cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmo...@apache.org
Subject svn commit: r1037649 [1/2] - in /cxf/sandbox/oauth_1.0a/rt/rs/oauth: ./ oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/ oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/ oauth-core/src/main/java/org/apache/cxf/auth/oauth/interc...
Date Mon, 22 Nov 2010 09:50:34 GMT
Author: lmoren
Date: Mon Nov 22 09:50:33 2010
New Revision: 1037649

URL: http://svn.apache.org/viewvc?rev=1037649&view=rev
Log:
- added scope-permission authorization style
- support for wildcards in scope url

Added:
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthDefaultServices.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthService.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/AuthorizationRequestHandler.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TemporaryCredentialsHandler.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TokenCredentialsRequestHandler.java   (with props)
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthPermission.java   (contents, props changed)
      - copied, changed from r1032795, cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthScope.java
Removed:
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthScope.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/
Modified:
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityFilter.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/Token.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/test/java/org/apache/cxf/auth/oauth/TestSampleOAuthDataProvider.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java?rev=1037649&r1=1037648&r2=1037649&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationService.java Mon Nov 22 09:50:33 2010
@@ -32,17 +32,6 @@ import javax.ws.rs.core.Response;
 @Path("/authorize")
 public interface AuthorizationService {
 
-    String AUTHENTICITY_TOKEN = "authenticityToken";
-    String X_OAUTH_SCOPE = "x_oauth_scope";
-
-    String AUTHORIZATION_DECISION_KEY = "oauthDecision";
-    String AUTHORIZATION_DECISION_ALLOW = "allow";
-    String AUTHORIZATION_DECISION_DENY = "deny";
-
-    String OOB = "oob";
-
-
     @GET
-    @Path("/")
     Response authorizeUser(@Context HttpServletRequest request, @Context HttpServletResponse response);
 }
\ No newline at end of file

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java?rev=1037649&r1=1037648&r2=1037649&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java Mon Nov 22 09:50:33 2010
@@ -19,33 +19,15 @@
 
 package org.apache.cxf.auth.oauth.endpoints;
 
-import java.net.URI;
-import java.security.Principal;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
-import java.util.logging.Level;
-import java.util.logging.Logger;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 
-import net.oauth.OAuth;
-import net.oauth.OAuthMessage;
-import net.oauth.OAuthProblemException;
-import net.oauth.server.OAuthServlet;
-
-import org.apache.cxf.auth.oauth.provider.Client;
-import org.apache.cxf.auth.oauth.provider.OAuthAuthorizationData;
-import org.apache.cxf.auth.oauth.tokens.RequestToken;
-import org.apache.cxf.auth.oauth.utils.OAuthUtils;
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.auth.oauth.handlers.AuthorizationRequestHandler;
+import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
 
 /**
  * @author Lukasz Moren
@@ -53,148 +35,13 @@ import org.apache.cxf.common.util.String
 @Path("/authorize")
 public class AuthorizationServiceImpl extends OAuthAbstractService implements AuthorizationService {
 
-    private static final Logger LOG = LogUtils.getL7dLogger(AuthorizationServiceImpl.class);
-
     private String displayVerifierURL;
 
     @GET
-    @Path("/")
     public Response authorizeUser(@Context HttpServletRequest request,
                                   @Context HttpServletResponse response) {
-
-        try {
-            LOG.log(Level.INFO, "Resource Owner Authorization Endpoint invoked");
-
-            //create security token that is passed to sign in page and validate it in confirmation service
-            OAuthAuthorizationData secData = new OAuthAuthorizationData();
-
-            OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
-
-            oAuthMessage.requireParameters(OAuth.OAUTH_TOKEN);
-            dataProvider.getValidator().checkParameters(oAuthMessage);
-
-
-            RequestToken token = dataProvider
-                .getRequestToken(oAuthMessage.getToken(), null);
-            if (token == null) {
-                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
-            }
-
-            //check if user is logged in
-            Principal principal = dataProvider.loggedPrincipal(request);
-            boolean authentic = compareRequestSessionTokens(request);
-            List<String> scopes = OAuthUtils.parseScopesFromRequest(oAuthMessage);
-
-            if (principal == null || StringUtils.isEmpty(principal.getName()) || !authentic) {
-                //add authenticity token into session
-
-                secData.setScopes(dataProvider.getAvailableScopes(scopes));
-
-                addAuthenticityTokenToSession(secData, request);
-                return Response.ok(addAdditionalParams(secData, token, principal)).build();
-            }
-
-            String decision = request.getParameter(AUTHORIZATION_DECISION_KEY);
-            Client clientInfo = token.getClient();
-            if (!AUTHORIZATION_DECISION_ALLOW.equals(decision)) {
-                //user not authorized client
-                secData.setCallback(clientInfo.getCallbackURL());
-                return Response.ok(addAdditionalParams(secData, token, principal)).build();
-            }
-
-            token = dataProvider
-                .generateVerifier(oAuthMessage.getToken(), principal,
-                    dataProvider.getAvailableScopes(scopes));
-            if (token == null) {
-                throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
-            }
-
-            String callbackURL = clientInfo.getCallbackURL();
-
-            if (OOB.equals(callbackURL)) {
-                String oauthVerifier = token.getOauthVerifier();
-                String url = new StringBuffer(displayVerifierURL).append("?oauth_verifier=")
-                    .append(oauthVerifier).toString();
-                return Response.seeOther(URI.create(url)).build();
-            }
-
-            Map<String, String> queryParams = new HashMap<String, String>();
-            queryParams.put(OAuth.OAUTH_VERIFIER, token.getOauthVerifier());
-            queryParams.put(OAuth.OAUTH_TOKEN, token.getTokenString());
-
-            callbackURL = buildCallbackUrl(callbackURL, queryParams);
-
-
-            return Response.status(HttpServletResponse.SC_MOVED_TEMPORARILY)
-                .location(URI.create(callbackURL))
-                .build();
-
-        } catch (OAuthProblemException e) {
-            if (LOG.isLoggable(Level.WARNING)) {
-                LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[] {e.fillInStackTrace()});
-            }
-            return OAuthUtils.handleException(e, e.getHttpStatusCode(),
-                String.valueOf(e.getParameters().get("realm")));
-        } catch (Exception e) {
-            if (LOG.isLoggable(Level.SEVERE)) {
-                LOG.log(Level.SEVERE, "Server exception: {0}", new Object[] {e.fillInStackTrace()});
-            }
-            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-        }
-    }
-
-    protected String buildCallbackUrl(String callbackURL, final Map<String, String> queryParams) {
-
-        boolean containsQuestionMark = callbackURL.contains("?");
-
-
-        StringBuffer query = new StringBuffer(OAuthUtils.format(queryParams.entrySet(), "UTF-8"));
-        StringBuffer url = new StringBuffer(callbackURL);
-
-        if (!StringUtils.isEmpty(url.toString())) {
-            if (containsQuestionMark) {
-                url.append("&").append(query);
-            } else {
-                url.append("?").append(query);
-            }
-        }
-
-        return url.toString();
-    }
-
-    private void addAuthenticityTokenToSession(OAuthAuthorizationData secData, HttpServletRequest request) {
-        HttpSession session = request.getSession();
-        String value = UUID.randomUUID().toString();
-
-        secData.setAuthenticityToken(value);
-        session.setAttribute(AUTHENTICITY_TOKEN, value);
-    }
-
-    protected OAuthAuthorizationData addAdditionalParams(OAuthAuthorizationData secData, RequestToken token,
-                                                         Principal principal) {
-        secData.setOauthToken(token.getTokenString());
-        secData.setApplicationName(token.getClient().getApplicationName());
-        if (principal == null) {
-            secData.setUserName(null);
-        } else {
-            secData.setUserName(principal.getName());
-        }
-
-        return secData;
-    }
-
-    private boolean compareRequestSessionTokens(HttpServletRequest request) {
-        HttpSession session = request.getSession();
-        String requestToken = request.getParameter(AUTHENTICITY_TOKEN);
-        String sessionToken = (String)session.getAttribute(AUTHENTICITY_TOKEN);
-
-        if (StringUtils.isEmpty(requestToken) || StringUtils.isEmpty(sessionToken)) {
-            return false;
-        }
-
-        boolean b = requestToken.equals(sessionToken);
-        session.removeAttribute(AUTHENTICITY_TOKEN);
-        return b;
+        OAuthRequestHandler handler = new AuthorizationRequestHandler(dataProvider, displayVerifierURL);
+        return handler.handle(request, response);
     }
 
     public void setDisplayVerifierURL(String displayVerifierURL) {

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthDefaultServices.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthDefaultServices.java?rev=1037649&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthDefaultServices.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthDefaultServices.java Mon Nov 22 09:50:33 2010
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.endpoints;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.auth.oauth.handlers.AuthorizationRequestHandler;
+import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
+import org.apache.cxf.auth.oauth.handlers.TemporaryCredentialsHandler;
+import org.apache.cxf.auth.oauth.handlers.TokenCredentialsRequestHandler;
+
+/**
+ * @author Lukasz Moren
+ */
+@Path("/")
+public class OAuthDefaultServices extends OAuthAbstractService implements OAuthService {
+
+    private String displayVerifierURL;
+
+    public OAuthDefaultServices() {
+    }
+
+    @POST
+    @Path("/initiate")
+    @Produces("application/x-www-form-urlencoded")
+    public Response getTemporaryCredentials(@Context HttpServletRequest request,
+                                            @Context HttpServletResponse response) {
+        OAuthRequestHandler handler = new TemporaryCredentialsHandler(dataProvider);
+        return handler.handle(request, response);
+    }
+
+    @GET
+    @Path("/authorize")
+    public Response authorizeUser(@Context HttpServletRequest request,
+                                  @Context HttpServletResponse response) {
+        OAuthRequestHandler handler = new AuthorizationRequestHandler(dataProvider, displayVerifierURL);
+        return handler.handle(request, response);
+    }
+
+    @GET
+    @Path("/token")
+    @Produces("application/x-www-form-urlencoded")
+    public Response getTokenCredentials(@Context HttpServletRequest request,
+                                        @Context HttpServletResponse response) {
+        OAuthRequestHandler handler = new TokenCredentialsRequestHandler(dataProvider);
+        return handler.handle(request, response);
+    }
+
+    public void setDisplayVerifierURL(String displayVerifierURL) {
+        this.displayVerifierURL = displayVerifierURL;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthDefaultServices.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthDefaultServices.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthService.java?rev=1037649&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthService.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthService.java Mon Nov 22 09:50:33 2010
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.endpoints;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+/**
+ * @author Lukasz Moren
+ */
+@Path("/")
+public interface OAuthService {
+
+    @POST
+    @Path("/initiate")
+    @Produces("application/x-www-form-urlencoded")
+    Response getTemporaryCredentials(@Context HttpServletRequest request,
+                                     @Context HttpServletResponse response);
+
+    @GET
+    @Path("/authorize")
+    Response authorizeUser(@Context HttpServletRequest request, @Context HttpServletResponse response);
+
+    @GET
+    @Path("/token")
+    @Produces("application/x-www-form-urlencoded")
+    Response getTokenCredentials(@Context HttpServletRequest request, @Context HttpServletResponse response);
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/OAuthService.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java?rev=1037649&r1=1037648&r2=1037649&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsServiceImpl.java Mon Nov 22 09:50:33 2010
@@ -19,11 +19,6 @@
 
 package org.apache.cxf.auth.oauth.endpoints;
 
-import java.net.URISyntaxException;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.logging.Level;
-import java.util.logging.Logger;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.POST;
@@ -32,19 +27,8 @@ import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 
-import net.oauth.OAuth;
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
-import net.oauth.OAuthException;
-import net.oauth.OAuthMessage;
-import net.oauth.OAuthProblemException;
-import net.oauth.server.OAuthServlet;
-
-import org.apache.cxf.auth.oauth.provider.Client;
-import org.apache.cxf.auth.oauth.tokens.RequestToken;
-import org.apache.cxf.auth.oauth.utils.OAuthUtils;
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
+import org.apache.cxf.auth.oauth.handlers.TemporaryCredentialsHandler;
 
 /**
  * @author Lukasz Moren
@@ -53,118 +37,12 @@ import org.apache.cxf.common.util.String
 public class TemporaryCredentialsServiceImpl extends OAuthAbstractService
     implements TemporaryCredentialsService {
 
-    private static final Logger LOG = LogUtils.getL7dLogger(TemporaryCredentialsServiceImpl.class);
-
-    {
-        LOG.log(Level.INFO, "Initializing: {0}", TemporaryCredentialsServiceImpl.class.getName());
-    }
-
     @POST
     @Produces("application/x-www-form-urlencoded")
     public Response getTemporaryCredentials(@Context HttpServletRequest request,
                                             @Context HttpServletResponse response) {
-        try {
-            if (LOG.isLoggable(Level.FINE)) {
-                LOG.log(Level.FINE, "Temporary Service Credentials service invoked by host: {0}",
-                    new Object[] {request.getRemoteHost()});
-            }
-            OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
-
-            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
-                OAuth.OAUTH_SIGNATURE_METHOD,
-                OAuth.OAUTH_SIGNATURE,
-                OAuth.OAUTH_TIMESTAMP,
-                OAuth.OAUTH_NONCE,
-                OAuth.OAUTH_CALLBACK);
-
-            if (LOG.isLoggable(Level.FINE)) {
-                LOG.log(Level.FINE, "All required OAuth parameters are present");
-            }
-
-            Client authNInfo = dataProvider
-                .getClientAuthenticationInfo(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));
-
-            //client credentials not found
-            if (authNInfo == null) {
-                OAuthProblemException problemEx = new OAuthProblemException(
-                    OAuth.Problems.CONSUMER_KEY_UNKNOWN);
-                problemEx
-                    .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
-                        HttpServletResponse.SC_UNAUTHORIZED);
-                throw problemEx;
-            }
-
-            OAuthConsumer consumer = new OAuthConsumer(oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK),
-                authNInfo.getConsumerKey(), authNInfo.getSecretKey(), null);
-
-            OAuthAccessor accessor = new OAuthAccessor(consumer);
-
-            //validate message
-            try {
-                dataProvider.getValidator().validateMessage(oAuthMessage, accessor);
-            } catch (URISyntaxException e) {
-                throw new OAuthException(e);
-            }
-
-            //set callback url from request, or use preregistered one
-            authNInfo = setCallbackURL(authNInfo,
-                oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK));
-
-            RequestToken requestToken = dataProvider.generateRequestToken(authNInfo, (long)3600);
-
-            if (LOG.isLoggable(Level.FINE)) {
-                LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
-            }
-            //create response
-            Map<String, Object> responseParams = new HashMap<String, Object>();
-            responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenString());
-            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
-            responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);
-
-            String responseBody = OAuth.formEncode(responseParams.entrySet());
-
-            return Response.ok(responseBody).build();
-        } catch (OAuthProblemException e) {
-            if (LOG.isLoggable(Level.WARNING)) {
-                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
-            }
-            return OAuthUtils.handleException(e, e.getHttpStatusCode(),
-                String.valueOf(e.getParameters().get("realm")));
-        } catch (Exception e) {
-            if (LOG.isLoggable(Level.SEVERE)) {
-                LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
-                    new Object[] {e.fillInStackTrace()});
-            }
-            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-        }
 
+        OAuthRequestHandler handler = new TemporaryCredentialsHandler(dataProvider);
+        return handler.handle(request, response);
     }
-
-    protected Client setCallbackURL(Client authNInfo,
-                                    String oauthCallback) throws OAuthProblemException {
-
-        if (oauthCallback.equals(Client.OAUTH_OOB)) {
-            authNInfo.setCallbackURL(Client.OAUTH_OOB);
-            return authNInfo;
-        }
-
-        String registeredCallbackURL = authNInfo.getCallbackURL();
-        if (!StringUtils.isEmpty(registeredCallbackURL)) {
-            if (!registeredCallbackURL.equals(oauthCallback)) {
-                OAuthProblemException problemEx = new OAuthProblemException(
-                    OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK);
-                problemEx
-                    .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
-                        HttpServletResponse.SC_BAD_REQUEST);
-                throw problemEx;
-            }
-            return authNInfo;
-        }
-
-        //there was no preregistered url, use one from request
-        authNInfo.setCallbackURL(oauthCallback);
-
-        return authNInfo;
-    }
-
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java?rev=1037649&r1=1037648&r2=1037649&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsService.java Mon Nov 22 09:50:33 2010
@@ -20,6 +20,7 @@ package org.apache.cxf.auth.oauth.endpoi
 
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
@@ -34,5 +35,5 @@ public interface TokenCredentialsService
 
     @GET
     @Produces("application/x-www-form-urlencoded")
-    Response getTokenCredentials(@Context HttpServletRequest request);
+    Response getTokenCredentials(@Context HttpServletRequest request, @Context HttpServletResponse response);
 }
\ No newline at end of file

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java?rev=1037649&r1=1037648&r2=1037649&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/endpoints/TokenCredentialsServiceImpl.java Mon Nov 22 09:50:33 2010
@@ -19,11 +19,6 @@
 
 package org.apache.cxf.auth.oauth.endpoints;
 
-import java.net.URISyntaxException;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.logging.Level;
-import java.util.logging.Logger;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.GET;
@@ -32,19 +27,8 @@ import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 
-import net.oauth.OAuth;
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
-import net.oauth.OAuthException;
-import net.oauth.OAuthMessage;
-import net.oauth.OAuthProblemException;
-import net.oauth.server.OAuthServlet;
-
-import org.apache.cxf.auth.oauth.provider.Client;
-import org.apache.cxf.auth.oauth.tokens.AccessToken;
-import org.apache.cxf.auth.oauth.tokens.RequestToken;
-import org.apache.cxf.auth.oauth.utils.OAuthUtils;
-import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
+import org.apache.cxf.auth.oauth.handlers.TokenCredentialsRequestHandler;
 
 /**
  * @author Lukasz Moren
@@ -52,56 +36,11 @@ import org.apache.cxf.common.logging.Log
 @Path("/token")
 public class TokenCredentialsServiceImpl extends OAuthAbstractService implements TokenCredentialsService {
 
-    private static final Logger LOG = LogUtils.getL7dLogger(TokenCredentialsServiceImpl.class);
-
     @GET
     @Produces("application/x-www-form-urlencoded")
-    public Response getTokenCredentials(@Context HttpServletRequest request) {
-        OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
-
-        try {
-            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
-                OAuth.OAUTH_TOKEN,
-                OAuth.OAUTH_SIGNATURE_METHOD,
-                OAuth.OAUTH_SIGNATURE,
-                OAuth.OAUTH_TIMESTAMP,
-                OAuth.OAUTH_NONCE,
-                OAuth.OAUTH_VERIFIER);
-
-            RequestToken token = dataProvider
-                .getRequestToken(oAuthMessage.getToken(), oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER));
-
-            Client authInfo = token.getClient();
-            OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
-                authInfo.getSecretKey(), null);
-            OAuthAccessor accessor = new OAuthAccessor(consumer);
-            try {
-                dataProvider.getValidator().validateMessage(oAuthMessage, accessor);
-            } catch (URISyntaxException e) {
-                throw new OAuthException(e);
-            }
-
-            AccessToken accessToken = dataProvider.generateAccessToken(token.getPrincipal(), token);
-
-            //create response
-            Map<String, Object> responseParams = new HashMap<String, Object>();
-            responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenString());
-            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
-
-            String response = OAuth.formEncode(responseParams.entrySet());
-            return Response.ok(response).build();
-
-        } catch (OAuthProblemException e) {
-            if (LOG.isLoggable(Level.WARNING)) {
-                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
-            }
-            return OAuthUtils.handleException(e, e.getHttpStatusCode(),
-                String.valueOf(e.getParameters().get("realm")));
-        } catch (Exception e) {
-            if (LOG.isLoggable(Level.WARNING)) {
-                LOG.log(Level.WARNING, "Server Exception: {0}", new Object[] {e.fillInStackTrace()});
-            }
-            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-        }
+    public Response getTokenCredentials(@Context HttpServletRequest request,
+                                        @Context HttpServletResponse response) {
+        OAuthRequestHandler handler = new TokenCredentialsRequestHandler(dataProvider);
+        return handler.handle(request, response);
     }
 }

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/AuthorizationRequestHandler.java?rev=1037649&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/AuthorizationRequestHandler.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/AuthorizationRequestHandler.java Mon Nov 22 09:50:33 2010
@@ -0,0 +1,205 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.handlers;
+
+import java.net.URI;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.auth.oauth.provider.Client;
+import org.apache.cxf.auth.oauth.provider.OAuthAuthorizationData;
+import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.auth.oauth.tokens.RequestToken;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.StringUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+public class AuthorizationRequestHandler implements OAuthRequestHandler {
+
+    public static final String OOB = "oob";
+
+    private static final Logger LOG = LogUtils.getL7dLogger(AuthorizationRequestHandler.class);
+
+    protected OAuthDataProvider dataProvider;
+
+    private String displayVerifierURL;
+
+    public AuthorizationRequestHandler(OAuthDataProvider dataProvider, String displayVerifierURL) {
+        this.dataProvider = dataProvider;
+        this.displayVerifierURL = displayVerifierURL;
+    }
+
+    public Response handle(HttpServletRequest request, HttpServletResponse response) {
+
+        try {
+            LOG.log(Level.INFO, "Resource Owner Authorization Endpoint invoked");
+
+            //create security token that is passed to sign in page and validate it in confirmation service
+            OAuthAuthorizationData secData = new OAuthAuthorizationData();
+
+            OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString()
+            );
+
+            oAuthMessage.requireParameters(OAuth.OAUTH_TOKEN);
+            dataProvider.getValidator().checkParameters(oAuthMessage);
+
+
+            RequestToken token = dataProvider
+                    .getRequestToken(oAuthMessage.getToken(), null);
+            if (token == null) {
+                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
+            }
+
+            //check if user is logged in
+            Principal principal = dataProvider.loggedPrincipal(request);
+            boolean authentic = compareRequestSessionTokens(request);
+            List<String> permissions = OAuthUtils.parsePermissionsFromRequest(oAuthMessage);
+            List<String> scopes = OAuthUtils.parseScopesFromRequest(oAuthMessage);
+
+            if (principal == null || StringUtils.isEmpty(principal.getName()) || !authentic) {
+                //add authenticity token into session
+
+                secData.setPermissions(dataProvider.getAvailablePermissions(permissions));
+                secData.setScopes(scopes);
+                addAuthenticityTokenToSession(secData, request);
+                return Response.ok(addAdditionalParams(secData, token, principal)).build();
+            }
+
+            String decision = request.getParameter(AUTHORIZATION_DECISION_KEY);
+            Client clientInfo = token.getClient();
+            if (!AUTHORIZATION_DECISION_ALLOW.equals(decision)) {
+                //user not authorized client
+                secData.setCallback(clientInfo.getCallbackURL());
+                return Response.ok(addAdditionalParams(secData, token, principal)).build();
+            }
+
+            token = dataProvider
+                    .generateVerifier(oAuthMessage.getToken(), principal,
+                            dataProvider.getAvailablePermissions(permissions), scopes);
+            if (token == null) {
+                throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
+            }
+
+            String callbackURL = clientInfo.getCallbackURL();
+
+            if (OOB.equals(callbackURL)) {
+                String oauthVerifier = token.getOauthVerifier();
+                String url = new StringBuffer(displayVerifierURL).append("?oauth_verifier=")
+                        .append(oauthVerifier).toString();
+                return Response.seeOther(URI.create(url)).build();
+            }
+
+            Map<String, String> queryParams = new HashMap<String, String>();
+            queryParams.put(OAuth.OAUTH_VERIFIER, token.getOauthVerifier());
+            queryParams.put(OAuth.OAUTH_TOKEN, token.getTokenString());
+
+            callbackURL = buildCallbackUrl(callbackURL, queryParams);
+
+
+            return Response.status(HttpServletResponse.SC_MOVED_TEMPORARILY)
+                    .location(URI.create(callbackURL))
+                    .build();
+
+        } catch (OAuthProblemException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[]{e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, e.getHttpStatusCode(),
+                    String.valueOf(e.getParameters().get("realm")));
+        } catch (Exception e) {
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "Server exception: {0}", new Object[]{e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    protected String buildCallbackUrl(String callbackURL, final Map<String, String> queryParams) {
+
+        boolean containsQuestionMark = callbackURL.contains("?");
+
+
+        StringBuffer query = new StringBuffer(OAuthUtils.format(queryParams.entrySet(), "UTF-8"));
+        StringBuffer url = new StringBuffer(callbackURL);
+
+        if (!StringUtils.isEmpty(url.toString())) {
+            if (containsQuestionMark) {
+                url.append("&").append(query);
+            } else {
+                url.append("?").append(query);
+            }
+        }
+
+        return url.toString();
+    }
+
+    private void addAuthenticityTokenToSession(OAuthAuthorizationData secData,
+                                               HttpServletRequest request) {
+        HttpSession session = request.getSession();
+        String value = UUID.randomUUID().toString();
+
+        secData.setAuthenticityToken(value);
+        session.setAttribute(AUTHENTICITY_TOKEN, value);
+    }
+
+    protected OAuthAuthorizationData addAdditionalParams(OAuthAuthorizationData secData,
+                                                         RequestToken token,
+                                                         Principal principal) {
+        secData.setOauthToken(token.getTokenString());
+        secData.setApplicationName(token.getClient().getApplicationName());
+        if (principal == null) {
+            secData.setUserName(null);
+        } else {
+            secData.setUserName(principal.getName());
+        }
+
+        return secData;
+    }
+
+    private boolean compareRequestSessionTokens(HttpServletRequest request) {
+        HttpSession session = request.getSession();
+        String requestToken = request.getParameter(AUTHENTICITY_TOKEN);
+        String sessionToken = (String) session.getAttribute(AUTHENTICITY_TOKEN);
+
+        if (StringUtils.isEmpty(requestToken) || StringUtils.isEmpty(sessionToken)) {
+            return false;
+        }
+
+        boolean b = requestToken.equals(sessionToken);
+        session.removeAttribute(AUTHENTICITY_TOKEN);
+        return b;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/AuthorizationRequestHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/AuthorizationRequestHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java?rev=1037649&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java Mon Nov 22 09:50:33 2010
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.handlers;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
+
+/**
+ * @author Lukasz Moren
+ */
+public interface OAuthRequestHandler {
+    String AUTHENTICITY_TOKEN = "authenticityToken";
+    String X_OAUTH_SCOPE = "x_oauth_scope";
+    String X_OAUTH_PERMISSION = "x_oauth_permission";
+
+    String AUTHORIZATION_DECISION_KEY = "oauthDecision";
+    String AUTHORIZATION_DECISION_ALLOW = "allow";
+    String AUTHORIZATION_DECISION_DENY = "deny";
+
+    Response handle(HttpServletRequest request, HttpServletResponse response);
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TemporaryCredentialsHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TemporaryCredentialsHandler.java?rev=1037649&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TemporaryCredentialsHandler.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TemporaryCredentialsHandler.java Mon Nov 22 09:50:33 2010
@@ -0,0 +1,161 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.handlers;
+
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.auth.oauth.provider.Client;
+import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.auth.oauth.tokens.RequestToken;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.StringUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+public class TemporaryCredentialsHandler implements OAuthRequestHandler {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(TemporaryCredentialsHandler.class);
+
+    protected OAuthDataProvider dataProvider;
+
+    public TemporaryCredentialsHandler(OAuthDataProvider dataProvider) {
+        this.dataProvider = dataProvider;
+    }
+
+    public Response handle(HttpServletRequest request, HttpServletResponse response) {
+        try {
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.log(Level.FINE, "Temporary Service Credentials service invoked by host: {0}",
+                    new Object[] {request.getRemoteHost()});
+            }
+            OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+
+            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
+                OAuth.OAUTH_SIGNATURE_METHOD,
+                OAuth.OAUTH_SIGNATURE,
+                OAuth.OAUTH_TIMESTAMP,
+                OAuth.OAUTH_NONCE,
+                OAuth.OAUTH_CALLBACK);
+
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.log(Level.FINE, "All required OAuth parameters are present");
+            }
+
+            Client authNInfo = dataProvider
+                .getClientAuthenticationInfo(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));
+
+            //client credentials not found
+            if (authNInfo == null) {
+                OAuthProblemException problemEx = new OAuthProblemException(
+                    OAuth.Problems.CONSUMER_KEY_UNKNOWN);
+                problemEx
+                    .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
+                        HttpServletResponse.SC_UNAUTHORIZED);
+                throw problemEx;
+            }
+
+            OAuthConsumer consumer = new OAuthConsumer(oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK),
+                authNInfo.getConsumerKey(), authNInfo.getSecretKey(), null);
+
+            OAuthAccessor accessor = new OAuthAccessor(consumer);
+
+            //validate message
+            try {
+                dataProvider.getValidator().validateMessage(oAuthMessage, accessor);
+            } catch (URISyntaxException e) {
+                throw new OAuthException(e);
+            }
+
+            //set callback url from request, or use preregistered one
+            authNInfo = setCallbackURL(authNInfo,
+                oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK));
+
+            RequestToken requestToken = dataProvider.generateRequestToken(authNInfo, (long)3600);
+
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
+            }
+            //create response
+            Map<String, Object> responseParams = new HashMap<String, Object>();
+            responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenString());
+            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
+            responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);
+
+            String responseBody = OAuth.formEncode(responseParams.entrySet());
+
+            return Response.ok(responseBody).build();
+        } catch (OAuthProblemException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, e.getHttpStatusCode(),
+                String.valueOf(e.getParameters().get("realm")));
+        } catch (Exception e) {
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
+                    new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    protected Client setCallbackURL(Client authNInfo,
+                                    String oauthCallback) throws OAuthProblemException {
+
+        if (oauthCallback.equals(Client.OAUTH_OOB)) {
+            authNInfo.setCallbackURL(Client.OAUTH_OOB);
+            return authNInfo;
+        }
+
+        String registeredCallbackURL = authNInfo.getCallbackURL();
+        if (!StringUtils.isEmpty(registeredCallbackURL)) {
+            if (!registeredCallbackURL.equals(oauthCallback)) {
+                OAuthProblemException problemEx = new OAuthProblemException(
+                    OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK);
+                problemEx
+                    .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
+                        HttpServletResponse.SC_BAD_REQUEST);
+                throw problemEx;
+            }
+            return authNInfo;
+        }
+
+        //there was no preregistered url, use one from request
+        authNInfo.setCallbackURL(oauthCallback);
+
+        return authNInfo;
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TemporaryCredentialsHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TemporaryCredentialsHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TokenCredentialsRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TokenCredentialsRequestHandler.java?rev=1037649&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TokenCredentialsRequestHandler.java (added)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TokenCredentialsRequestHandler.java Mon Nov 22 09:50:33 2010
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.auth.oauth.handlers;
+
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.auth.oauth.provider.Client;
+import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.auth.oauth.tokens.AccessToken;
+import org.apache.cxf.auth.oauth.tokens.RequestToken;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
+import org.apache.cxf.common.logging.LogUtils;
+
+/**
+ * @author Lukasz Moren
+ */
+public class TokenCredentialsRequestHandler implements OAuthRequestHandler {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(TokenCredentialsRequestHandler.class);
+
+    protected OAuthDataProvider dataProvider;
+
+    public TokenCredentialsRequestHandler(OAuthDataProvider dataProvider) {
+        this.dataProvider = dataProvider;
+    }
+
+    public Response handle(HttpServletRequest request, HttpServletResponse response) {
+        OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+
+        try {
+            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
+                OAuth.OAUTH_TOKEN,
+                OAuth.OAUTH_SIGNATURE_METHOD,
+                OAuth.OAUTH_SIGNATURE,
+                OAuth.OAUTH_TIMESTAMP,
+                OAuth.OAUTH_NONCE,
+                OAuth.OAUTH_VERIFIER);
+
+            RequestToken token = dataProvider
+                .getRequestToken(oAuthMessage.getToken(), oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER));
+
+            Client authInfo = token.getClient();
+            OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
+                authInfo.getSecretKey(), null);
+            OAuthAccessor accessor = new OAuthAccessor(consumer);
+            try {
+                dataProvider.getValidator().validateMessage(oAuthMessage, accessor);
+            } catch (URISyntaxException e) {
+                throw new OAuthException(e);
+            }
+
+            AccessToken accessToken = dataProvider.generateAccessToken(token.getPrincipal(), token);
+
+            //create response
+            Map<String, Object> responseParams = new HashMap<String, Object>();
+            responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenString());
+            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
+
+            String responseString = OAuth.formEncode(responseParams.entrySet());
+            return Response.ok(responseString).build();
+
+        } catch (OAuthProblemException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, e.getHttpStatusCode(),
+                String.valueOf(e.getParameters().get("realm")));
+        } catch (Exception e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "Server Exception: {0}", new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TokenCredentialsRequestHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/handlers/TokenCredentialsRequestHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityFilter.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityFilter.java?rev=1037649&r1=1037648&r2=1037649&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityFilter.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/interceptors/OAuthSecurityFilter.java Mon Nov 22 09:50:33 2010
@@ -20,9 +20,9 @@ package org.apache.cxf.auth.oauth.interc
 
 import java.io.IOException;
 import java.security.Principal;
+import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletContext;
@@ -39,7 +39,6 @@ import net.oauth.OAuthConsumer;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
 import net.oauth.server.OAuthServlet;
-
 import org.apache.cxf.auth.oauth.provider.Client;
 import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.auth.oauth.tokens.AccessToken;
@@ -49,7 +48,7 @@ import org.apache.cxf.common.logging.Log
 /**
  * @author Lukasz Moren
  */
-public class OAuthSecurityFilter implements Filter {
+public class OAuthSecurityFilter implements javax.servlet.Filter {
 
     public static final String OAUTH_AUTHORITIES = "oauth_authorities";
 
@@ -62,10 +61,10 @@ public class OAuthSecurityFilter impleme
         dataProvider = OAuthUtils.getOAuthDataProviderFromServletContext(servletContext);
     }
 
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-        throws IOException, ServletException {
-        HttpServletRequest req = (HttpServletRequest)request;
-        HttpServletResponse resp = (HttpServletResponse)response;
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws
+            IOException, ServletException {
+        HttpServletRequest req = (HttpServletRequest) request;
+        HttpServletResponse resp = (HttpServletResponse) response;
 
         try {
             if (LOG.isLoggable(Level.FINE)) {
@@ -73,18 +72,49 @@ public class OAuthSecurityFilter impleme
             }
             OAuthMessage oAuthMessage = OAuthServlet.getMessage(req, req.getRequestURL().toString());
             oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
-                OAuth.OAUTH_TOKEN,
-                OAuth.OAUTH_SIGNATURE_METHOD,
-                OAuth.OAUTH_SIGNATURE,
-                OAuth.OAUTH_TIMESTAMP,
-                OAuth.OAUTH_NONCE);
+                    OAuth.OAUTH_TOKEN,
+                    OAuth.OAUTH_SIGNATURE_METHOD,
+                    OAuth.OAUTH_SIGNATURE,
+                    OAuth.OAUTH_TIMESTAMP,
+                    OAuth.OAUTH_NONCE);
 
             final AccessToken accessToken = dataProvider
-                .getAccessToken(oAuthMessage.getToken(), oAuthMessage.getConsumerKey());
+                    .getAccessToken(oAuthMessage.getToken(), oAuthMessage.getConsumerKey());
+
+            //check if access token is not null
+            if (accessToken == null) {
+                resp.setStatus(401);
+                return;
+            }
+
+            //check valid scope
+            String servletPath = ((HttpServletRequest) request).getPathInfo();
+            List<String> scopes = accessToken.getScopes();
+            boolean foundValidScope = false;
+            for (String scope : scopes) {
+                boolean wildcard = scope.endsWith("*");
+                if (wildcard) {
+                    if (servletPath.startsWith(scope.substring(0, scope.length() - 1))) {
+                        foundValidScope = true;
+                        break;
+                    }
+                } else {
+                    if (scope.equals(servletPath)) {
+                        foundValidScope = true;
+                        break;
+                    }
+                }
+            }
+            if (!foundValidScope) {
+                resp.setStatus(401);
+                return;
+            }
+
             Client authInfo = accessToken.getClient();
 
-            OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
-                authInfo.getSecretKey(), null);
+            OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(),
+                    authInfo.getConsumerKey(),
+                    authInfo.getSecretKey(), null);
 
             OAuthAccessor accessor = new OAuthAccessor(consumer);
 

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java?rev=1037649&r1=1037648&r2=1037649&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java Mon Nov 22 09:50:33 2010
@@ -30,11 +30,10 @@ import java.util.concurrent.ConcurrentHa
 import net.oauth.OAuth;
 import net.oauth.OAuthException;
 import net.oauth.OAuthProblemException;
-
 import org.apache.cxf.auth.oauth.token.MD5TokenGenerator;
 import org.apache.cxf.auth.oauth.token.TokenGenerator;
 import org.apache.cxf.auth.oauth.tokens.AccessToken;
-import org.apache.cxf.auth.oauth.tokens.OAuthScope;
+import org.apache.cxf.auth.oauth.tokens.OAuthPermission;
 import org.apache.cxf.auth.oauth.tokens.RequestToken;
 import org.apache.cxf.auth.oauth.tokens.Token;
 import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
@@ -47,17 +46,13 @@ import org.apache.cxf.jaxrs.impl.Metadat
  */
 public abstract class MemoryOauthDataProvider implements OAuthDataProvider, OAuthClientManager {
 
-    protected ConcurrentHashMap<String, Client> clientAuthInfo
-        = new ConcurrentHashMap<String, Client>();
+    protected ConcurrentHashMap<String, Client> clientAuthInfo = new ConcurrentHashMap<String, Client>();
 
-    protected MetadataMap<String, String> userRegisteredClients
-        = new MetadataMap<String, String>();
+    protected MetadataMap<String, String> userRegisteredClients = new MetadataMap<String, String>();
 
-    protected MetadataMap<String, String> userAuthorizedClients
-        = new MetadataMap<String, String>();
+    protected MetadataMap<String, String> userAuthorizedClients = new MetadataMap<String, String>();
 
-    protected ConcurrentHashMap<String, Token> oauthTokens
-        = new ConcurrentHashMap<String, Token>();
+    protected ConcurrentHashMap<String, Token> oauthTokens = new ConcurrentHashMap<String, Token>();
 
     protected TokenGenerator tokenGenerator = new MD5TokenGenerator();
 
@@ -67,8 +62,7 @@ public abstract class MemoryOauthDataPro
         return clientAuthInfo.get(consumerKey);
     }
 
-    public RequestToken generateRequestToken(Client client, Long lifetime)
-        throws OAuthException {
+    public RequestToken generateRequestToken(Client client, Long lifetime) throws OAuthException {
         String token = generateToken();
         String tokenSecret = generateToken();
 
@@ -78,14 +72,14 @@ public abstract class MemoryOauthDataPro
         return reqToken;
     }
 
-    public RequestToken getRequestToken(String tokenString, String oauthVerifier)
-        throws OAuthProblemException {
+    public RequestToken getRequestToken(String tokenString, String oauthVerifier) throws
+            OAuthProblemException {
 
         Token token = oauthTokens.get(tokenString);
         if (token == null || (!RequestToken.class.isAssignableFrom(token.getClass()))) {
             throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
         }
-        RequestToken requestToken = (RequestToken)token;
+        RequestToken requestToken = (RequestToken) token;
 
         String expectedVerifier = requestToken.getOauthVerifier();
         if (oauthVerifier != null && !expectedVerifier.equals(oauthVerifier)) {
@@ -101,12 +95,14 @@ public abstract class MemoryOauthDataPro
         return requestToken;
     }
 
-    public RequestToken generateVerifier(String token, Principal principal, List<OAuthScope> scopes)
-        throws OAuthException {
+    public RequestToken generateVerifier(String token, Principal principal,
+                                         List<OAuthPermission> permissions, List<String> scopes) throws
+            OAuthException {
         RequestToken requestToken = getRequestToken(token, null);
         if (requestToken != null) {
             requestToken.setOauthVerifier(generateToken());
             requestToken.setPrincipal(principal);
+            requestToken.setPermissions(permissions);
             requestToken.setScopes(scopes);
         }
 
@@ -121,8 +117,8 @@ public abstract class MemoryOauthDataPro
         this.validator = v;
     }
 
-    public AccessToken generateAccessToken(Principal principal, RequestToken requestToken)
-        throws OAuthException {
+    public AccessToken generateAccessToken(Principal principal, RequestToken requestToken) throws
+            OAuthException {
 
         Client client = requestToken.getClient();
         requestToken = getRequestToken(requestToken.getTokenString(), null);
@@ -131,8 +127,9 @@ public abstract class MemoryOauthDataPro
         String tokenSecretString = generateToken();
 
         AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString, 3600,
-            principal);
+                principal);
 
+        accessToken.setPermissions(requestToken.getPermissions());
         accessToken.setScopes(requestToken.getScopes());
 
         synchronized (oauthTokens) {
@@ -146,7 +143,8 @@ public abstract class MemoryOauthDataPro
         return accessToken;
     }
 
-    public AccessToken getAccessToken(String accessToken, String consumerKey) throws OAuthProblemException {
+    public AccessToken getAccessToken(String accessToken, String consumerKey) throws OAuthProblemException
+    {
         Token token = oauthTokens.get(accessToken);
         if (token == null || !AccessToken.class.isAssignableFrom(token.getClass())) {
             throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
@@ -158,7 +156,7 @@ public abstract class MemoryOauthDataPro
         }
 
         validator.validateToken(token);
-        return (AccessToken)token;
+        return (AccessToken) token;
     }
 
     public Client registerNewClient(Principal user, String consumerKey, Client client) {

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java?rev=1037649&r1=1037648&r2=1037649&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthAuthorizationData.java Mon Nov 22 09:50:33 2010
@@ -21,7 +21,7 @@ package org.apache.cxf.auth.oauth.provid
 import java.io.Serializable;
 import java.util.List;
 
-import org.apache.cxf.auth.oauth.tokens.OAuthScope;
+import org.apache.cxf.auth.oauth.tokens.OAuthPermission;
 
 /**
  * Additional parameters passed to sign in page
@@ -35,7 +35,8 @@ public class OAuthAuthorizationData impl
     private String userName;
     private String callback;
     private String oauthVerifier;
-    private List<OAuthScope> scopes;
+    private List<OAuthPermission> permissions;
+    private List<String> scopes;
 
     public OAuthAuthorizationData() {
     }
@@ -92,11 +93,19 @@ public class OAuthAuthorizationData impl
         this.oauthVerifier = oauthVerifier;
     }
 
-    public List<OAuthScope> getScopes() {
-        return scopes;
+    public List<OAuthPermission> getPermissions() {
+        return permissions;
+    }
+
+    public void setPermissions(List<OAuthPermission> permissions) {
+        this.permissions = permissions;
     }
 
-    public void setScopes(List<OAuthScope> scopes) {
+    public void setScopes(List<String> scopes) {
         this.scopes = scopes;
     }
+
+    public List<String> getScopes() {
+        return scopes;
+    }
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java?rev=1037649&r1=1037648&r2=1037649&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java Mon Nov 22 09:50:33 2010
@@ -25,9 +25,8 @@ import javax.servlet.http.HttpServletReq
 
 import net.oauth.OAuthException;
 import net.oauth.OAuthProblemException;
-
 import org.apache.cxf.auth.oauth.tokens.AccessToken;
-import org.apache.cxf.auth.oauth.tokens.OAuthScope;
+import org.apache.cxf.auth.oauth.tokens.OAuthPermission;
 import org.apache.cxf.auth.oauth.tokens.RequestToken;
 import org.apache.cxf.auth.oauth.validation.OAuthValidator;
 
@@ -48,19 +47,18 @@ public interface OAuthDataProvider {
 
     AccessToken getAccessToken(String accessToken, String consumerKey) throws OAuthProblemException;
 
-    RequestToken getRequestToken(String tokenString, String oauthVerifier)
-        throws OAuthProblemException;
+    RequestToken getRequestToken(String tokenString, String oauthVerifier) throws OAuthProblemException;
 
     void removeTokenCredentials(Principal user, String consumerKey);
 
-    RequestToken generateVerifier(String token, Principal principal, List<OAuthScope> scopes)
-        throws OAuthException;
+    RequestToken generateVerifier(String token, Principal principal, List<OAuthPermission> permissions,
+                                  List<String> scopes) throws OAuthException;
 
     OAuthValidator getValidator();
 
     void setValidator(OAuthValidator validator);
 
-    List<OAuthScope> getAvailableScopes(List<String> requestScopes);
+    List<OAuthPermission> getAvailablePermissions(List<String> requestPermissions);
 
     Principal loggedPrincipal(HttpServletRequest request);
 }

Copied: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthPermission.java (from r1032795, cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthScope.java)
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthPermission.java?p2=cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthPermission.java&p1=cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthScope.java&r1=1032795&r2=1037649&rev=1037649&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthScope.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthPermission.java Mon Nov 22 09:50:33 2010
@@ -21,15 +21,15 @@ package org.apache.cxf.auth.oauth.tokens
 /**
  * @author Lukasz Moren
  */
-public class OAuthScope {
-    private String scope;
+public class OAuthPermission {
+    private String permission;
     private String description;
     private String role;
 
-    public OAuthScope(String scope, String description, String role) {
+    public OAuthPermission(String permission, String description, String role) {
         this.description = description;
         this.role = role;
-        this.scope = scope;
+        this.permission = permission;
     }
 
     public String getDescription() {
@@ -40,12 +40,12 @@ public class OAuthScope {
         this.description = description;
     }
 
-    public String getScope() {
-        return scope;
+    public String getPermission() {
+        return permission;
     }
 
-    public void setScope(String scope) {
-        this.scope = scope;
+    public void setPermission(String permission) {
+        this.permission = permission;
     }
 
     public String getRole() {

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthPermission.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/OAuthPermission.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/Token.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/Token.java?rev=1037649&r1=1037648&r2=1037649&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/Token.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/tokens/Token.java Mon Nov 22 09:50:33 2010
@@ -35,7 +35,8 @@ public abstract class Token {
     protected long lifetime = -1;
     protected Client client;
     protected Principal principal;
-    protected List<OAuthScope> scopes;
+    protected List<OAuthPermission> permissions;
+    protected List<String> scopes;
 
     protected Token(Client client, String tokenString,
                     String tokenSecret, long lifetime, Principal principal) {
@@ -84,21 +85,29 @@ public abstract class Token {
         this.principal = principal;
     }
 
-    public List<OAuthScope> getScopes() {
-        return scopes;
+    public List<OAuthPermission> getPermissions() {
+        return permissions;
     }
 
-    public void setScopes(List<OAuthScope> scopes) {
-        this.scopes = scopes;
+    public void setPermissions(List<OAuthPermission> permissions) {
+        this.permissions = permissions;
     }
 
     public List<String> getAuthorities() {
         List<String> authorities = new ArrayList<String>();
-        if (scopes != null) {
-            for (OAuthScope scope : scopes) {
-                authorities.add(scope.getRole());
+        if (permissions != null) {
+            for (OAuthPermission permission : permissions) {
+                authorities.add(permission.getRole());
             }
         }
         return authorities;
     }
+
+    public List<String> getScopes() {
+        return scopes;
+    }
+
+    public void setScopes(List<String> scopes) {
+        this.scopes = scopes;
+    }
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java?rev=1037649&r1=1037648&r2=1037649&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/oauth-core/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java Mon Nov 22 09:50:33 2010
@@ -21,11 +21,7 @@ package org.apache.cxf.auth.oauth.utils;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.URLEncoder;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-import java.util.StringTokenizer;
+import java.util.*;
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.WebApplicationException;
@@ -34,8 +30,7 @@ import javax.ws.rs.core.Response;
 import net.oauth.OAuth;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
-
-import org.apache.cxf.auth.oauth.endpoints.AuthorizationService;
+import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
 import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.auth.oauth.tokens.RequestToken;
 import org.apache.cxf.auth.oauth.validation.OAuthMessageValidator;
@@ -61,24 +56,39 @@ public final class OAuthUtils {
     public static Response handleException(Exception e, int status,
                                            String realm) {
         if (e instanceof OAuthProblemException) {
-            OAuthProblemException problem = (OAuthProblemException)e;
+            OAuthProblemException problem = (OAuthProblemException) e;
             OAuthMessage message = new OAuthMessage(null, null, problem
-                .getParameters().entrySet());
+                    .getParameters().entrySet());
             try {
                 return
-                    Response.status(status).header("WWW-Authenticate", message.getAuthorizationHeader(realm))
-                        .entity(e.getMessage()).build();
+                        Response.status(status).header("WWW-Authenticate",
+                                message.getAuthorizationHeader(realm)).entity(e.getMessage()).build();
             } catch (IOException e1) {
                 throw new WebApplicationException(
-                    Response.status(status).entity(e.getMessage()).build());
+                        Response.status(status).entity(e.getMessage()).build());
             }
         }
         throw new WebApplicationException(
-            Response.status(status).entity(e.getMessage()).build());
+                Response.status(status).entity(e.getMessage()).build());
     }
 
     public static List<String> parseScopesFromRequest(OAuthMessage message) throws IOException {
-        String scopes = message.getParameter(AuthorizationService.X_OAUTH_SCOPE);
+        String scopes = message.getParameter(OAuthRequestHandler.X_OAUTH_SCOPE);
+        List<String> scopeList = new ArrayList<String>();
+
+        if (!StringUtils.isEmpty(scopes)) {
+            StringTokenizer tokenizer = new StringTokenizer(scopes, ",");
+
+            while (tokenizer.hasMoreTokens()) {
+                String token = tokenizer.nextToken();
+                scopeList.add(token);
+            }
+        }
+        return scopeList;
+    }
+
+    public static List<String> parsePermissionsFromRequest(OAuthMessage message) throws IOException {
+        String scopes = message.getParameter(OAuthRequestHandler.X_OAUTH_PERMISSION);
         List<String> scopeList = new ArrayList<String>();
 
         if (!StringUtils.isEmpty(scopes)) {
@@ -102,12 +112,12 @@ public final class OAuthUtils {
      * @return Translated string
      */
     public static String format(
-        final Collection<? extends Map.Entry<String, String>> parameters,
-        final String encoding) {
+            final Collection<? extends Map.Entry<String, String>> parameters,
+            final String encoding) {
         final StringBuilder result = new StringBuilder();
         for (final Map.Entry<String, String> parameter : parameters) {
             if (!StringUtils.isEmpty(parameter.getKey())
-                && !StringUtils.isEmpty(parameter.getValue())) {
+                    && !StringUtils.isEmpty(parameter.getValue())) {
                 final String encodedName = encode(parameter.getKey(), encoding);
                 final String value = parameter.getValue();
                 final String encodedValue = value != null ? encode(value, encoding) : "";
@@ -125,7 +135,7 @@ public final class OAuthUtils {
     private static String encode(final String content, final String encoding) {
         try {
             return URLEncoder.encode(content,
-                encoding != null ? encoding : "UTF-8");
+                    encoding != null ? encoding : "UTF-8");
         } catch (UnsupportedEncodingException problem) {
             throw new IllegalArgumentException(problem);
         }
@@ -133,9 +143,9 @@ public final class OAuthUtils {
 
     public static RequestToken handleTokenRejectedException() throws OAuthProblemException {
         OAuthProblemException problemEx = new OAuthProblemException(
-            OAuth.Problems.TOKEN_REJECTED);
+                OAuth.Problems.TOKEN_REJECTED);
         problemEx
-            .setParameter(OAuthProblemException.HTTP_STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);
+                .setParameter(OAuthProblemException.HTTP_STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);
         throw problemEx;
     }
 
@@ -148,15 +158,15 @@ public final class OAuthUtils {
     }
 
     public static OAuthDataProvider getOAuthDataProviderFromServletContext(ServletContext servletContext) {
-        OAuthDataProvider dataProvider = (OAuthDataProvider)servletContext
-            .getAttribute(OAuthDataProvider.OAUTH_DATA_PROVIDER_INSTANCE_KEY);
+        OAuthDataProvider dataProvider = (OAuthDataProvider) servletContext
+                .getAttribute(OAuthDataProvider.OAUTH_DATA_PROVIDER_INSTANCE_KEY);
 
         if (dataProvider == null) {
             String dataProviderClassName = servletContext
-                .getInitParameter(OAuthDataProvider.OAUTH_DATA_PROVIDER_CLASS);
+                    .getInitParameter(OAuthDataProvider.OAUTH_DATA_PROVIDER_CLASS);
 
             String oauthValidatorClassName = servletContext
-                .getInitParameter(OAuthDataProvider.OAUTH_DATA_VALIDATOR_CLASS);
+                    .getInitParameter(OAuthDataProvider.OAUTH_DATA_VALIDATOR_CLASS);
 
             if (StringUtils.isEmpty(oauthValidatorClassName)) {
                 //if no validator was provided fallback to default validator
@@ -165,23 +175,23 @@ public final class OAuthUtils {
 
             if (StringUtils.isEmpty(dataProviderClassName)) {
                 throw new RuntimeException(
-                    "There should be provided [ " + OAuthDataProvider.OAUTH_DATA_PROVIDER_CLASS
-                        + " ] context init param in web.xml");
+                        "There should be provided [ " + OAuthDataProvider.OAUTH_DATA_PROVIDER_CLASS
+                                + " ] context init param in web.xml");
             }
 
             try {
-                dataProvider = (OAuthDataProvider)OAuthUtils
-                    .instantiateClass(dataProviderClassName, OAuthDataProvider.class);
-                OAuthValidator oAuthValidator = (OAuthValidator)OAuthUtils
-                    .instantiateClass(oauthValidatorClassName, OAuthValidator.class);
+                dataProvider = (OAuthDataProvider) OAuthUtils
+                        .instantiateClass(dataProviderClassName, OAuthDataProvider.class);
+                OAuthValidator oAuthValidator = (OAuthValidator) OAuthUtils
+                        .instantiateClass(oauthValidatorClassName, OAuthValidator.class);
 
                 dataProvider.setValidator(oAuthValidator);
 
                 servletContext
-                    .setAttribute(OAuthDataProvider.OAUTH_DATA_PROVIDER_INSTANCE_KEY, dataProvider);
+                        .setAttribute(OAuthDataProvider.OAUTH_DATA_PROVIDER_INSTANCE_KEY, dataProvider);
             } catch (Exception e) {
                 throw new RuntimeException(
-                    "Cannot instantiate OAuth Data Provider class: " + dataProviderClassName, e);
+                        "Cannot instantiate OAuth Data Provider class: " + dataProviderClassName, e);
             }
         }
 



Mime
View raw message