cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmo...@apache.org
Subject svn commit: r1032793 [1/2] - in /cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core: ./ src/ src/main/ src/main/java/ src/main/java/org/ src/main/java/org/apache/ src/main/java/org/apache/cxf/ src/main/java/org/apache/cxf/auth/ src/main/java/org/apache/cxf/...
Date Tue, 09 Nov 2010 00:24:18 GMT
Author: lmoren
Date: Tue Nov  9 00:24:17 2010
New Revision: 1032793

URL: http://svn.apache.org/viewvc?rev=1032793&view=rev
Log:
- separated spring module
- few improvements and simplifications

Added:
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/pom.xml   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/interceptors/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityFilter.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthClientManager.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/MD5TokenGenerator.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/AccessToken.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthScope.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/RequestToken.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/Token.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/utils/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/validation/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidator.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/apache/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/apache/cxf/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/apache/cxf/auth/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/apache/cxf/auth/oauth/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/apache/cxf/auth/oauth/TestSampleOAuthDataProvider.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/apache/cxf/auth/oauth/endpoints/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceTest.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/apache/cxf/auth/oauth/server/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/apache/cxf/auth/oauth/server/AbstractJettyServerTest.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/apache/cxf/auth/oauth/server/ExampleServlet.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/apache/cxf/auth/oauth/utils/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/apache/cxf/auth/oauth/utils/OAuthTestUtils.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/resources/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/resources/server/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/resources/server/WEB-INF/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/resources/server/WEB-INF/oauth-beans.xml   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/resources/server/WEB-INF/web.xml   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/resources/servlet/

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Tue Nov  9 00:24:17 2010
@@ -0,0 +1 @@
+target

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/pom.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/pom.xml?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/pom.xml (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/pom.xml Tue Nov  9 00:24:17 2010
@@ -0,0 +1,95 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.apache.cxf</groupId>
+    <artifactId>cxf-rt-rs-oauth-core</artifactId>
+    <version>2.3.0-SNAPSHOT</version>
+
+    <packaging>jar</packaging>
+    <name>Apache CXF Runtime OAuth 1.0a Core</name>
+    <url>http://cxf.apache.org</url>
+
+    <parent>
+        <artifactId>cxf-rt-rs-oauth</artifactId>
+        <groupId>org.apache.cxf</groupId>
+        <version>2.3.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-transports-http-jetty</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>net.oauth.core</groupId>
+            <artifactId>oauth-provider</artifactId>
+        </dependency>
+
+        <!--test dependencies-->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-server</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-webapp</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-servlet</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.easymock</groupId>
+            <artifactId>easymock</artifactId>
+            <version>2.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-testutils</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-transports-http-jetty</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>net.oauth.core</groupId>
+            <artifactId>oauth-consumer</artifactId>
+            <version>${oauth.version}</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/pom.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/pom.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/pom.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.endpoints;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+
+/**
+ * @author Lukasz Moren
+ */
+@Path("/authorize")
+public interface AuthorizationService {
+
+    String AUTHENTICITY_TOKEN = "authenticityToken";
+    String X_OAUTH_SCOPE = "x_oauth_scope";
+
+    String AUTHORIZATION_DECISION_KEY = "oauthDecision";
+    String AUTHORIZATION_DECISION_ALLOW = "allow";
+    String AUTHORIZATION_DECISION_DENY = "deny";
+
+    String OOB = "oob";
+
+
+    @GET
+    @Path("/")
+    Response authorizeUser(@Context HttpServletRequest request, @Context HttpServletResponse response);
+}
\ No newline at end of file

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,203 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.auth.oauth.endpoints;
+
+import java.net.URI;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.auth.oauth.provider.Client;
+import org.apache.cxf.auth.oauth.provider.OAuthAuthorizationData;
+import org.apache.cxf.auth.oauth.tokens.RequestToken;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.StringUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+@Path("/authorize")
+public class AuthorizationServiceImpl extends OAuthAbstractService implements AuthorizationService {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(AuthorizationServiceImpl.class);
+
+    private String displayVerifierURL;
+
+    @GET
+    @Path("/")
+    public Response authorizeUser(@Context HttpServletRequest request,
+                                  @Context HttpServletResponse response) {
+
+        try {
+            LOG.log(Level.INFO, "Resource Owner Authorization Endpoint invoked");
+
+            //create security token that is passed to sign in page and validate it in confirmation service
+            OAuthAuthorizationData secData = new OAuthAuthorizationData();
+
+            OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+
+            oAuthMessage.requireParameters(OAuth.OAUTH_TOKEN);
+            dataProvider.getValidator().checkParameters(oAuthMessage);
+
+
+            RequestToken token = dataProvider
+                .getRequestToken(oAuthMessage.getToken(), null);
+            if (token == null) {
+                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
+            }
+
+            //check if user is logged in
+            Principal principal = dataProvider.loggedPrincipal(request);
+            boolean authentic = compareRequestSessionTokens(request);
+            List<String> scopes = OAuthUtils.parseScopesFromRequest(oAuthMessage);
+
+            if (principal == null || StringUtils.isEmpty(principal.getName()) || !authentic) {
+                //add authenticity token into session
+
+                secData.setScopes(dataProvider.getAvailableScopes(scopes));
+
+                addAuthenticityTokenToSession(secData, request);
+                return Response.ok(addAdditionalParams(secData, token, principal)).build();
+            }
+
+            String decision = request.getParameter(AUTHORIZATION_DECISION_KEY);
+            Client clientInfo = token.getClient();
+            if (!AUTHORIZATION_DECISION_ALLOW.equals(decision)) {
+                //user not authorized client
+                secData.setCallback(clientInfo.getCallbackURL());
+                return Response.ok(addAdditionalParams(secData, token, principal)).build();
+            }
+
+            token = dataProvider
+                .generateVerifier(oAuthMessage.getToken(), principal,
+                    dataProvider.getAvailableScopes(scopes));
+            if (token == null) {
+                throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
+            }
+
+            String callbackURL = clientInfo.getCallbackURL();
+
+            if (OOB.equals(callbackURL)) {
+                String oauthVerifier = token.getOauthVerifier();
+                String url = new StringBuffer(displayVerifierURL).append("?oauth_verifier=")
+                    .append(oauthVerifier).toString();
+                return Response.seeOther(URI.create(url)).build();
+            }
+
+            Map<String, String> queryParams = new HashMap<String, String>();
+            queryParams.put(OAuth.OAUTH_VERIFIER, token.getOauthVerifier());
+            queryParams.put(OAuth.OAUTH_TOKEN, token.getTokenString());
+
+            callbackURL = buildCallbackUrl(callbackURL, queryParams);
+
+
+            return Response.status(HttpServletResponse.SC_MOVED_TEMPORARILY)
+                .location(URI.create(callbackURL))
+                .build();
+
+        } catch (OAuthProblemException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, e.getHttpStatusCode(),
+                String.valueOf(e.getParameters().get("realm")));
+        } catch (Exception e) {
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "Server exception: {0}", new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    protected String buildCallbackUrl(String callbackURL, final Map<String, String> queryParams) {
+
+        boolean containsQuestionMark = callbackURL.contains("?");
+
+
+        StringBuffer query = new StringBuffer(OAuthUtils.format(queryParams.entrySet(), "UTF-8"));
+        StringBuffer url = new StringBuffer(callbackURL);
+
+        if (!StringUtils.isEmpty(url.toString())) {
+            if (containsQuestionMark) {
+                url.append("&").append(query);
+            } else {
+                url.append("?").append(query);
+            }
+        }
+
+        return url.toString();
+    }
+
+    private void addAuthenticityTokenToSession(OAuthAuthorizationData secData, HttpServletRequest request) {
+        HttpSession session = request.getSession();
+        String value = UUID.randomUUID().toString();
+
+        secData.setAuthenticityToken(value);
+        session.setAttribute(AUTHENTICITY_TOKEN, value);
+    }
+
+    protected OAuthAuthorizationData addAdditionalParams(OAuthAuthorizationData secData, RequestToken token,
+                                                         Principal principal) {
+        secData.setOauthToken(token.getTokenString());
+        secData.setApplicationName(token.getClient().getApplicationName());
+        if (principal == null) {
+            secData.setUserName(null);
+        } else {
+            secData.setUserName(principal.getName());
+        }
+
+        return secData;
+    }
+
+    private boolean compareRequestSessionTokens(HttpServletRequest request) {
+        HttpSession session = request.getSession();
+        String requestToken = request.getParameter(AUTHENTICITY_TOKEN);
+        String sessionToken = (String)session.getAttribute(AUTHENTICITY_TOKEN);
+
+        if (StringUtils.isEmpty(requestToken) || StringUtils.isEmpty(sessionToken)) {
+            return false;
+        }
+
+        boolean b = requestToken.equals(sessionToken);
+        session.removeAttribute(AUTHENTICITY_TOKEN);
+        return b;
+    }
+
+    public void setDisplayVerifierURL(String displayVerifierURL) {
+        this.displayVerifierURL = displayVerifierURL;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.endpoints;
+
+import javax.servlet.ServletContext;
+
+import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+
+import org.springframework.web.context.ServletContextAware;
+
+/**
+ * @author Lukasz Moren
+ */
+public abstract class OAuthAbstractService implements ServletContextAware {
+    protected OAuthDataProvider dataProvider;
+
+    public void setServletContext(ServletContext servletContext) {
+        dataProvider = OAuthUtils.getOAuthDataProviderFromServletContext(servletContext);
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthAbstractService.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.endpoints;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+
+/**
+ * @author Lukasz Moren
+ */
+@Path("/initiate")
+public interface TemporaryCredentialsService {
+    @POST
+    @Produces("application/x-www-form-urlencoded")
+    Response getTemporaryCredentials(@Context HttpServletRequest request,
+                                     @Context HttpServletResponse response);
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,170 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.auth.oauth.endpoints;
+
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.auth.oauth.provider.Client;
+import org.apache.cxf.auth.oauth.tokens.RequestToken;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.StringUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+@Path("/initiate")
+public class TemporaryCredentialsServiceImpl extends OAuthAbstractService
+    implements TemporaryCredentialsService {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(TemporaryCredentialsServiceImpl.class);
+
+    {
+        LOG.log(Level.INFO, "Initializing: {0}", TemporaryCredentialsServiceImpl.class.getName());
+    }
+
+    @POST
+    @Produces("application/x-www-form-urlencoded")
+    public Response getTemporaryCredentials(@Context HttpServletRequest request,
+                                            @Context HttpServletResponse response) {
+        try {
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.log(Level.FINE, "Temporary Service Credentials service invoked by host: {0}",
+                    new Object[] {request.getRemoteHost()});
+            }
+            OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+
+            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
+                OAuth.OAUTH_SIGNATURE_METHOD,
+                OAuth.OAUTH_SIGNATURE,
+                OAuth.OAUTH_TIMESTAMP,
+                OAuth.OAUTH_NONCE,
+                OAuth.OAUTH_CALLBACK);
+
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.log(Level.FINE, "All required OAuth parameters are present");
+            }
+
+            Client authNInfo = dataProvider
+                .getClientAuthenticationInfo(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));
+
+            //client credentials not found
+            if (authNInfo == null) {
+                OAuthProblemException problemEx = new OAuthProblemException(
+                    OAuth.Problems.CONSUMER_KEY_UNKNOWN);
+                problemEx
+                    .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
+                        HttpServletResponse.SC_UNAUTHORIZED);
+                throw problemEx;
+            }
+
+            OAuthConsumer consumer = new OAuthConsumer(oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK),
+                authNInfo.getConsumerKey(), authNInfo.getSecretKey(), null);
+
+            OAuthAccessor accessor = new OAuthAccessor(consumer);
+
+            //validate message
+            try {
+                dataProvider.getValidator().validateMessage(oAuthMessage, accessor);
+            } catch (URISyntaxException e) {
+                throw new OAuthException(e);
+            }
+
+            //set callback url from request, or use preregistered one
+            authNInfo = setCallbackURL(authNInfo,
+                oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK));
+
+            RequestToken requestToken = dataProvider.generateRequestToken(authNInfo, (long)3600);
+
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
+            }
+            //create response
+            Map<String, Object> responseParams = new HashMap<String, Object>();
+            responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenString());
+            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
+            responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);
+
+            String responseBody = OAuth.formEncode(responseParams.entrySet());
+
+            return Response.ok(responseBody).build();
+        } catch (OAuthProblemException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, e.getHttpStatusCode(),
+                String.valueOf(e.getParameters().get("realm")));
+        } catch (Exception e) {
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
+                    new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+
+    }
+
+    protected Client setCallbackURL(Client authNInfo,
+                                    String oauthCallback) throws OAuthProblemException {
+
+        if (oauthCallback.equals(Client.OAUTH_OOB)) {
+            authNInfo.setCallbackURL(Client.OAUTH_OOB);
+            return authNInfo;
+        }
+
+        String registeredCallbackURL = authNInfo.getCallbackURL();
+        if (!StringUtils.isEmpty(registeredCallbackURL)) {
+            if (!registeredCallbackURL.equals(oauthCallback)) {
+                OAuthProblemException problemEx = new OAuthProblemException(
+                    OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK);
+                problemEx
+                    .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
+                        HttpServletResponse.SC_BAD_REQUEST);
+                throw problemEx;
+            }
+            return authNInfo;
+        }
+
+        //there was no preregistered url, use one from request
+        authNInfo.setCallbackURL(oauthCallback);
+
+        return authNInfo;
+    }
+
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.endpoints;
+
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+/**
+ * @author Lukasz Moren
+ */
+@Path("/token")
+public interface TokenCredentialsService {
+
+    @GET
+    @Produces("application/x-www-form-urlencoded")
+    Response getTokenCredentials(@Context HttpServletRequest request);
+}
\ No newline at end of file

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,107 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.auth.oauth.endpoints;
+
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.auth.oauth.provider.Client;
+import org.apache.cxf.auth.oauth.tokens.AccessToken;
+import org.apache.cxf.auth.oauth.tokens.RequestToken;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.common.logging.LogUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+@Path("/token")
+public class TokenCredentialsServiceImpl extends OAuthAbstractService implements TokenCredentialsService {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(TokenCredentialsServiceImpl.class);
+
+    @GET
+    @Produces("application/x-www-form-urlencoded")
+    public Response getTokenCredentials(@Context HttpServletRequest request) {
+        OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+
+        try {
+            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
+                OAuth.OAUTH_TOKEN,
+                OAuth.OAUTH_SIGNATURE_METHOD,
+                OAuth.OAUTH_SIGNATURE,
+                OAuth.OAUTH_TIMESTAMP,
+                OAuth.OAUTH_NONCE,
+                OAuth.OAUTH_VERIFIER);
+
+            RequestToken token = dataProvider
+                .getRequestToken(oAuthMessage.getToken(), oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER));
+
+            Client authInfo = token.getClient();
+            OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
+                authInfo.getSecretKey(), null);
+            OAuthAccessor accessor = new OAuthAccessor(consumer);
+            try {
+                dataProvider.getValidator().validateMessage(oAuthMessage, accessor);
+            } catch (URISyntaxException e) {
+                throw new OAuthException(e);
+            }
+
+            AccessToken accessToken = dataProvider.generateAccessToken(token.getPrincipal(), token);
+
+            //create response
+            Map<String, Object> responseParams = new HashMap<String, Object>();
+            responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenString());
+            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
+
+            String response = OAuth.formEncode(responseParams.entrySet());
+            return Response.ok(response).build();
+
+        } catch (OAuthProblemException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, e.getHttpStatusCode(),
+                String.valueOf(e.getParameters().get("realm")));
+        } catch (Exception e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "Server Exception: {0}", new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityFilter.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityFilter.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityFilter.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityFilter.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,126 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.interceptors;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import javax.servlet.http.HttpServletResponse;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.auth.oauth.provider.Client;
+import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.auth.oauth.tokens.AccessToken;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.common.logging.LogUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+public class OAuthSecurityFilter implements Filter {
+
+    public static final String OAUTH_AUTHORITIES = "oauth_authorities";
+
+    private static final Logger LOG = LogUtils.getL7dLogger(OAuthSecurityFilter.class);
+
+    protected OAuthDataProvider dataProvider;
+
+    public void init(FilterConfig filterConfig) throws ServletException {
+        ServletContext servletContext = filterConfig.getServletContext();
+        dataProvider = OAuthUtils.getOAuthDataProviderFromServletContext(servletContext);
+    }
+
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+        throws IOException, ServletException {
+        HttpServletRequest req = (HttpServletRequest)request;
+        HttpServletResponse resp = (HttpServletResponse)response;
+
+        try {
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.log(Level.FINE, "OAuth security interceptor for url: {0}", req.getRequestURL());
+            }
+            OAuthMessage oAuthMessage = OAuthServlet.getMessage(req, req.getRequestURL().toString());
+            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
+                OAuth.OAUTH_TOKEN,
+                OAuth.OAUTH_SIGNATURE_METHOD,
+                OAuth.OAUTH_SIGNATURE,
+                OAuth.OAUTH_TIMESTAMP,
+                OAuth.OAUTH_NONCE);
+
+            final AccessToken accessToken = dataProvider
+                .getAccessToken(oAuthMessage.getToken(), oAuthMessage.getConsumerKey());
+            Client authInfo = accessToken.getClient();
+
+            OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
+                authInfo.getSecretKey(), null);
+
+            OAuthAccessor accessor = new OAuthAccessor(consumer);
+
+
+            dataProvider.getValidator().validateMessage(oAuthMessage, accessor);
+
+
+            request = new HttpServletRequestWrapper(req) {
+
+                @Override
+                public Principal getUserPrincipal() {
+                    return accessToken.getPrincipal();
+                }
+
+                @Override
+                public boolean isUserInRole(String role) {
+                    for (String authority : accessToken.getAuthorities()) {
+                        if (authority.equals(role)) {
+                            return true;
+                        }
+                    }
+
+                    return false;
+                }
+            };
+
+            request.setAttribute(OAuthSecurityFilter.OAUTH_AUTHORITIES, accessToken.getAuthorities());
+
+            chain.doFilter(request, response);
+        } catch (OAuthProblemException e) {
+            OAuthServlet.handleException(resp, e, "");
+        } catch (Exception e) {
+            OAuthServlet.handleException(resp, e, "");
+        }
+    }
+
+    public void destroy() {
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityFilter.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.provider;
+
+/**
+ * @author Lukasz Moren
+ */
+public interface Client {
+    //oauth calbackurl "out of band" parameter
+    String OAUTH_OOB = "oob";
+
+    String getConsumerKey();
+
+    String getSecretKey();
+
+    String getCallbackURL();
+
+    void setCallbackURL(String callbackURL);
+
+    String getApplicationName();
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.provider;
+
+/**
+ * @author Lukasz Moren
+ */
+public class ClientImpl implements Client {
+    private String consumerKey;
+    private String secretKey;
+    private String callbackURL;
+    private String applicationName;
+
+    public ClientImpl(String consumerKey, String secretKey, String callbackURL,
+                      String applicationName) {
+        this.consumerKey = consumerKey;
+        this.secretKey = secretKey;
+        this.callbackURL = callbackURL;
+        this.applicationName = applicationName;
+    }
+
+    public ClientImpl(String consumerKey, String secretKey, String callbackURL) {
+        this(consumerKey, secretKey, callbackURL, null);
+    }
+
+    public ClientImpl(String consumerKey, String secretKey) {
+        this(consumerKey, secretKey, null);
+    }
+
+    public String getConsumerKey() {
+        return consumerKey;
+    }
+
+    public String getSecretKey() {
+        return secretKey;
+    }
+
+    public String getCallbackURL() {
+        return callbackURL;
+    }
+
+    public void setCallbackURL(String callbackURL) {
+        this.callbackURL = callbackURL;
+    }
+
+    public String getApplicationName() {
+        return applicationName;
+    }
+
+    public void setApplicationName(String applicationName) {
+        this.applicationName = applicationName;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+
+        ClientImpl that = (ClientImpl)o;
+
+        if (applicationName != null ? !applicationName.equals(that.applicationName)
+            : that.applicationName != null) {
+            return false;
+        }
+        if (callbackURL != null ? !callbackURL.equals(that.callbackURL) : that.callbackURL != null) {
+            return false;
+        }
+        if (!consumerKey.equals(that.consumerKey)) {
+            return false;
+        }
+        if (!secretKey.equals(that.secretKey)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        int result = consumerKey.hashCode();
+        result = 31 * result + secretKey.hashCode();
+        result = 31 * result + (callbackURL != null ? callbackURL.hashCode() : 0);
+        result = 31 * result + (applicationName != null ? applicationName.hashCode() : 0);
+        return result;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,246 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.auth.oauth.provider;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthException;
+import net.oauth.OAuthProblemException;
+
+import org.apache.cxf.auth.oauth.token.MD5TokenGenerator;
+import org.apache.cxf.auth.oauth.token.TokenGenerator;
+import org.apache.cxf.auth.oauth.tokens.AccessToken;
+import org.apache.cxf.auth.oauth.tokens.OAuthScope;
+import org.apache.cxf.auth.oauth.tokens.RequestToken;
+import org.apache.cxf.auth.oauth.tokens.Token;
+import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
+import org.apache.cxf.auth.oauth.validation.OAuthValidator;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.jaxrs.impl.MetadataMap;
+
+/**
+ * @author Lukasz Moren
+ */
+public abstract class MemoryOauthDataProvider implements OAuthDataProvider, OAuthClientManager {
+
+    protected ConcurrentHashMap<String, Client> clientAuthInfo
+        = new ConcurrentHashMap<String, Client>();
+
+    protected MetadataMap<String, String> userRegisteredClients
+        = new MetadataMap<String, String>();
+
+    protected MetadataMap<String, String> userAuthorizedClients
+        = new MetadataMap<String, String>();
+
+    protected ConcurrentHashMap<String, Token> oauthTokens
+        = new ConcurrentHashMap<String, Token>();
+
+    protected TokenGenerator tokenGenerator = new MD5TokenGenerator();
+
+    protected OAuthValidator validator;
+
+    public Client getClientAuthenticationInfo(String consumerKey) {
+        return clientAuthInfo.get(consumerKey);
+    }
+
+    public RequestToken generateRequestToken(Client client, Long lifetime)
+        throws OAuthException {
+        String token = generateToken();
+        String tokenSecret = generateToken();
+
+        RequestToken reqToken = new RequestToken(client, token, tokenSecret, lifetime);
+
+        oauthTokens.put(token, reqToken);
+        return reqToken;
+    }
+
+    public RequestToken getRequestToken(String tokenString, String oauthVerifier)
+        throws OAuthProblemException {
+
+        Token token = oauthTokens.get(tokenString);
+        if (token == null || (!RequestToken.class.isAssignableFrom(token.getClass()))) {
+            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
+        }
+        RequestToken requestToken = (RequestToken)token;
+
+        String expectedVerifier = requestToken.getOauthVerifier();
+        if (oauthVerifier != null && !expectedVerifier.equals(oauthVerifier)) {
+            throw new OAuthProblemException(OAuthMessageValidator.VERIFIER_INVALID);
+        }
+
+        Client c = token.getClient();
+        if (c == null) {
+            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
+        }
+
+        validator.validateToken(requestToken);
+        return requestToken;
+    }
+
+    public RequestToken generateVerifier(String token, Principal principal, List<OAuthScope> scopes)
+        throws OAuthException {
+        RequestToken requestToken = getRequestToken(token, null);
+        if (requestToken != null) {
+            requestToken.setOauthVerifier(generateToken());
+            requestToken.setPrincipal(principal);
+            requestToken.setScopes(scopes);
+        }
+
+        return requestToken;
+    }
+
+    public OAuthValidator getValidator() {
+        return validator;
+    }
+
+    public void setValidator(OAuthValidator v) {
+        this.validator = v;
+    }
+
+    public AccessToken generateAccessToken(Principal principal, RequestToken requestToken)
+        throws OAuthException {
+
+        Client client = requestToken.getClient();
+        requestToken = getRequestToken(requestToken.getTokenString(), null);
+
+        String accessTokenString = generateToken();
+        String tokenSecretString = generateToken();
+
+        AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString, 3600,
+            principal);
+
+        accessToken.setScopes(requestToken.getScopes());
+
+        synchronized (oauthTokens) {
+            oauthTokens.remove(requestToken.getTokenString());
+            oauthTokens.put(accessTokenString, accessToken);
+            synchronized (userAuthorizedClients) {
+                userAuthorizedClients.add(principal.getName(), client.getConsumerKey());
+            }
+        }
+
+        return accessToken;
+    }
+
+    public AccessToken getAccessToken(String accessToken, String consumerKey) throws OAuthProblemException {
+        Token token = oauthTokens.get(accessToken);
+        if (token == null || !AccessToken.class.isAssignableFrom(token.getClass())) {
+            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
+        }
+
+        Client c = token.getClient();
+        if (c == null || !c.getConsumerKey().equals(consumerKey)) {
+            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
+        }
+
+        validator.validateToken(token);
+        return (AccessToken)token;
+    }
+
+    public Client registerNewClient(Principal user, String consumerKey, Client client) {
+        Client authNInfo = clientAuthInfo.putIfAbsent(consumerKey, client);
+        if (authNInfo == null) {
+            userRegisteredClients.add(user.getName(), consumerKey);
+        }
+        return authNInfo;
+    }
+
+    public Set<Client> listRegisteredClients(Principal user) {
+        Set<Client> apps = new HashSet<Client>();
+        List<String> appList = userRegisteredClients.get(user.getName());
+        if (appList != null) {
+            for (String s : appList) {
+                apps.add(clientAuthInfo.get(s));
+            }
+        }
+        return apps;
+    }
+
+    public Set<Client> listAuthorizedClients(Principal user) {
+        Set<Client> apps = new HashSet<Client>();
+        List<String> appList = userAuthorizedClients.get(user.getName());
+        if (appList != null) {
+            for (String s : appList) {
+                apps.add(clientAuthInfo.get(s));
+            }
+        }
+        return apps;
+    }
+
+    public void removeTokenCredentials(Principal user, String consumerKey) {
+        if (!StringUtils.isEmpty(consumerKey)) {
+            List<String> registeredApps = this.userAuthorizedClients.get(user.getName());
+            if (registeredApps != null) {
+                registeredApps.remove(consumerKey);
+            }
+            for (Token token : oauthTokens.values()) {
+                Client authNInfo = token.getClient();
+                if (consumerKey.equals(authNInfo.getConsumerKey())) {
+                    oauthTokens.remove(token.getTokenString());
+                }
+            }
+        }
+    }
+
+    public synchronized void removeRegisteredClient(Principal user, String consumerKey) {
+        List<String> registeredApps = this.userRegisteredClients.get(user.getName());
+        this.clientAuthInfo.remove(consumerKey);
+
+        //remove registered app
+        registeredApps.remove(consumerKey);
+        this.userRegisteredClients.put(user.getName(), registeredApps);
+
+        //remove all authorized apps from other clients
+        for (Map.Entry<String, List<String>> userAuthorizedClientsSet : userAuthorizedClients.entrySet()) {
+            String principalName = userAuthorizedClientsSet.getKey();
+            List<String> clients = userAuthorizedClientsSet.getValue();
+            clients.remove(consumerKey);
+            userAuthorizedClients.put(principalName, clients);
+        }
+        //remove access tokens
+        for (Token token : oauthTokens.values()) {
+            Client authNInfo = token.getClient();
+            if (consumerKey.equals(authNInfo.getConsumerKey())) {
+                oauthTokens.remove(token.getTokenString());
+            }
+        }
+    }
+
+    protected String generateToken() throws OAuthException {
+        String token;
+        try {
+            token = tokenGenerator.generateToken(UUID.randomUUID().toString().getBytes("UTF-8"));
+        } catch (Exception e) {
+            throw new OAuthException("Unable to create token ", e.getCause());
+        }
+        return token;
+    }
+
+    public void setClientAuthInfo(Map<String, Client> clientAuthInfo) {
+        this.clientAuthInfo.putAll(clientAuthInfo);
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.provider;
+
+import java.io.Serializable;
+import java.util.List;
+
+import org.apache.cxf.auth.oauth.tokens.OAuthScope;
+
+/**
+ * Additional parameters passed to sign in page
+ *
+ * @author Lukasz Moren
+ */
+public class OAuthAuthorizationData implements Serializable {
+    private String oauthToken;
+    private String authenticityToken;
+    private String applicationName;
+    private String userName;
+    private String callback;
+    private String oauthVerifier;
+    private List<OAuthScope> scopes;
+
+    public OAuthAuthorizationData() {
+    }
+
+    public OAuthAuthorizationData(String oauthToken) {
+        this.oauthToken = oauthToken;
+    }
+
+    public String getOauthToken() {
+        return oauthToken;
+    }
+
+    public void setOauthToken(String oauthToken) {
+        this.oauthToken = oauthToken;
+    }
+
+    public String getAuthenticityToken() {
+        return authenticityToken;
+    }
+
+    public void setAuthenticityToken(String authenticityToken) {
+        this.authenticityToken = authenticityToken;
+    }
+
+    public String getApplicationName() {
+        return applicationName;
+    }
+
+    public void setApplicationName(String applicationName) {
+        this.applicationName = applicationName;
+    }
+
+    public String getUserName() {
+        return userName;
+    }
+
+    public void setUserName(String userName) {
+        this.userName = userName;
+    }
+
+    public String getCallback() {
+        return callback;
+    }
+
+    public void setCallback(String callback) {
+        this.callback = callback;
+    }
+
+    public String getOauthVerifier() {
+        return oauthVerifier;
+    }
+
+    public void setOauthVerifier(String oauthVerifier) {
+        this.oauthVerifier = oauthVerifier;
+    }
+
+    public List<OAuthScope> getScopes() {
+        return scopes;
+    }
+
+    public void setScopes(List<OAuthScope> scopes) {
+        this.scopes = scopes;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthClientManager.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthClientManager.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthClientManager.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthClientManager.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.provider;
+
+import java.security.Principal;
+import java.util.Set;
+
+/**
+ * @author Lukasz Moren
+ */
+public interface OAuthClientManager {
+    Client registerNewClient(Principal user, String consumerKey, Client client);
+
+    Set<Client> listRegisteredClients(Principal user);
+
+    Set<Client> listAuthorizedClients(Principal user);
+
+    void removeRegisteredClient(Principal user, String consumerKey);
+
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthClientManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthClientManager.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.auth.oauth.provider;
+
+import java.security.Principal;
+import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+
+import net.oauth.OAuthException;
+import net.oauth.OAuthProblemException;
+
+import org.apache.cxf.auth.oauth.tokens.AccessToken;
+import org.apache.cxf.auth.oauth.tokens.OAuthScope;
+import org.apache.cxf.auth.oauth.tokens.RequestToken;
+import org.apache.cxf.auth.oauth.validation.OAuthValidator;
+
+/**
+ * @author Lukasz Moren
+ */
+public interface OAuthDataProvider {
+
+    String OAUTH_DATA_PROVIDER_CLASS = "oauth.data.provider-class";
+    String OAUTH_DATA_VALIDATOR_CLASS = "oauth.data.validator-class";
+    String OAUTH_DATA_PROVIDER_INSTANCE_KEY = "oauth.data.provider-instance.key";
+
+    Client getClientAuthenticationInfo(String consumerKey);
+
+    RequestToken generateRequestToken(Client authInfo, Long lifetime) throws OAuthException;
+
+    AccessToken generateAccessToken(Principal user, RequestToken requestToken) throws OAuthException;
+
+    AccessToken getAccessToken(String accessToken, String consumerKey) throws OAuthProblemException;
+
+    RequestToken getRequestToken(String tokenString, String oauthVerifier)
+        throws OAuthProblemException;
+
+    void removeTokenCredentials(Principal user, String consumerKey);
+
+    RequestToken generateVerifier(String token, Principal principal, List<OAuthScope> scopes)
+        throws OAuthException;
+
+    OAuthValidator getValidator();
+
+    void setValidator(OAuthValidator validator);
+
+    List<OAuthScope> getAvailableScopes(List<String> requestScopes);
+
+    Principal loggedPrincipal(HttpServletRequest request);
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/MD5TokenGenerator.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/MD5TokenGenerator.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/MD5TokenGenerator.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/MD5TokenGenerator.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.token;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import net.oauth.OAuthException;
+
+/**
+ * @author Lukasz Moren
+ */
+public class MD5TokenGenerator implements TokenGenerator {
+    public String generateToken(byte[] input) throws OAuthException {
+        if (input == null) {
+            throw new OAuthException("You have to pass input to Token Generator");
+        }
+
+        try {
+            MessageDigest algorithm = MessageDigest.getInstance("MD5");
+            algorithm.reset();
+            algorithm.update(input);
+            byte[] messageDigest = algorithm.digest();
+            StringBuffer hexString = new StringBuffer();
+            for (int i = 0; i < messageDigest.length; i++) {
+                hexString.append(Integer.toHexString(0xFF & messageDigest[i]));
+            }
+
+            return hexString.toString();
+        } catch (NoSuchAlgorithmException e) {
+            throw new OAuthException(e);
+        }
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/MD5TokenGenerator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/MD5TokenGenerator.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,28 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.token;
+
+import net.oauth.OAuthException;
+
+/**
+ * @author Lukasz Moren
+ */
+public interface TokenGenerator {
+    String generateToken(byte[] input) throws OAuthException;
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/AccessToken.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/AccessToken.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/AccessToken.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/AccessToken.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.tokens;
+
+import java.security.Principal;
+
+import org.apache.cxf.auth.oauth.provider.Client;
+
+/**
+ * @author Lukasz Moren
+ */
+public class AccessToken extends Token {
+    public AccessToken(Client client, String tokenString,
+                       String tokenSecret, Principal principal) {
+        super(client, tokenString, tokenSecret, principal);
+    }
+
+    public AccessToken(Client client, String tokenString,
+                       String tokenSecret, long lifeTime, Principal principal) {
+        super(client, tokenString, tokenSecret, lifeTime, principal);
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/AccessToken.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/AccessToken.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthScope.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthScope.java?rev=1032793&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthScope.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthScope.java Tue Nov  9 00:24:17 2010
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.tokens;
+
+/**
+ * @author Lukasz Moren
+ */
+public class OAuthScope {
+    private String scope;
+    private String description;
+    private String role;
+
+    public OAuthScope(String scope, String description, String role) {
+        this.description = description;
+        this.role = role;
+        this.scope = scope;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    public String getScope() {
+        return scope;
+    }
+
+    public void setScope(String scope) {
+        this.scope = scope;
+    }
+
+    public String getRole() {
+        return role;
+    }
+
+    public void setRole(String role) {
+        this.role = role;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthScope.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthScope.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date



Mime
View raw message