964214&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java
(added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java
Wed Jul 14 21:34:19 2010
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.provider;
+
+/**
+ * @author Lukasz Moren
+ */
+public interface ClientAuthenticationInfo {
+    //oauth calbackurl "out of band" parameter
+    public static final String OAUTH_OOB = "oob";
+
+    String getConsumerKey();
+
+    String getSecretKey();
+
+    String getCallbackURL();
+
+    void setCallbackURL(String callbackURL);
+
+    String getApplicationName();
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfo.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java?rev=964214&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java
(added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java
Wed Jul 14 21:34:19 2010
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.provider;
+
+/**
+ * @author Lukasz Moren
+ */
+public class ClientAuthenticationInfoImpl implements ClientAuthenticationInfo {
+    private String consumerKey;
+    private String secretKey;
+    private String callbackURL;
+    private String applicationName;
+
+    public ClientAuthenticationInfoImpl(String consumerKey, String secretKey, String callbackURL,
+                                        String applicationName) {
+        this.consumerKey = consumerKey;
+        this.secretKey = secretKey;
+        this.callbackURL = callbackURL;
+        this.applicationName = applicationName;
+    }
+
+    public ClientAuthenticationInfoImpl(String consumerKey, String secretKey, String callbackURL)
{
+        this(consumerKey, secretKey, callbackURL, null);
+    }
+
+    public ClientAuthenticationInfoImpl(String consumerKey, String secretKey) {
+        this(consumerKey, secretKey, null);
+    }
+
+    public String getConsumerKey() {
+        return consumerKey;
+    }
+
+    public String getSecretKey() {
+        return secretKey;
+    }
+
+    public String getCallbackURL() {
+        return callbackURL;
+    }
+
+    public void setCallbackURL(String callbackURL) {
+        this.callbackURL = callbackURL;
+    }
+
+    public String getApplicationName() {
+        return applicationName;
+    }
+
+    public void setApplicationName(String applicationName) {
+        this.applicationName = applicationName;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+
+        ClientAuthenticationInfoImpl that = (ClientAuthenticationInfoImpl)o;
+
+        if (applicationName != null ? !applicationName.equals(that.applicationName)
+            : that.applicationName != null) {
+            return false;
+        }
+        if (callbackURL != null ? !callbackURL.equals(that.callbackURL) : that.callbackURL
!= null) {
+            return false;
+        }
+        if (!consumerKey.equals(that.consumerKey)) {
+            return false;
+        }
+        if (!secretKey.equals(that.secretKey)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        int result = consumerKey.hashCode();
+        result = 31 * result + secretKey.hashCode();
+        result = 31 * result + (callbackURL != null ? callbackURL.hashCode() : 0);
+        result = 31 * result + (applicationName != null ? applicationName.hashCode() : 0);
+        return result;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthenticationInfoImpl.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java?rev=964214&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
(added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
Wed Jul 14 21:34:19 2010
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.auth.oauth.provider;
+
+import net.oauth.OAuthProblemException;
+
+/**
+ * @author Lukasz Moren
+ */
+//todo add client credentials checking
+public interface OAuthDataProvider {
+    ClientAuthenticationInfo getClientAuthenticationInfo(String consumerKey) throws OAuthProblemException;
+
+    RequestToken generateRequestToken(ClientAuthenticationInfo authInfo);
+
+    AccessToken generateAccessToken(RequestToken requestToken);
+
+    AccessToken getAccessToken(String accessToken) throws OAuthProblemException;
+
+    RequestToken getRequestToken(String tokenString, String oauthVerifier) throws OAuthProblemException;
+
+    RequestToken validateRequestToken(String requestToken, String securityToken) throws OAuthProblemException;
+
+    RequestToken saveSecurityToken(String requestToken);
+
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java?rev=964214&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
(added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
Wed Jul 14 21:34:19 2010
@@ -0,0 +1,176 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.auth.oauth.provider;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthProblemException;
+
+
+/**
+ * @author Lukasz Moren
+ */
+public class OAuthDataProviderImpl implements OAuthDataProvider {
+
+    private Map<String, ClientAuthenticationInfo> clientAuthInfo
+        = new ConcurrentHashMap<String, ClientAuthenticationInfo>();
+
+    private Map<String, Token> oauthTokens
+        = new ConcurrentHashMap<String, Token>();
+
+    public ClientAuthenticationInfo getClientAuthenticationInfo(String consumerKey)
+        throws OAuthProblemException {
+        ClientAuthenticationInfo authenticationInfo = clientAuthInfo.get(consumerKey);
+
+        //client credentials not found
+        if (authenticationInfo == null) {
+            OAuthProblemException problemEx = new OAuthProblemException(
+                OAuth.Problems.CONSUMER_KEY_UNKNOWN);
+            problemEx
+                .setParameter(OAuthProblemException.HTTP_STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);
+            throw problemEx;
+        }
+        return authenticationInfo;
+    }
+
+    public RequestToken generateRequestToken(ClientAuthenticationInfo clientAuthenticationInfo)
{
+        String token = OAuthUtils.generateToken();
+        String tokenSecret = OAuthUtils.generateToken();
+
+        RequestToken reqToken = new RequestToken(clientAuthenticationInfo, token, tokenSecret);
+
+        oauthTokens.put(token, reqToken);
+        return reqToken;
+    }
+
+    public RequestToken saveSecurityToken(String requestToken) {
+        Token token = oauthTokens.get(requestToken);
+
+        if (token == null) {
+            return null;
+        }
+
+        if (RequestToken.class.isAssignableFrom(token.getClass())) {
+            RequestToken req = (RequestToken)token;
+            req.setSecurityToken(generateSecurityToken());
+            oauthTokens.put(requestToken, req);
+
+            return req;
+        }
+        return null;
+    }
+
+    public RequestToken validateRequestToken(String requestTokenString, String securityToken)
+        throws OAuthProblemException {
+        Token token = oauthTokens.get(requestTokenString);
+
+        if (token == null || !RequestToken.class.isAssignableFrom(token.getClass())) {
+            return handleTokenRejectedException();
+        }
+
+        RequestToken requestToken = (RequestToken)token;
+        if (!validateSecurityToken(requestToken.getSecurityToken(), securityToken)) {
+            throw new OAuthProblemException(OAuth.Problems.ADDITIONAL_AUTHORIZATION_REQUIRED);
+        }
+
+        requestToken.setOauthVerifier(generateOAuthVerifier());
+
+        return requestToken;
+    }
+
+    public RequestToken getRequestToken(String tokenString, String oauthVerifier)
+        throws OAuthProblemException {
+        Token token = oauthTokens.get(tokenString);
+        if (token == null || (!RequestToken.class.isAssignableFrom(token.getClass()))) {
+            handleTokenRejectedException();
+        }
+        RequestToken requestToken = (RequestToken)token;
+
+        String expectedVerifier = null;
+        if (requestToken != null) {
+            expectedVerifier = requestToken.getOauthVerifier();
+        }
+        if (expectedVerifier == null || !expectedVerifier.equals(oauthVerifier)) {
+            OAuthProblemException problemEx = new OAuthProblemException(
+                OAuthMessageValidator.VERIFIER_INVALID);
+            problemEx
+                .setParameter(OAuthProblemException.HTTP_STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);
+            throw problemEx;
+        }
+
+        return requestToken;
+    }
+
+    public AccessToken generateAccessToken(RequestToken requestToken) {
+        String accessTokenString = OAuthUtils.generateToken();
+        String tokenSecretString = OAuthUtils.generateToken();
+        AccessToken accessToken = new AccessToken(requestToken.getClientAuthenticationInfo(),
+            accessTokenString, tokenSecretString);
+
+        //todo mt correctness??
+        oauthTokens.remove(requestToken.getTokenString());
+        oauthTokens.put(accessTokenString, accessToken);
+
+        return accessToken;
+    }
+
+    public AccessToken getAccessToken(String accessToken) throws OAuthProblemException {
+        Token token = oauthTokens.get(accessToken);
+        if (token == null || !AccessToken.class.isAssignableFrom(token.getClass())) {
+            handleTokenRejectedException();
+        }
+
+        return (AccessToken)token;
+    }
+
+    private RequestToken handleTokenRejectedException() throws OAuthProblemException {
+        OAuthProblemException problemEx = new OAuthProblemException(
+            OAuth.Problems.TOKEN_REJECTED);
+        problemEx
+            .setParameter(OAuthProblemException.HTTP_STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);
+        throw problemEx;
+    }
+
+    private boolean validateSecurityToken(String securityToken, String expSecurityToken)
{
+        return securityToken.equals(expSecurityToken);
+    }
+
+    protected String generateSecurityToken() {
+        return OAuthUtils.generateToken();
+    }
+
+    protected String generateOAuthVerifier() {
+        return OAuthUtils.generateToken();
+    }
+
+    public Map<String, ClientAuthenticationInfo> getClientAuthInfo() {
+        return clientAuthInfo;
+    }
+
+    public void setClientAuthInfo(Map<String, ClientAuthenticationInfo> clientAuthInfo)
{
+        this.clientAuthInfo = clientAuthInfo;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProviderImpl.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date



Mime
View raw message