cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmo...@apache.org
Subject svn commit: r985017 [2/2] - in /cxf/sandbox/oauth_1.0a: distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/ distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/a...
Date Thu, 12 Aug 2010 22:30:04 GMT
Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java
(original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java
Thu Aug 12 22:30:02 2010
@@ -19,20 +19,26 @@
 
 package org.apache.cxf.auth.oauth.provider;
 
+import java.security.Principal;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
-import javax.servlet.http.HttpServletResponse;
 
+import net.oauth.OAuth;
+import net.oauth.OAuthException;
 import net.oauth.OAuthProblemException;
 
+import org.apache.cxf.auth.oauth.token.MD5TokenGenerator;
+import org.apache.cxf.auth.oauth.token.TokenGenerator;
 import org.apache.cxf.auth.oauth.tokens.AccessToken;
 import org.apache.cxf.auth.oauth.tokens.RequestToken;
 import org.apache.cxf.auth.oauth.tokens.Token;
-import org.apache.cxf.auth.oauth.utils.OAuthUtils;
 import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
+import org.apache.cxf.auth.oauth.validation.OAuthValidator;
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 
 /**
@@ -40,117 +46,183 @@ import org.apache.cxf.jaxrs.impl.Metadat
  */
 public class MemoryOauthDataProvider implements OAuthDataProvider {
 
-    protected ConcurrentHashMap<String, ClientAuthNInfo> clientAuthInfo
-        = new ConcurrentHashMap<String, ClientAuthNInfo>();
+    protected ConcurrentHashMap<String, Client> clientAuthInfo
+        = new ConcurrentHashMap<String, Client>();
 
-    protected MetadataMap<Object, String> userRegisteredApps
-        = new MetadataMap<Object, String>();
+    protected MetadataMap<String, String> userRegisteredClients
+        = new MetadataMap<String, String>();
+
+    protected MetadataMap<String, String> userAuthorizedClients
+        = new MetadataMap<String, String>();
 
     protected ConcurrentHashMap<String, Token> oauthTokens
         = new ConcurrentHashMap<String, Token>();
 
-    public ClientAuthNInfo getClientAuthenticationInfo(String consumerKey) {
+    protected TokenGenerator tokenGenerator = new MD5TokenGenerator();
+
+    protected OAuthValidator validator;
+
+    public Client getClientAuthenticationInfo(String consumerKey) {
         return clientAuthInfo.get(consumerKey);
     }
 
-    public RequestToken generateRequestToken(ClientAuthNInfo clientAuthNInfo) {
-        String token = OAuthUtils.generateToken();
-        String tokenSecret = OAuthUtils.generateToken();
+    public RequestToken generateRequestToken(Client client, Long lifetime)
+        throws OAuthException {
+        String token = generateToken();
+        String tokenSecret = generateToken();
 
-        RequestToken reqToken = new RequestToken(clientAuthNInfo, token, tokenSecret);
+        RequestToken reqToken = new RequestToken(client, token, tokenSecret, lifetime);
 
         oauthTokens.put(token, reqToken);
         return reqToken;
     }
 
-    public RequestToken validateRequestToken(String requestTokenString, boolean generateOAuthVerifer)
{
-        Token token = oauthTokens.get(requestTokenString);
+    public RequestToken getRequestToken(String tokenString, String consumerKey, String oauthVerifier)
+        throws OAuthProblemException {
 
-        if (token == null || !RequestToken.class.isAssignableFrom(token.getClass())) {
-            return null;
+        Token token = oauthTokens.get(tokenString);
+        if (token == null || (!RequestToken.class.isAssignableFrom(token.getClass()))) {
+            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
         }
-
         RequestToken requestToken = (RequestToken)token;
 
-        if (generateOAuthVerifer) {
-            requestToken.setOauthVerifier(generateOAuthVerifier());
+        String expectedVerifier = requestToken.getOauthVerifier();
+        if (!expectedVerifier.equals(oauthVerifier)) {
+            throw new OAuthProblemException(OAuthMessageValidator.VERIFIER_INVALID);
         }
 
+        Client c = token.getClient();
+        if (c == null) {
+            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
+        }
+        String key = c.getConsumerKey();
+        if (StringUtils.isEmpty(key) || !key.equals(consumerKey)) {
+            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_REFUSED);
+        }
+
+        validator.validateToken(requestToken);
         return requestToken;
     }
 
-    public RequestToken getRequestToken(String tokenString, String oauthVerifier)
-        throws OAuthProblemException {
-        Token token = oauthTokens.get(tokenString);
-        if (token == null || (!RequestToken.class.isAssignableFrom(token.getClass()))) {
-            OAuthUtils.handleTokenRejectedException();
-        }
-        RequestToken requestToken = (RequestToken)token;
-
-        String expectedVerifier = null;
+    public RequestToken generateVerifier(String token, String consumerKey, Principal principal)
+        throws OAuthException {
+        RequestToken requestToken = getRequestToken(token, consumerKey, null);
         if (requestToken != null) {
-            expectedVerifier = requestToken.getOauthVerifier();
-        }
-        if (expectedVerifier == null || !expectedVerifier.equals(oauthVerifier)) {
-            OAuthProblemException problemEx = new OAuthProblemException(
-                OAuthMessageValidator.VERIFIER_INVALID);
-            problemEx
-                .setParameter(OAuthProblemException.HTTP_STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);
-            throw problemEx;
+            requestToken.setOauthVerifier(generateToken());
+            requestToken.setPrincipal(principal);
         }
 
         return requestToken;
     }
 
-    public AccessToken generateAccessToken(RequestToken requestToken) {
-        String accessTokenString = OAuthUtils.generateToken();
-        String tokenSecretString = OAuthUtils.generateToken();
-        AccessToken accessToken = new AccessToken(requestToken.getClientAuthenticationInfo(),
-            accessTokenString, tokenSecretString);
-
-        //todo mt correctness??
-        oauthTokens.remove(requestToken.getTokenString());
-        oauthTokens.put(accessTokenString, accessToken);
+    public OAuthValidator getValidator() {
+        return validator;
+    }
+
+    public void setValidator(OAuthValidator v) {
+        this.validator = v;
+    }
+
+    public AccessToken generateAccessToken(Principal principal, RequestToken requestToken)
+        throws OAuthException {
+
+        Client client = requestToken.getClient();
+        requestToken = getRequestToken(requestToken.getTokenString(), client.getConsumerKey(),
null);
+
+        String accessTokenString = generateToken();
+        String tokenSecretString = generateToken();
+
+        AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString,
3600,
+            principal);
+
+        synchronized (oauthTokens) {
+            oauthTokens.remove(requestToken.getTokenString());
+            oauthTokens.put(accessTokenString, accessToken);
+            synchronized (userAuthorizedClients) {
+                userAuthorizedClients.add(principal.getName(), client.getConsumerKey());
+            }
+        }
 
         return accessToken;
     }
 
-    public AccessToken getAccessToken(String accessToken) throws OAuthProblemException {
+    public AccessToken getAccessToken(String accessToken, String consumerKey) throws OAuthProblemException
{
         Token token = oauthTokens.get(accessToken);
         if (token == null || !AccessToken.class.isAssignableFrom(token.getClass())) {
-            OAuthUtils.handleTokenRejectedException();
+            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
+        }
+
+        Client c = token.getClient();
+        if (c == null || !c.getConsumerKey().equals(consumerKey)) {
+            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
         }
 
+        validator.validateToken(token);
         return (AccessToken)token;
     }
 
-    public ClientAuthNInfo addNewClient(Object user, String consumerKey, ClientAuthNInfo
client) {
-        ClientAuthNInfo authNInfo = clientAuthInfo.putIfAbsent(consumerKey, client);
+    public Client registerNewClient(Principal user, String consumerKey, Client client) {
+        Client authNInfo = clientAuthInfo.putIfAbsent(consumerKey, client);
         if (authNInfo == null) {
-            userRegisteredApps.add(user, consumerKey);
+            userRegisteredClients.add(user.getName(), consumerKey);
         }
         return authNInfo;
     }
 
-    public Set<ClientAuthNInfo> listAllUserClients(Object user) {
-        Set<ClientAuthNInfo> apps = new HashSet<ClientAuthNInfo>();
-        List<String> appList = userRegisteredApps.get(user);
-        for (String s : appList) {
-            apps.add(clientAuthInfo.get(s));
+    public Set<Client> listRegisteredClients(Principal user) {
+        Set<Client> apps = new HashSet<Client>();
+        List<String> appList = userRegisteredClients.get(user.getName());
+        if (appList != null) {
+            for (String s : appList) {
+                apps.add(clientAuthInfo.get(s));
+            }
         }
         return apps;
     }
 
+    public Set<Client> listAuthorizedClients(Principal user) {
+        Set<Client> apps = new HashSet<Client>();
+        List<String> appList = userAuthorizedClients.get(user.getName());
+        if (appList != null) {
+            for (String s : appList) {
+                apps.add(clientAuthInfo.get(s));
+            }
+        }
+        return apps;
+    }
 
-    protected String generateSecurityToken() {
-        return OAuthUtils.generateToken();
+    public void removeTokenCredentials(Principal user, String consumerKey) {
+        if (!StringUtils.isEmpty(consumerKey)) {
+            List<String> registeredApps = this.userAuthorizedClients.get(user.getName());
+            if (registeredApps != null) {
+                registeredApps.remove(consumerKey);
+            }
+            for (Token token : oauthTokens.values()) {
+                Client authNInfo = token.getClient();
+                if (consumerKey.equals(authNInfo.getConsumerKey())) {
+                    oauthTokens.remove(token.getTokenString());
+                }
+            }
+        }
     }
 
-    protected String generateOAuthVerifier() {
-        return OAuthUtils.generateToken();
+    public void removeRegisteredClient(Principal user, String consumerKey) {
+        List<String> registeredApps = this.userRegisteredClients.get(user.getName());
+        registeredApps.remove(consumerKey);
+        removeTokenCredentials(user, consumerKey);
+    }
+
+    protected String generateToken() throws OAuthException {
+        String token = null;
+        try {
+            token = tokenGenerator.generateToken(UUID.randomUUID().toString().getBytes("UTF-8"));
+        } catch (Exception e) {
+            throw new OAuthException("Unable to create token ", e.getCause());
+        }
+        return token;
     }
 
-    public void setClientAuthInfo(Map<String, ClientAuthNInfo> clientAuthInfo) {
+    public void setClientAuthInfo(Map<String, Client> clientAuthInfo) {
         this.clientAuthInfo.putAll(clientAuthInfo);
     }
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
(original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
Thu Aug 12 22:30:02 2010
@@ -19,33 +19,47 @@
 
 package org.apache.cxf.auth.oauth.provider;
 
+import java.security.Principal;
 import java.util.Set;
 
+import net.oauth.OAuthException;
 import net.oauth.OAuthProblemException;
 
 import org.apache.cxf.auth.oauth.tokens.AccessToken;
 import org.apache.cxf.auth.oauth.tokens.RequestToken;
+import org.apache.cxf.auth.oauth.validation.OAuthValidator;
 
 /**
  * @author Lukasz Moren
  */
 //todo add client credentials checking
 public interface OAuthDataProvider {
-    String OAUTH_DATA_PROVIDER_CLASS_NAME = "oauthDataProviderClassName";
 
-    ClientAuthNInfo getClientAuthenticationInfo(String consumerKey);
+    Client getClientAuthenticationInfo(String consumerKey);
 
-    RequestToken generateRequestToken(ClientAuthNInfo authInfo);
+    RequestToken generateRequestToken(Client authInfo, Long lifetime) throws OAuthException;
 
-    AccessToken generateAccessToken(RequestToken requestToken);
+    AccessToken generateAccessToken(Principal user, RequestToken requestToken) throws OAuthException;
 
-    AccessToken getAccessToken(String accessToken) throws OAuthProblemException;
+    AccessToken getAccessToken(String accessToken, String consumerKey) throws OAuthProblemException;
 
-    RequestToken getRequestToken(String tokenString, String oauthVerifier) throws OAuthProblemException;
+    RequestToken getRequestToken(String tokenString, String consumerKey, String oauthVerifier)
+        throws OAuthProblemException;
 
-    RequestToken validateRequestToken(String requestToken, boolean generateOAuthVerifer);
+    Client registerNewClient(Principal user, String consumerKey, Client client);
 
-    ClientAuthNInfo addNewClient(Object user, String consumerKey, ClientAuthNInfo client);
+    Set<Client> listRegisteredClients(Principal user);
 
-    Set<ClientAuthNInfo> listAllUserClients(Object user);
+    Set<Client> listAuthorizedClients(Principal user);
+
+    void removeRegisteredClient(Principal user, String consumerKey);
+
+    void removeTokenCredentials(Principal user, String consumerKey);
+
+    RequestToken generateVerifier(String token, String consumerKey, Principal principal)
+        throws OAuthException;
+
+    OAuthValidator getValidator();
+
+    void setValidator(OAuthValidator validator);
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java
(original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java
Thu Aug 12 22:30:02 2010
@@ -23,7 +23,6 @@ import net.oauth.OAuthException;
 /**
  * @author Lukasz Moren
  */
-//todo cahnge token generation
 public interface TokenGenerator {
     String generateToken(byte[] input) throws OAuthException;
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/AccessToken.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/AccessToken.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/AccessToken.java
(original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/AccessToken.java
Thu Aug 12 22:30:02 2010
@@ -18,14 +18,21 @@
  */
 package org.apache.cxf.auth.oauth.tokens;
 
-import org.apache.cxf.auth.oauth.provider.ClientAuthNInfo;
+import java.security.Principal;
+
+import org.apache.cxf.auth.oauth.provider.Client;
 
 /**
  * @author Lukasz Moren
  */
 public class AccessToken extends Token {
-    public AccessToken(ClientAuthNInfo clientAuthNInfo, String tokenString,
-                       String tokenSecret) {
-        super(clientAuthNInfo, tokenString, tokenSecret);
+    public AccessToken(Client client, String tokenString,
+                       String tokenSecret, Principal principal) {
+        super(client, tokenString, tokenSecret, principal);
+    }
+
+    public AccessToken(Client client, String tokenString,
+                       String tokenSecret, long lifeTime, Principal principal) {
+        super(client, tokenString, tokenSecret, lifeTime, principal);
     }
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/RequestToken.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/RequestToken.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/RequestToken.java
(original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/RequestToken.java
Thu Aug 12 22:30:02 2010
@@ -18,21 +18,27 @@
  */
 package org.apache.cxf.auth.oauth.tokens;
 
-import org.apache.cxf.auth.oauth.provider.ClientAuthNInfo;
+import org.apache.cxf.auth.oauth.provider.Client;
 
 /**
  * @author Lukasz Moren
  */
 public class RequestToken extends Token {
+
+    /**
+     * Temporary credentials has limited time, in seconds
+     */
     protected String oauthVerifier;
 
-    public RequestToken(ClientAuthNInfo clientAuthNInfo, String tokenString,
+
+    public RequestToken(Client client, String tokenString,
                         String tokenSecret) {
-        super(clientAuthNInfo, tokenString, tokenSecret);
+        this(client, tokenString, tokenSecret, null);
     }
 
-    public String getTokenSecret() {
-        return tokenSecret;
+    public RequestToken(Client client, String tokenString,
+                        String tokenSecret, Long lifetime) {
+        super(client, tokenString, tokenSecret, null);
     }
 
     public void setOauthVerifier(String oauthVerifier) {
@@ -42,4 +48,5 @@ public class RequestToken extends Token 
     public String getOauthVerifier() {
         return oauthVerifier;
     }
+
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/Token.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/Token.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/Token.java
(original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/Token.java
Thu Aug 12 22:30:02 2010
@@ -18,7 +18,9 @@
  */
 package org.apache.cxf.auth.oauth.tokens;
 
-import org.apache.cxf.auth.oauth.provider.ClientAuthNInfo;
+import java.security.Principal;
+
+import org.apache.cxf.auth.oauth.provider.Client;
 
 /**
  * @author Lukasz Moren
@@ -27,17 +29,32 @@ public abstract class Token {
 
     protected String tokenString;
     protected String tokenSecret;
-    private ClientAuthNInfo clientAuthNInfo;
-
-    protected Token(ClientAuthNInfo clientAuthNInfo, String tokenString,
-                    String tokenSecret) {
-        this.clientAuthNInfo = clientAuthNInfo;
+    protected long issuedAt = -1;
+    protected long lifetime = -1;
+    protected Client client;
+    protected Principal principal;
+
+    protected Token(Client client, String tokenString,
+                    String tokenSecret, long lifetime, Principal principal) {
+        this.client = client;
         this.tokenString = tokenString;
         this.tokenSecret = tokenSecret;
+        this.principal = principal;
+        initTokenLifeTime(lifetime);
+    }
+
+    protected Token(Client client, String tokenString,
+                    String tokenSecret, Principal principal) {
+        this(client, tokenString, tokenSecret, -1, principal);
     }
 
-    public ClientAuthNInfo getClientAuthenticationInfo() {
-        return clientAuthNInfo;
+    private void initTokenLifeTime(Long lifetm) {
+        this.lifetime = lifetm;
+        issuedAt = System.currentTimeMillis() / 1000;
+    }
+
+    public Client getClient() {
+        return client;
     }
 
     public String getTokenString() {
@@ -47,4 +64,20 @@ public abstract class Token {
     public String getTokenSecret() {
         return tokenSecret;
     }
+
+    public Principal getPrincipal() {
+        return principal;
+    }
+
+    public long getIssuedAt() {
+        return issuedAt;
+    }
+
+    public long getLifetime() {
+        return lifetime;
+    }
+
+    public void setPrincipal(Principal principal) {
+        this.principal = principal;
+    }
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java
(original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java
Thu Aug 12 22:30:02 2010
@@ -19,31 +19,16 @@
 package org.apache.cxf.auth.oauth.utils;
 
 import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.Map;
-import java.util.UUID;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Response;
 
 import net.oauth.OAuth;
-import net.oauth.OAuthException;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
 import net.oauth.server.OAuthServlet;
 
-import org.apache.cxf.auth.oauth.handlers.AbstractOAuthRequestHandler;
-import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
-import org.apache.cxf.auth.oauth.provider.MemoryOauthDataProvider;
-import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.auth.oauth.tokens.RequestToken;
-import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
-import org.apache.cxf.auth.oauth.validation.OAuthValidator;
-import org.apache.cxf.common.util.StringUtils;
 
 /**
  * @author Lukasz Moren
@@ -54,12 +39,6 @@ public final class OAuthUtils {
 
     }
 
-    //todo random enough?
-
-    public static String generateToken() {
-        return UUID.randomUUID().toString();
-    }
-
     public static WebApplicationException handleException(Exception e, int status) {
         return handleException(e, status, null);
     }
@@ -108,99 +87,4 @@ public final class OAuthUtils {
             .setParameter(OAuthProblemException.HTTP_STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);
         throw problemEx;
     }
-
-    public static Object createObjectFromClassName(String className)
-        throws IllegalAccessException, InstantiationException, ClassNotFoundException {
-        Class<?> clazz = Class.forName(className);
-        return clazz.newInstance();
-    }
-
-    public static Object createServletObjectFromClassName(String className, Logger log)
-        throws ServletException {
-        try {
-            return createObjectFromClassName(className);
-        } catch (IllegalAccessException e) {
-            log.log(Level.SEVERE, "Cannot create OAuth object: ", e);
-            throw new ServletException(e);
-        } catch (InstantiationException e) {
-            log.log(Level.SEVERE, "Cannot create OAuth object: ", e);
-            throw new ServletException(e);
-        } catch (ClassNotFoundException e) {
-            log.log(Level.SEVERE, "Cannot create OAuth object: ", e);
-            throw new ServletException(e);
-        }
-    }
-
-    public static OAuthRequestHandler initiateServletContext(ServletContext context, Logger
log)
-        throws ServletException {
-        OAuthRequestHandler requestHandler = (OAuthRequestHandler)context
-            .getAttribute(OAuthRequestHandler.OAUTH_REQUEST_HANDLER);
-
-        if (requestHandler != null) {
-            return requestHandler;
-        }
-
-        requestHandler = (OAuthRequestHandler)loadObject(context,
-            OAuthRequestHandler.OAUTH_REQUEST_HANDLER_CLASS_NAME,
-            AbstractOAuthRequestHandler.class, log);
-
-        OAuthDataProvider dataProvider = (OAuthDataProvider)loadObject(context,
-            OAuthDataProvider.OAUTH_DATA_PROVIDER_CLASS_NAME,
-            MemoryOauthDataProvider.class, log);
-
-        OAuthValidator validator = (OAuthValidator)loadObject(context,
-            OAuthValidator.OAUTH_VALIDATOR_CLASS_NAME,
-            OAuthMessageValidator.class, log);
-
-
-        // set the provider and validator
-        requestHandler.setOAuthDataProvider(dataProvider);
-        requestHandler.setOAuthValidator(validator);
-        context.setAttribute(OAuthRequestHandler.OAUTH_REQUEST_HANDLER, requestHandler);
-
-        return requestHandler;
-    }
-
-    public static Object loadObject(ServletContext context, String classParamName, Class
fallbackClass,
-                                    Logger log)
-        throws ServletException {
-        Object ob;
-
-        String reqHandlerclassName = context.getInitParameter(classParamName);
-
-        if (StringUtils.isEmpty(reqHandlerclassName)) {
-            log.log(Level.INFO,
-                "No {0} provided in servlet context. Initiating default object: {1}",
-                new String[] {classParamName,
-                    fallbackClass.getName()});
-            ob = createServletObjectFromClassName(fallbackClass.getName(), log);
-        } else {
-            ob = OAuthUtils.createServletObjectFromClassName(reqHandlerclassName, log);
-            log.log(Level.INFO,
-                "Created {0} OAuth object: {1}", new String[] {classParamName, ob.getClass().getName()});
-        }
-
-        return ob;
-    }
-
-    public static void prepareHttpServletResponse(HttpServletResponse response, Object entity,
-                                                  int responseCode, String contentType)
-        throws IOException, OAuthException {
-        response.setCharacterEncoding("UTF-8");
-        response.setContentType(contentType);
-        response.setStatus(responseCode);
-
-        PrintWriter pw = response.getWriter();
-        pw.write(entity.toString());
-        pw.flush();
-    }
-
-    public static void prepareHttpServletResponse(HttpServletResponse response, int responseCode,
-                                                  Map<String, String> headers) {
-        response.setStatus(responseCode);
-        for (Map.Entry<String, String> header : headers.entrySet()) {
-            response.setHeader(header.getKey(), header.getValue());
-        }
-
-    }
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java
(original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java
Thu Aug 12 22:30:02 2010
@@ -22,10 +22,14 @@ package org.apache.cxf.auth.oauth.valida
 import java.io.IOException;
 import java.net.URISyntaxException;
 
+import net.oauth.OAuth;
 import net.oauth.OAuthException;
 import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
 import net.oauth.SimpleOAuthValidator;
 
+import org.apache.cxf.auth.oauth.tokens.Token;
+
 
 /**
  * @author Lukasz Moren
@@ -40,4 +44,17 @@ public class OAuthMessageValidator exten
     public void checkParameters(OAuthMessage message) throws OAuthException, IOException,
URISyntaxException {
         super.checkSingleParameters(message);
     }
+
+    public void validateToken(Token token) throws OAuthProblemException {
+        if (token == null) {
+            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
+        } else {
+            Long issuedAt = token.getIssuedAt();
+            Long lifetime = token.getLifetime();
+            if (lifetime != null
+                && (issuedAt + lifetime < (System.currentTimeMillis() / 1000)))
{
+                throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
+            }
+        }
+    }
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidator.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidator.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidator.java
(original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidator.java
Thu Aug 12 22:30:02 2010
@@ -24,16 +24,20 @@ import java.net.URISyntaxException;
 import net.oauth.OAuthAccessor;
 import net.oauth.OAuthException;
 import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+
+import org.apache.cxf.auth.oauth.tokens.Token;
 
 /**
  * @author Lukasz Moren
  */
 public interface OAuthValidator {
-    String OAUTH_VALIDATOR_CLASS_NAME = "oAuthValidatorClassName";
 
     void validateMessage(OAuthMessage message, OAuthAccessor accessor)
         throws OAuthException, IOException, URISyntaxException;
 
     void checkParameters(OAuthMessage message)
         throws OAuthException, IOException, URISyntaxException;
+
+    void validateToken(Token token) throws OAuthProblemException;
 }

Copied: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/TestMemoryOAuthDataProvider.java
(from r982045, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/servlets/TestMemoryOAuthDataProvider.java)
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/TestMemoryOAuthDataProvider.java?p2=cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/TestMemoryOAuthDataProvider.java&p1=cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/servlets/TestMemoryOAuthDataProvider.java&r1=982045&r2=985017&rev=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/servlets/TestMemoryOAuthDataProvider.java
(original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/TestMemoryOAuthDataProvider.java
Thu Aug 12 22:30:02 2010
@@ -16,9 +16,9 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.apache.cxf.auth.oauth.servlets;
+package org.apache.cxf.auth.oauth;
 
-import org.apache.cxf.auth.oauth.provider.ClientAuthNInfoImpl;
+import org.apache.cxf.auth.oauth.provider.ClientImpl;
 import org.apache.cxf.auth.oauth.provider.MemoryOauthDataProvider;
 
 /**
@@ -28,7 +28,7 @@ public class TestMemoryOAuthDataProvider
 
     public TestMemoryOAuthDataProvider() {
         super();
-        ClientAuthNInfoImpl client = new ClientAuthNInfoImpl("12345678", "secret",
+        ClientImpl client = new ClientImpl("12345678", "secret",
             "http://www.example.com/callback");
         clientAuthInfo.putIfAbsent("12345678", client);
     }

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/TestMemoryOAuthDataProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/TestMemoryOAuthDataProvider.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/TestOAuthRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/TestOAuthRequestHandler.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/TestOAuthRequestHandler.java
(original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/TestOAuthRequestHandler.java
Thu Aug 12 22:30:02 2010
@@ -19,15 +19,17 @@
 
 package org.apache.cxf.auth.oauth;
 
+import java.security.Principal;
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.cxf.auth.oauth.handlers.AbstractOAuthRequestHandler;
+import org.apache.cxf.common.security.SimplePrincipal;
 
 /**
  * @author Lukasz Moren
  */
 public class TestOAuthRequestHandler extends AbstractOAuthRequestHandler {
-    public String loggedUser(HttpServletRequest request) {
-        return "testUser";
+    public Principal loggedPrincipal(HttpServletRequest request) {
+        return new SimplePrincipal("testUser");
     }
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/OAuthTestUtils.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/OAuthTestUtils.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/OAuthTestUtils.java
(original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/OAuthTestUtils.java
Thu Aug 12 22:30:02 2010
@@ -41,6 +41,7 @@ import net.oauth.client.URLConnectionCli
 
 import org.apache.cxf.common.util.StringUtils;
 
+
 import org.eclipse.jetty.http.HttpHeaders;
 import org.junit.Assert;
 

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceTest.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceTest.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceTest.java
(original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceTest.java
Thu Aug 12 22:30:02 2010
@@ -24,6 +24,7 @@ import org.apache.cxf.common.logging.Log
 import org.apache.cxf.endpoint.Server;
 import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
 
+
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/oauth-beans.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/oauth-beans.xml?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/oauth-beans.xml (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/oauth-beans.xml Thu Aug 12 22:30:02
2010
@@ -55,7 +55,6 @@ under the License.
     </bean>
 
     <bean id="requestHandler" class="org.apache.cxf.auth.oauth.TestOAuthRequestHandler">
-        <property name="OAuthValidator" ref="validator"/>
         <property name="OAuthDataProvider" ref="oauthDataProvider"/>
     </bean>
 
@@ -67,15 +66,16 @@ under the License.
     </bean>
 
     <bean id="oauthDataProvider" class="org.apache.cxf.auth.oauth.provider.MemoryOauthDataProvider">
+        <property name="validator" ref="validator"/>
         <property name="clientAuthInfo">
             <map key-type="java.lang.String"
-                 value-type="org.apache.cxf.auth.oauth.provider.ClientAuthNInfo">
+                 value-type="org.apache.cxf.auth.oauth.provider.Client">
                 <entry key="12345678" value-ref="clientAuthInfo"/>
             </map>
         </property>
     </bean>
 
-    <bean id="clientAuthInfo" class="org.apache.cxf.auth.oauth.provider.ClientAuthNInfoImpl">
+    <bean id="clientAuthInfo" class="org.apache.cxf.auth.oauth.provider.ClientImpl">
         <constructor-arg value="12345678"/>
         <constructor-arg value="secret"/>
         <constructor-arg value="http://www.example.com/callback"/>



Mime
View raw message