cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1172611 [1/2] - in /cxf/trunk: rt/ rt/rs/security/oauth-parent/ rt/rs/security/oauth-parent/oauth-test/ rt/rs/security/oauth-parent/oauth-test/src/ rt/rs/security/oauth-parent/oauth-test/src/main/ rt/rs/security/oauth-parent/oauth-test/src...
Date Mon, 19 Sep 2011 13:20:42 GMT
Author: sergeyb
Date: Mon Sep 19 13:20:40 2011
New Revision: 1172611

URL: http://svn.apache.org/viewvc?rev=1172611&view=rev
Log:
[CXF-2759] Moving a refactored Lukasz Moren's contribution to the trunk

Added:
    cxf/trunk/rt/rs/security/oauth-parent/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/pom.xml   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/OAuthTestUtils.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/pom.xml   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5TokenGenerator.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/resources/
    cxf/trunk/rt/rs/security/oauth-parent/pom.xml   (with props)
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/OAuthServer.java   (with props)
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java   (with props)
    cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/
    cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/
    cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/
    cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml   (with props)
    cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/web.xml   (with props)
Modified:
    cxf/trunk/rt/pom.xml
    cxf/trunk/systests/rs-security/pom.xml

Modified: cxf/trunk/rt/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/pom.xml?rev=1172611&r1=1172610&r2=1172611&view=diff
==============================================================================
--- cxf/trunk/rt/pom.xml (original)
+++ cxf/trunk/rt/pom.xml Mon Sep 19 13:20:40 2011
@@ -54,6 +54,7 @@
         <module>ws/security</module>
         <module>ws/mex</module>
         <module>rs/security/xml</module>
+        <module>rs/security/oauth-parent</module>
         <module>management</module>
         <module>management-web</module>
         <module>javascript</module>

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth-test/pom.xml?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth-test/pom.xml (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth-test/pom.xml Mon Sep 19 13:20:40 2011
@@ -0,0 +1,51 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.apache.cxf</groupId>
+    <artifactId>cxf-rt-rs-security-oauth-test</artifactId>
+    <version>2.5.0-SNAPSHOT</version>
+
+    <packaging>jar</packaging>
+    <name>Apache CXF Runtime OAuth 1.0a Test Providers</name>
+    <url>http://cxf.apache.org</url>
+
+    <parent>
+        <artifactId>cxf-rt-rs-security-oauth-parent</artifactId>
+        <groupId>org.apache.cxf</groupId>
+        <version>2.5.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-rs-security-oauth</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.oauth.core</groupId>
+            <artifactId>oauth-consumer</artifactId>
+            <version>${oauth.version}</version>
+        </dependency>
+    </dependencies>
+    
+</project>

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/pom.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/pom.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/pom.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,198 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth.test;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthProblemException;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.jaxrs.impl.MetadataMap;
+import org.apache.cxf.rs.security.oauth.data.AccessToken;
+import org.apache.cxf.rs.security.oauth.data.Client;
+import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
+import org.apache.cxf.rs.security.oauth.data.RequestToken;
+import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
+import org.apache.cxf.rs.security.oauth.data.Token;
+import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
+import org.apache.cxf.rs.security.oauth.provider.MD5TokenGenerator;
+import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
+
+public class MemoryOAuthDataProvider implements OAuthDataProvider {
+
+    private static final ConcurrentHashMap<String, OAuthPermission> AVAILABLE_PERMISSIONS = 
+        new ConcurrentHashMap<String, OAuthPermission>();
+
+    static {
+        AVAILABLE_PERMISSIONS
+                .put("read_info", new OAuthPermission("read_info", "Read your personal information",
+                        "ROLE_USER"));
+        AVAILABLE_PERMISSIONS.put("modify_info",
+                new OAuthPermission("modify_info", "Modify your personal information", "ROLE_ADMIN"));
+    }
+
+    protected ConcurrentHashMap<String, Client> clientAuthInfo = new ConcurrentHashMap<String, Client>();
+
+    protected MetadataMap<String, String> userRegisteredClients = new MetadataMap<String, String>();
+
+    protected MetadataMap<String, String> userAuthorizedClients = new MetadataMap<String, String>();
+
+    protected ConcurrentHashMap<String, Token> oauthTokens = new ConcurrentHashMap<String, Token>();
+
+    protected MD5TokenGenerator tokenGenerator = new MD5TokenGenerator();
+
+    protected DefaultOAuthValidator validator = new DefaultOAuthValidator();
+
+    public MemoryOAuthDataProvider() {
+        Client client = new Client(OAuthTestUtils.CLIENT_ID, OAuthTestUtils.CLIENT_ID, 
+            OAuthTestUtils.CLIENT_SECRET,
+            OAuthTestUtils.CALLBACK, OAuthTestUtils.APPLICATION_NAME);
+        clientAuthInfo.put(OAuthTestUtils.CLIENT_ID, client);
+    }
+    
+    public List<OAuthPermission> getPermissionsInfo(List<String> requestPermissions) {
+        List<OAuthPermission> permissions = new ArrayList<OAuthPermission>();
+        for (String requestScope : requestPermissions) {
+            OAuthPermission oAuthPermission = AVAILABLE_PERMISSIONS.get(requestScope);
+            permissions.add(oAuthPermission);
+        }
+    
+        return permissions;
+    }
+    
+    public Client getClient(String consumerKey) {
+        return clientAuthInfo.get(consumerKey);
+    }
+
+    public RequestToken createRequestToken(RequestTokenRegistration reg) throws OAuthServiceException {
+        String token = generateToken();
+        String tokenSecret = generateToken();
+
+        RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret, 
+                                                 reg.getLifetime());
+        reqToken.setPermissions(reg.getPermissions());
+        reqToken.setScopes(reg.getScopes());
+        
+        oauthTokens.put(token, reqToken);
+        return reqToken;
+    }
+
+    public RequestToken getRequestToken(String tokenString) throws OAuthServiceException {
+
+        Token token = oauthTokens.get(tokenString);
+        if (token == null || (!RequestToken.class.isAssignableFrom(token.getClass()))) {
+            throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
+        }
+        RequestToken requestToken = (RequestToken) token;
+
+        Client c = token.getClient();
+        if (c == null) {
+            throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN));
+        }
+        try {
+            validator.validateToken(requestToken);
+        } catch (OAuthProblemException ex) {
+            throw new OAuthServiceException(ex);
+        }
+        return requestToken;
+    }
+
+    public String createRequestTokenVerifier(RequestToken requestToken) throws
+            OAuthServiceException {
+        requestToken.setOauthVerifier(generateToken());
+        return requestToken.getOauthVerifier();
+    }
+
+    public AccessToken createAccessToken(RequestToken requestToken) throws
+            OAuthServiceException {
+
+        Client client = requestToken.getClient();
+        requestToken = getRequestToken(requestToken.getTokenString());
+
+        String accessTokenString = generateToken();
+        String tokenSecretString = generateToken();
+
+        AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString, 3600);
+
+        accessToken.setPermissions(requestToken.getPermissions());
+        accessToken.setScopes(requestToken.getScopes());
+
+        synchronized (oauthTokens) {
+            oauthTokens.remove(requestToken.getTokenString());
+            oauthTokens.put(accessTokenString, accessToken);
+            synchronized (userAuthorizedClients) {
+                userAuthorizedClients.add(client.getConsumerKey(), client.getConsumerKey());
+            }
+        }
+
+        return accessToken;
+    }
+
+    public AccessToken getAccessToken(String accessToken) throws OAuthServiceException
+    {
+        Token token = oauthTokens.get(accessToken);
+        if (token == null || !AccessToken.class.isAssignableFrom(token.getClass())) {
+            throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
+        }
+        try {
+            validator.validateToken(token);
+        } catch (OAuthProblemException ex) {
+            throw new OAuthServiceException(ex);
+        }
+        return (AccessToken) token;
+    }
+
+    
+
+    public void removeTokens(String consumerKey) {
+        if (!StringUtils.isEmpty(consumerKey)) {
+            List<String> registeredApps = this.userAuthorizedClients.get(consumerKey);
+            if (registeredApps != null) {
+                registeredApps.remove(consumerKey);
+            }
+            for (Token token : oauthTokens.values()) {
+                Client authNInfo = token.getClient();
+                if (consumerKey.equals(authNInfo.getConsumerKey())) {
+                    oauthTokens.remove(token.getTokenString());
+                }
+            }
+        }
+    }
+
+    protected String generateToken() throws OAuthServiceException {
+        String token;
+        try {
+            token = tokenGenerator.generateToken(UUID.randomUUID().toString().getBytes("UTF-8"));
+        } catch (Exception e) {
+            throw new OAuthServiceException("Unable to create token ", e.getCause());
+        }
+        return token;
+    }
+
+    public void setClientAuthInfo(Map<String, Client> clientAuthInfo) {
+        this.clientAuthInfo.putAll(clientAuthInfo);
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/OAuthTestUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/OAuthTestUtils.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/OAuthTestUtils.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/OAuthTestUtils.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,104 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.test;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.URISyntaxException;
+import java.util.List;
+import java.util.Map;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.ParameterStyle;
+import net.oauth.client.OAuthClient;
+import net.oauth.client.URLConnectionClient;
+
+public final class OAuthTestUtils {
+
+    public static final String CALLBACK = "http://www.example.com/callback";
+    public static final String APPLICATION_NAME = "Test Oauth 1.0 application";
+    public static final String CLIENT_ID = "12345678";
+    public static final String CLIENT_SECRET = "secret";
+    public static final String[] SIGN_METHOD = {"HMAC-SHA1", "PLAINTEXT"};
+
+
+    private OAuthTestUtils() {
+    }
+
+    public static OAuthMessage access(String url, String method, Map<String, String> params,
+                                      ParameterStyle style)
+        throws IOException, URISyntaxException, OAuthException {
+
+        OAuthConsumer consumer = new OAuthConsumer(null, params.get(OAuth.OAUTH_CONSUMER_KEY),
+            CLIENT_SECRET, null);
+
+        OAuthAccessor accessor = new OAuthAccessor(consumer);
+
+        OAuthMessage msg = accessor
+            .newRequestMessage(method, url, params.entrySet());
+
+        OAuthClient client = new OAuthClient(new URLConnectionClient());
+
+        return client.access(msg, style);
+    }
+
+    public static String readBody(OAuthMessage msg) throws IOException {
+        StringBuffer body = new StringBuffer();
+        InputStream responseBody = null;
+        BufferedReader br = null;
+        try {
+            responseBody = msg.getBodyAsStream();
+            if (responseBody != null) {
+                br = new BufferedReader(new InputStreamReader(responseBody));
+                String buf;
+                while ((buf = br.readLine()) != null) {
+                    body.append(buf);
+                }
+            }
+        } finally {
+            if (br != null) {
+                br.close();
+            }
+            if (responseBody != null) {
+                responseBody.close();
+            }
+        }
+        return body.toString().trim();
+    }
+
+    public static OAuth.Parameter findOAuthParameter(List<OAuth.Parameter> list, String key) {
+        for (OAuth.Parameter parameter : list) {
+            if (key.equals(parameter.getKey())) {
+                return parameter;
+            }
+        }
+        return null;
+    }
+
+    public static List<OAuth.Parameter> getResponseParams(OAuthMessage message) throws IOException {
+        String body = OAuthTestUtils.readBody(message);
+        return OAuth.decodeForm(body);
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/OAuthTestUtils.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/OAuthTestUtils.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/pom.xml?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/pom.xml (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/pom.xml Mon Sep 19 13:20:40 2011
@@ -0,0 +1,70 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.apache.cxf</groupId>
+    <artifactId>cxf-rt-rs-security-oauth</artifactId>
+    <version>2.5.0-SNAPSHOT</version>
+
+    <packaging>jar</packaging>
+    <name>Apache CXF Runtime OAuth 1.0a</name>
+    <url>http://cxf.apache.org</url>
+
+    <parent>
+        <artifactId>cxf-rt-rs-security-oauth-parent</artifactId>
+        <groupId>org.apache.cxf</groupId>
+        <version>2.5.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-frontend-jaxrs</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>net.oauth.core</groupId>
+            <artifactId>oauth-provider</artifactId>
+            <version>${oauth.version}</version>
+        </dependency>
+        
+        <dependency>
+            <groupId>${cxf.servlet-api.group}</groupId>
+            <artifactId>${cxf.servlet-api.artifact}</artifactId>
+            <version>${cxf.servlet-api.version}</version>
+        </dependency>
+        <!--test dependencies-->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.easymock</groupId>
+            <artifactId>easymock</artifactId>
+            <version>2.0</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+    
+</project>

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/pom.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/pom.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/pom.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.data;
+
+
+public class AccessToken extends Token {
+    public AccessToken(Client client, String tokenString,
+                       String tokenSecret) {
+        super(client, tokenString, tokenSecret, -1L);
+    }
+
+    public AccessToken(Client client, String tokenString,
+                       String tokenSecret, long lifeTime) {
+        super(client, tokenString, tokenSecret, lifeTime);
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,143 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.data;
+
+import java.util.Collections;
+import java.util.List;
+
+public class Client {
+    private String loginName;
+    private String consumerKey;
+    private String secretKey;
+    private String callbackURL;
+    private String applicationURI;
+    private String applicationName;
+    private List<String> scopes = Collections.emptyList();
+    private List<String> permissions = Collections.emptyList();
+
+    public Client(String loginName,
+            String consumerKey, String secretKey, String callbackURL,
+            String applicationName, List<String> scopes) {
+        this.loginName = loginName;
+        this.consumerKey = consumerKey;
+        this.secretKey = secretKey;
+        this.callbackURL = callbackURL;
+        this.applicationName = applicationName;
+        this.scopes = scopes;
+    }
+    
+    public Client(String loginName, String consumerKey, String secretKey, String callbackURL,
+                      String applicationName) {
+        this(loginName, consumerKey, secretKey, callbackURL, applicationName, 
+             Collections.<String>emptyList());
+    }
+
+    public Client(String loginName, String consumerKey, String secretKey, String callbackURL) {
+        this(loginName, consumerKey, secretKey, callbackURL, null);
+    }
+
+    public Client(String loginName, String consumerKey, String secretKey) {
+        this(loginName, consumerKey, secretKey, null);
+    }
+
+    public String getLoginName() {
+        return loginName;
+    }
+    
+    public List<String> getScopes() {
+        return scopes;
+    }
+    
+    public String getConsumerKey() {
+        return consumerKey;
+    }
+
+    public String getSecretKey() {
+        return secretKey;
+    }
+
+    public String getCallbackURL() {
+        return callbackURL;
+    }
+
+    public void setCallbackURL(String callbackURL) {
+        this.callbackURL = callbackURL;
+    }
+
+    public String getApplicationName() {
+        return applicationName;
+    }
+
+    public void setApplicationName(String applicationName) {
+        this.applicationName = applicationName;
+    }
+    
+    public String getApplicationURI() {
+        return applicationURI;
+    }
+
+    public void setApplicationURI(String applicationURI) {
+        this.applicationURI = applicationURI;
+    }
+
+    public List<String> getPermissions() {
+        return permissions;
+    }
+
+    public void setPermissions(List<String> permissions) {
+        this.permissions = permissions;
+    }
+    
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+
+        Client that = (Client)o;
+
+        if (applicationName != null ? !applicationName.equals(that.applicationName)
+            : that.applicationName != null) {
+            return false;
+        }
+        if (callbackURL != null ? !callbackURL.equals(that.callbackURL) : that.callbackURL != null) {
+            return false;
+        }
+        if (!consumerKey.equals(that.consumerKey)) {
+            return false;
+        }
+        if (!secretKey.equals(that.secretKey)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        int result = consumerKey.hashCode();
+        result = 31 * result + secretKey.hashCode();
+        result = 31 * result + (callbackURL != null ? callbackURL.hashCode() : 0);
+        result = 31 * result + (applicationName != null ? applicationName.hashCode() : 0);
+        return result;
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.data;
+
+import java.io.Serializable;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement(name = "authorizationData", 
+                namespace = "http://org.apache.cxf.rs.security.oauth")
+public class OAuthAuthorizationData implements Serializable {
+    private String oauthToken;
+    private String authenticityToken;
+    private String applicationName;
+    private String userName;
+    private String callback;
+    private String oauthVerifier;
+    private List<? extends Permission> permissions;
+    private List<String> scopes;
+
+    public OAuthAuthorizationData() {
+    }
+
+    public OAuthAuthorizationData(String oauthToken) {
+        this.oauthToken = oauthToken;
+    }
+
+    public String getOauthToken() {
+        return oauthToken;
+    }
+
+    public void setOauthToken(String oauthToken) {
+        this.oauthToken = oauthToken;
+    }
+
+    public String getApplicationName() {
+        return applicationName;
+    }
+
+    public void setApplicationName(String applicationName) {
+        this.applicationName = applicationName;
+    }
+
+    public String getUserName() {
+        return userName;
+    }
+
+    public void setUserName(String userName) {
+        this.userName = userName;
+    }
+
+    public String getCallback() {
+        return callback;
+    }
+
+    public void setCallback(String callback) {
+        this.callback = callback;
+    }
+
+    public String getOauthVerifier() {
+        return oauthVerifier;
+    }
+
+    public void setOauthVerifier(String oauthVerifier) {
+        this.oauthVerifier = oauthVerifier;
+    }
+
+    public List<? extends Permission> getPermissions() {
+        return permissions;
+    }
+
+    public void setPermissions(List<? extends Permission> permissions) {
+        this.permissions = permissions;
+    }
+
+    public void setScopes(List<String> scopes) {
+        this.scopes = scopes;
+    }
+
+    public List<String> getScopes() {
+        return scopes;
+    }
+
+    public void setAuthenticityToken(String authenticityToken) {
+        this.authenticityToken = authenticityToken;
+    }
+
+    public String getAuthenticityToken() {
+        return authenticityToken;
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.data;
+
+import java.util.Collections;
+import java.util.List;
+
+public class OAuthPermission extends Permission {
+    private List<String> roles;
+    private List<String> httpVerbs;
+
+    public OAuthPermission(String permission, String description, String role) {
+        this(permission, description, Collections.singletonList(role));
+    }
+
+    public OAuthPermission(String permission, String description, List<String> roles) {
+        super(permission, description);
+        this.roles = roles;
+    }
+    
+    public OAuthPermission(String permission, String description, 
+            List<String> roles, List<String> verbs) {
+        super(permission, description);
+        this.roles = roles;
+        this.httpVerbs = roles;
+    }
+    
+    public List<String> getRoles() {
+        return roles;
+    }
+    
+    public List<String> getHttpVerbs() {
+        return httpVerbs;
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.data;
+
+
+public class Permission {
+    private String permission;
+    private String description;
+    
+    public Permission(String permission, String description) {
+        this.description = description;
+        this.permission = permission;
+    }
+    
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    public String getPermission() {
+        return permission;
+    }
+
+    public void setPermission(String permission) {
+        this.permission = permission;
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.data;
+
+public class RequestToken extends Token {
+
+    private String oauthVerifier;
+    private String callback;
+    private String state;
+    
+    public RequestToken(Client client, String tokenString,
+                        String tokenSecret) {
+        this(client, tokenString, tokenSecret, -1L);
+    }
+
+    public RequestToken(Client client, String tokenString,
+                        String tokenSecret, Long lifetime) {
+        super(client, tokenString, tokenSecret, lifetime);
+    }
+
+    public void setOauthVerifier(String oauthVerifier) {
+        this.oauthVerifier = oauthVerifier;
+    }
+
+    public String getOauthVerifier() {
+        return oauthVerifier;
+    }
+
+    public void setCallback(String callback) {
+        this.callback = callback;
+    }
+
+    public String getCallback() {
+        return callback;
+    }
+
+    public void setState(String state) {
+        this.state = state;
+    }
+
+    public String getState() {
+        return state;
+    }
+
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.data;
+
+import java.util.List;
+
+public class RequestTokenRegistration {
+    private Client client; 
+    private String state;
+    private List<String> scopes;
+    private List<String> permissions;
+    private long lifetime;
+    
+    public void setClient(Client client) {
+        this.client = client;
+    }
+    public Client getClient() {
+        return client;
+    }
+    public void setState(String state) {
+        this.state = state;
+    }
+    public String getState() {
+        return state;
+    }
+    public void setScopes(List<String> scopes) {
+        this.scopes = scopes;
+    }
+    public List<String> getScopes() {
+        return scopes;
+    }
+    public void setPermissions(List<String> permissions) {
+        this.permissions = permissions;
+    }
+    public List<String> getPermissions() {
+        return permissions;
+    }
+    public void setLifetime(long lifetime) {
+        this.lifetime = lifetime;
+    }
+    public long getLifetime() {
+        return lifetime;
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,98 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.data;
+
+import java.util.List;
+
+
+public abstract class Token {
+
+    protected String tokenString;
+    protected String tokenSecret;
+    protected long issuedAt = -1;
+    protected long lifetime = -1;
+    protected Client client;
+    protected List<String> permissions;
+    protected List<String> scopes;
+    private List<String> httpVerbs;
+    
+    protected Token(Client client, String tokenString,
+                    String tokenSecret, long lifetime) {
+        this.client = client;
+        this.tokenString = tokenString;
+        this.tokenSecret = tokenSecret;
+        initTokenLifeTime(lifetime);
+    }
+
+    protected Token(Client client, String tokenString,
+                    String tokenSecret) {
+        this(client, tokenString, tokenSecret, -1);
+    }
+
+    private void initTokenLifeTime(Long lifetm) {
+        this.lifetime = lifetm;
+        issuedAt = System.currentTimeMillis() / 1000;
+    }
+
+    public Client getClient() {
+        return client;
+    }
+
+    public String getTokenString() {
+        return tokenString;
+    }
+
+    public String getTokenSecret() {
+        return tokenSecret;
+    }
+
+    public long getIssuedAt() {
+        return issuedAt;
+    }
+
+    public long getLifetime() {
+        return lifetime;
+    }
+
+    public List<String> getPermissions() {
+        return permissions == null || permissions.isEmpty() ? client.getPermissions() : permissions;
+    }
+
+    public void setPermissions(List<String> permissions) {
+        this.permissions = permissions;
+    }
+
+    public List<String> getScopes() {
+        return scopes == null || scopes.isEmpty() ? client.getScopes() : scopes;
+    }
+
+    public void setScopes(List<String> scopes) {
+        this.scopes = scopes;
+    }
+
+    public void setHttpVerbs(List<String> httpVerbs) {
+        this.httpVerbs = httpVerbs;
+    }
+
+    public List<String> getHttpVerbs() {
+        return httpVerbs;
+    }
+    
+    
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,161 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.filters;
+
+import java.security.Principal;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.servlet.http.HttpServletRequest;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.rs.security.oauth.data.AccessToken;
+import org.apache.cxf.rs.security.oauth.data.Client;
+import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
+import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.security.SecurityContext;
+
+
+public class AbstractAuthFilter {
+
+    public static final String OAUTH_AUTHORITIES = "oauth_authorities";
+
+    private static final Logger LOG = LogUtils.getL7dLogger(AbstractAuthFilter.class);
+
+    private OAuthDataProvider dataProvider;
+
+    protected AbstractAuthFilter() {
+        
+    }
+    
+    public void setOAuthDataProvider(OAuthDataProvider provider) {
+        dataProvider = provider;
+    }
+    
+    public OAuthInfo handleOAuthRequest(HttpServletRequest req) throws
+        Exception, OAuthProblemException {
+        if (LOG.isLoggable(Level.FINE)) {
+            LOG.log(Level.FINE, "OAuth security filter for url: {0}", req.getRequestURL());
+        }
+        
+        AccessToken accessToken = null;
+        Client authInfo = null;
+        
+        OAuthMessage oAuthMessage = OAuthServlet.getMessage(req, req.getRequestURL().toString());
+        if (oAuthMessage.getParameter(OAuth.OAUTH_TOKEN) != null) {
+            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
+                OAuth.OAUTH_TOKEN,
+                OAuth.OAUTH_SIGNATURE_METHOD,
+                OAuth.OAUTH_SIGNATURE,
+                OAuth.OAUTH_TIMESTAMP,
+                OAuth.OAUTH_NONCE);
+
+            accessToken = dataProvider.getAccessToken(oAuthMessage.getToken());
+
+            //check if access token is not null
+            if (accessToken == null) {
+                throw new OAuthProblemException();
+            }
+            //check valid scope
+            if (!checkScopes(req, accessToken.getScopes())) {
+                throw new OAuthProblemException();
+            }
+            if (accessToken.getHttpVerbs() != null 
+                && !accessToken.getHttpVerbs().contains(req.getMethod())) {
+                throw new OAuthProblemException();
+            }
+            authInfo = accessToken.getClient(); 
+            
+        } else {
+            String consumerKey = oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY);
+            authInfo = dataProvider.getClient(consumerKey);
+            if (!checkScopes(req, authInfo.getScopes())) {
+                throw new OAuthProblemException();
+            }
+        }
+        
+
+        OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(),
+            authInfo.getConsumerKey(),
+            authInfo.getSecretKey(), null);
+
+        OAuthAccessor accessor = new OAuthAccessor(consumer);
+        accessor.accessToken = accessToken.getTokenString();
+        accessor.tokenSecret = accessToken.getTokenSecret();
+        new DefaultOAuthValidator().validateMessage(oAuthMessage, accessor);
+
+        return new OAuthInfo(authInfo, accessToken, dataProvider);
+        
+    }
+
+    protected boolean checkScopes(HttpServletRequest request, List<String> scopes) {
+        if (scopes == null) {
+            return true;
+        }
+        String servletPath = request.getPathInfo();
+        boolean foundValidScope = false;
+        for (String scope : scopes) {
+            boolean wildcard = scope.endsWith("*");
+            if (wildcard) {
+                if (servletPath.startsWith(scope.substring(0, scope.length() - 1))) {
+                    foundValidScope = true;
+                    break;
+                }
+            } else {
+                if (scope.equals(servletPath)) {
+                    foundValidScope = true;
+                    break;
+                }
+            }
+        }
+        return foundValidScope;
+    }
+    
+    protected SecurityContext createSecurityContext(HttpServletRequest request, 
+                                                    final OAuthInfo info) {
+        request.setAttribute("oauth_authorities", info.getRoles());
+        return new SecurityContext() {
+
+            public Principal getUserPrincipal() {
+                return new SimplePrincipal(info.getClient().getLoginName());
+            }
+
+            @Override
+            public boolean isUserInRole(String role) {
+                List<String> roles = info.getRoles();
+                for (String authority : roles) {
+                    if (authority.equals(role)) {
+                        return true;
+                    }
+                }
+                return false;
+            }
+             
+        };
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.filters;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.cxf.rs.security.oauth.data.AccessToken;
+import org.apache.cxf.rs.security.oauth.data.Client;
+import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
+import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+
+public class OAuthInfo {
+    private Client client;
+    private AccessToken token;
+    private OAuthDataProvider provider;
+    public OAuthInfo(Client client, AccessToken token, OAuthDataProvider provider) {
+        this.client = client;
+        this.token = token;
+        this.provider = provider;
+    }
+    public Client getClient() {
+        return client;
+    }
+    public AccessToken getToken() {
+        return token;
+    }
+    
+    public List<String> getRoles() {
+        List<OAuthPermission> permissions = provider.getPermissionsInfo(
+            token != null ? token.getPermissions() : client.getPermissions());
+        List<String> authorities = new ArrayList<String>();
+        if (permissions != null) {
+            for (OAuthPermission permission : permissions) {
+                authorities.addAll(permission.getRoles());
+            }
+        }
+        return authorities;
+    }
+    
+    
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.filters;
+
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuthProblemException;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.jaxrs.ext.RequestHandler;
+import org.apache.cxf.jaxrs.model.ClassResourceInfo;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.security.SecurityContext;
+
+public class OAuthRequestFilter extends AbstractAuthFilter implements RequestHandler {
+    @Context
+    private MessageContext mc;
+   
+    public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
+        try {
+            OAuthInfo info = handleOAuthRequest(mc.getHttpServletRequest());
+            setSecurityContext(m, info);
+            
+        } catch (OAuthProblemException e) {
+            return Response.status(401).header("WWW-Authenticate", "OAuth").build();
+        } catch (Exception e) {
+            return Response.status(401).header("WWW-Authenticate", "OAuth").build();
+        }
+        return null;
+    }
+
+    private void setSecurityContext(Message m, OAuthInfo info) {
+        
+        SecurityContext sc = createSecurityContext(mc.getHttpServletRequest(), info);
+        m.setContent(SecurityContext.class, sc);
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.filters;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import javax.servlet.http.HttpServletResponse;
+
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
+import org.apache.cxf.security.SecurityContext;
+
+
+public class OAuthServletFilter extends AbstractAuthFilter implements javax.servlet.Filter {
+
+    public void init(FilterConfig filterConfig) throws ServletException {
+        ServletContext servletContext = filterConfig.getServletContext();
+        super.setOAuthDataProvider(OAuthUtils.getOAuthDataProvider(servletContext));
+    }
+
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws
+        IOException, ServletException {
+        HttpServletRequest req = (HttpServletRequest)request;
+        HttpServletResponse resp = (HttpServletResponse)response;
+
+        try {
+            OAuthInfo info = handleOAuthRequest(req);
+            req = setSecurityContext(req, info);
+            chain.doFilter(req, resp);
+        } catch (OAuthProblemException e) {
+            OAuthServlet.handleException(resp, e, "");
+        } catch (Exception e) {
+            OAuthServlet.handleException(resp, e, "");
+        }
+    }
+
+    protected HttpServletRequest setSecurityContext(HttpServletRequest request, 
+                                                    OAuthInfo info) {
+        final SecurityContext sc = createSecurityContext(request, info);
+        HttpServletRequest newRequest = new HttpServletRequestWrapper(request) {
+        
+            @Override
+            public Principal getUserPrincipal() {
+                return sc.getUserPrincipal();
+            }
+            
+            @Override
+            public boolean isUserInRole(String role) {
+                return sc.isUserInRole(role);
+            }
+            
+            @Override
+            public String getAuthType() {
+                return "OAuth";
+            }
+        };
+        return newRequest;
+    }
+    
+    public void destroy() {
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth.provider;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.SimpleOAuthValidator;
+
+import org.apache.cxf.rs.security.oauth.data.Token;
+
+
+public class DefaultOAuthValidator extends SimpleOAuthValidator {
+
+    public DefaultOAuthValidator() {
+    }
+
+    public void checkParameters(OAuthMessage message) throws OAuthException, IOException, URISyntaxException {
+        super.checkSingleParameters(message);
+    }
+
+    public void validateToken(Token token) throws OAuthProblemException {
+        if (token == null) {
+            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
+        } else {
+            Long issuedAt = token.getIssuedAt();
+            Long lifetime = token.getLifetime();
+            if (lifetime != -1
+                && (issuedAt + lifetime < (System.currentTimeMillis() / 1000))) {
+                throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
+            }
+        }
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5TokenGenerator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5TokenGenerator.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5TokenGenerator.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5TokenGenerator.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.provider;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import net.oauth.OAuthException;
+
+
+public class MD5TokenGenerator {
+    public String generateToken(byte[] input) throws OAuthException {
+        if (input == null) {
+            throw new OAuthException("You have to pass input to Token Generator");
+        }
+
+        try {
+            MessageDigest algorithm = MessageDigest.getInstance("MD5");
+            algorithm.reset();
+            algorithm.update(input);
+            byte[] messageDigest = algorithm.digest();
+            StringBuffer hexString = new StringBuffer();
+            for (int i = 0; i < messageDigest.length; i++) {
+                hexString.append(Integer.toHexString(0xFF & messageDigest[i]));
+            }
+
+            return hexString.toString();
+        } catch (NoSuchAlgorithmException e) {
+            throw new OAuthException(e);
+        }
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5TokenGenerator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5TokenGenerator.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth.provider;
+
+import java.util.List;
+
+
+import org.apache.cxf.rs.security.oauth.data.AccessToken;
+import org.apache.cxf.rs.security.oauth.data.Client;
+import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
+import org.apache.cxf.rs.security.oauth.data.RequestToken;
+import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
+
+
+public interface OAuthDataProvider {
+
+    Client getClient(String clientId) throws OAuthServiceException;
+
+    RequestToken createRequestToken(RequestTokenRegistration reg) throws OAuthServiceException;
+
+    RequestToken getRequestToken(String requestToken) throws OAuthServiceException;
+
+    String createRequestTokenVerifier(RequestToken requestToken) throws OAuthServiceException;
+    
+    AccessToken createAccessToken(RequestToken requestToken) throws OAuthServiceException;
+
+    AccessToken getAccessToken(String accessToken) throws OAuthServiceException;
+
+    void removeTokens(String clientId) throws OAuthServiceException;;
+
+    List<OAuthPermission> getPermissionsInfo(List<String> requestPermissions);
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth.provider;
+
+public class OAuthServiceException extends RuntimeException {
+
+    public OAuthServiceException(String message) {
+        super(message);
+    }
+    
+    public OAuthServiceException(Throwable cause) {
+        super(cause);
+    }
+    
+    public OAuthServiceException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.services;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.Context;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
+
+
+public abstract class AbstractOAuthService {
+    private MessageContext mc;
+    
+    private OAuthDataProvider dataProvider;
+
+    @Context 
+    public void setMessageContext(MessageContext context) {
+        this.mc = context;    
+    }
+    
+    public void setDataProvider(OAuthDataProvider dataProvider) {
+        this.dataProvider = dataProvider;
+    }
+
+    protected OAuthDataProvider getDataProvider() {
+        return OAuthUtils.getOAuthDataProvider(dataProvider, mc.getServletContext());
+    }
+    
+    protected HttpServletRequest getHttpRequest() {
+        return mc.getHttpServletRequest();
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date



Mime
View raw message