cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1172611 [2/2] - in /cxf/trunk: rt/ rt/rs/security/oauth-parent/ rt/rs/security/oauth-parent/oauth-test/ rt/rs/security/oauth-parent/oauth-test/src/ rt/rs/security/oauth-parent/oauth-test/src/main/ rt/rs/security/oauth-parent/oauth-test/src...
Date Mon, 19 Sep 2011 13:20:42 GMT
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,110 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.services;
+
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.rs.security.oauth.data.AccessToken;
+import org.apache.cxf.rs.security.oauth.data.Client;
+import org.apache.cxf.rs.security.oauth.data.RequestToken;
+import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
+import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
+
+
+public class AccessTokenHandler {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(AccessTokenHandler.class);
+
+    public Response handle(HttpServletRequest request, OAuthDataProvider dataProvider) {
+        OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+
+        try {
+            OAuthUtils.addParametersIfNeeded(request, oAuthMessage);
+            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
+                OAuth.OAUTH_TOKEN,
+                OAuth.OAUTH_SIGNATURE_METHOD,
+                OAuth.OAUTH_SIGNATURE,
+                OAuth.OAUTH_TIMESTAMP,
+                OAuth.OAUTH_NONCE,
+                OAuth.OAUTH_VERIFIER);
+
+            RequestToken requestToken = dataProvider.getRequestToken(oAuthMessage.getToken());
+            if (requestToken == null) {
+                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
+            }
+            String oauthVerifier = oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER);
+            if (oauthVerifier == null || !oauthVerifier.equals(requestToken.getOauthVerifier())) {
+                throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
+            }
+            
+            Client authInfo = requestToken.getClient();
+            OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
+                authInfo.getSecretKey(), null);
+            OAuthAccessor accessor = new OAuthAccessor(consumer);
+            accessor.requestToken = requestToken.getTokenString();
+            accessor.tokenSecret = requestToken.getTokenSecret();
+            try {
+                new DefaultOAuthValidator().validateMessage(oAuthMessage, accessor);
+            } catch (URISyntaxException e) {
+                throw new OAuthException(e);
+            }
+
+            AccessToken accessToken = dataProvider.createAccessToken(requestToken);
+
+            //create response
+            Map<String, Object> responseParams = new HashMap<String, Object>();
+            responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenString());
+            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
+
+            String responseString = OAuth.formEncode(responseParams.entrySet());
+            return Response.ok(responseString).build();
+
+        } catch (OAuthProblemException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, e.getHttpStatusCode(),
+                String.valueOf(e.getParameters().get("realm")));
+        } catch (Exception e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "Server Exception: {0}", new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth.services;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Response;
+
+
+/**
+ * This resource will replace a request token with a new access token
+ */
+@Path("/token")
+public class AccessTokenService extends AbstractOAuthService {
+
+    private AccessTokenHandler handler = new AccessTokenHandler();
+    
+    public void setAccessTokenHandler(AccessTokenHandler h) {
+        this.handler = h;
+    }
+    
+    @GET
+    @Produces("application/x-www-form-urlencoded")
+    public Response getAccessToken() {
+        return handler.handle(getHttpRequest(), getDataProvider());
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,169 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.services;
+
+import java.net.URI;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.rs.security.oauth.data.Client;
+import org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData;
+import org.apache.cxf.rs.security.oauth.data.RequestToken;
+import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
+import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
+
+
+public class AuthorizationRequestHandler {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(AuthorizationRequestHandler.class);
+
+    public Response handle(HttpServletRequest request, OAuthDataProvider dataProvider) {
+
+        try {
+            LOG.log(Level.INFO, "Resource Owner Authorization Endpoint invoked");
+
+            //create security token that is passed to sign in page and validate it in confirmation service
+            OAuthAuthorizationData secData = new OAuthAuthorizationData();
+
+            OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString()
+            );
+            OAuthUtils.addParametersIfNeeded(request, oAuthMessage);
+            oAuthMessage.requireParameters(OAuth.OAUTH_TOKEN);
+            new DefaultOAuthValidator().checkParameters(oAuthMessage);
+
+
+            RequestToken token = dataProvider.getRequestToken(oAuthMessage.getToken());
+            if (token == null) {
+                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
+            }
+            
+            if (!compareRequestSessionTokens(request)) {
+                secData.setPermissions(
+                        dataProvider.getPermissionsInfo(token.getPermissions()));
+                secData.setScopes(token.getScopes());
+                addAuthenticityTokenToSession(secData, request);
+                return Response.ok(addAdditionalParams(secData, token)).build();
+            }
+            
+            String decision = request.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
+            Client clientInfo = token.getClient();
+            if (!OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision)) {
+                //user not authorized client
+                secData.setCallback(clientInfo.getCallbackURL());
+                return Response.ok(addAdditionalParams(secData, token)).build();
+            }
+
+            String verifier = dataProvider.createRequestTokenVerifier(token);
+            
+
+            String callbackURL = clientInfo.getCallbackURL();
+
+            Map<String, String> queryParams = new HashMap<String, String>();
+            queryParams.put(OAuth.OAUTH_VERIFIER, verifier);
+            queryParams.put(OAuth.OAUTH_TOKEN, token.getTokenString());
+            if (token.getState() != null) {
+                queryParams.put("state", token.getState());
+            }
+            callbackURL = buildCallbackUrl(callbackURL, queryParams);
+
+
+            return Response.seeOther(URI.create(callbackURL))
+                    .build();
+        } catch (OAuthProblemException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[]{e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, e.getHttpStatusCode(),
+                    String.valueOf(e.getParameters().get("realm")));
+        } catch (Exception e) {
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "Server exception: {0}", new Object[]{e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    protected String buildCallbackUrl(String callbackURL, final Map<String, String> queryParams) {
+
+        boolean containsQuestionMark = callbackURL.contains("?");
+
+
+        StringBuffer query = new StringBuffer(OAuthUtils.format(queryParams.entrySet(), "UTF-8"));
+        StringBuffer url = new StringBuffer(callbackURL);
+
+        if (!StringUtils.isEmpty(url.toString())) {
+            if (containsQuestionMark) {
+                url.append("&").append(query);
+            } else {
+                url.append("?").append(query);
+            }
+        }
+
+        return url.toString();
+    }
+    
+    protected OAuthAuthorizationData addAdditionalParams(OAuthAuthorizationData secData,
+                                                         RequestToken token) {
+        secData.setOauthToken(token.getTokenString());
+        secData.setApplicationName(token.getClient().getApplicationName()); 
+        secData.setUserName(token.getClient().getLoginName());
+      
+        return secData;
+    }
+    
+    private void addAuthenticityTokenToSession(OAuthAuthorizationData secData,
+            HttpServletRequest request) {
+        HttpSession session = request.getSession();
+        String value = UUID.randomUUID().toString();
+        
+        secData.setAuthenticityToken(value);
+        session.setAttribute(OAuthConstants.AUTHENTICITY_TOKEN, value);
+    }
+    
+    private boolean compareRequestSessionTokens(HttpServletRequest request) {
+        HttpSession session = request.getSession();
+        String requestToken = request.getParameter(OAuthConstants.AUTHENTICITY_TOKEN);
+        String sessionToken = (String) session.getAttribute(OAuthConstants.AUTHENTICITY_TOKEN);
+        
+        if (StringUtils.isEmpty(requestToken) || StringUtils.isEmpty(sessionToken)) {
+            return false;
+        }
+        
+        boolean b = requestToken.equals(sessionToken);
+        session.removeAttribute(OAuthConstants.AUTHENTICITY_TOKEN);
+        return b;
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,64 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth.services;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Response;
+
+
+/**
+ * This resource handles the End User authorising
+ * or denying the Client to access its resources.
+ * If End User approves the access this resource will
+ * redirect End User back to the Client, supplying 
+ * a request token verifier (aka authorization code)
+ */
+public class AuthorizationRequestService extends AbstractOAuthService {
+
+    private AuthorizationRequestHandler handler = new AuthorizationRequestHandler();
+    
+    public void setAuthorizationRequestHandler(AuthorizationRequestHandler h) {
+        this.handler = h;
+    }
+    
+    @GET
+    @Path("/authorize")
+    @Produces({"application/xhtml+xml", "text/html", "application/xml", "application/json" })
+    public Response authorize() {
+        return handler.handle(getHttpRequest(), getDataProvider());
+    }
+
+    @GET
+    @Path("/authorizeDecision")
+    public Response authorizeDecision() {
+        return authorize();
+    }
+    
+    @POST
+    @Path("/authorizeDecision")
+    @Consumes("application/x-www-form-urlencoded")
+    public Response authorizeDecisionForm() {
+        return authorizeDecision();
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,99 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.services;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+
+/**
+ * Default OAuth service implementation
+ */
+@Path("/")
+public class OAuthDefaultServices {
+
+    private AuthorizationRequestService authorizeService = 
+        new AuthorizationRequestService();
+    private AccessTokenService accessTokenService =
+        new AccessTokenService();
+    private RequestTokenService requestTokenService = 
+        new RequestTokenService();
+    
+    public OAuthDefaultServices() {
+    }
+
+    @Context 
+    public void setMessageContext(MessageContext mc) {
+        this.authorizeService.setMessageContext(mc);
+        this.accessTokenService.setMessageContext(mc);
+        this.requestTokenService.setMessageContext(mc);
+    }
+    
+    public void setAuthorizationService(AuthorizationRequestService service) {
+        this.authorizeService = service;
+    }
+    
+    public void setAccessTokenService(AccessTokenService service) {
+        this.accessTokenService = service;
+    }
+
+    public void setRequestTokenservice(RequestTokenService service) {
+        this.requestTokenService = service;
+    }
+
+    @POST
+    @Path("/initiate")
+    @Produces("application/x-www-form-urlencoded")
+    public Response getRequestToken() {
+        return requestTokenService.getRequestToken();
+    }
+
+    @GET
+    @Path("/authorize")
+    @Produces({"application/xhtml+xml", "text/html", "application/xml", "application/json" })
+    public Response authorize() {
+        return authorizeService.authorize();
+    }
+    
+    @GET
+    @Path("/authorizeDecision")
+    public Response authorizeDecision() {
+        return authorizeService.authorizeDecision();
+    }
+    
+    @POST
+    @Path("/authorizeDecision")
+    @Consumes("application/x-www-form-urlencoded")
+    public Response authorizeDecisionForm() {
+        return authorizeService.authorizeDecision();
+    }
+
+    @GET
+    @Path("/token")
+    @Produces("application/x-www-form-urlencoded")
+    public Response getAccessToken() {
+        return accessTokenService.getAccessToken();
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,179 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.services;
+
+import java.net.URISyntaxException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.rs.security.oauth.data.Client;
+import org.apache.cxf.rs.security.oauth.data.RequestToken;
+import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
+import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
+import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
+
+public class RequestTokenHandler {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(RequestTokenHandler.class);
+    
+    private long tokenLifetime = 3600L;
+    private String defaultPermission;
+    private String defaultScope;
+    
+    public Response handle(HttpServletRequest request, OAuthDataProvider dataProvider) {
+        try {
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.log(Level.FINE, "Temporary Service Credentials service invoked by host: {0}",
+                    new Object[] {request.getRemoteHost()});
+            }
+            OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+            OAuthUtils.addParametersIfNeeded(request, oAuthMessage);
+            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
+                OAuth.OAUTH_SIGNATURE_METHOD,
+                OAuth.OAUTH_SIGNATURE,
+                OAuth.OAUTH_TIMESTAMP,
+                OAuth.OAUTH_NONCE,
+                OAuth.OAUTH_CALLBACK);
+
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.log(Level.FINE, "All required OAuth parameters are present");
+            }
+
+            Client client = dataProvider
+                .getClient(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));
+            //client credentials not found
+            if (client == null) {
+                OAuthProblemException problemEx = new OAuthProblemException(
+                    OAuth.Problems.CONSUMER_KEY_UNKNOWN);
+                problemEx
+                    .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
+                        HttpServletResponse.SC_UNAUTHORIZED);
+                throw problemEx;
+            }
+
+            OAuthConsumer consumer = new OAuthConsumer(oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK),
+                client.getConsumerKey(), client.getSecretKey(), null);
+
+            OAuthAccessor accessor = new OAuthAccessor(consumer);
+
+            //validate message
+            try {
+                new DefaultOAuthValidator().validateMessage(oAuthMessage, accessor);
+            } catch (URISyntaxException e) {
+                throw new OAuthException(e);
+            }
+
+            String callback = oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK);
+            validateCallbackURL(client, callback);
+
+            List<String> permissions = OAuthUtils.parsePermissionsFromRequest(oAuthMessage);
+            if (permissions.isEmpty() && defaultPermission != null) {
+                permissions = Collections.singletonList(defaultPermission);
+            }
+            List<String> scopes = OAuthUtils.parseScopesFromRequest(oAuthMessage);
+            if (scopes.isEmpty() && defaultScope != null) {
+                scopes = Collections.singletonList(defaultScope);    
+            }
+            
+            RequestTokenRegistration reg = new RequestTokenRegistration();
+            reg.setClient(client);
+            reg.setState(oAuthMessage.getParameter("state"));
+            reg.setScopes(scopes);
+            reg.setPermissions(permissions);
+            reg.setLifetime(tokenLifetime);
+            
+            RequestToken requestToken = dataProvider.createRequestToken(reg);
+
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
+            }
+            //create response
+            Map<String, Object> responseParams = new HashMap<String, Object>();
+            responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenString());
+            responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
+            responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);
+
+            String responseBody = OAuth.formEncode(responseParams.entrySet());
+
+            return Response.ok(responseBody).build();
+        } catch (OAuthProblemException e) {
+            if (LOG.isLoggable(Level.WARNING)) {
+                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, e.getHttpStatusCode(),
+                String.valueOf(e.getParameters().get("realm")));
+        } catch (Exception e) {
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
+                    new Object[] {e.fillInStackTrace()});
+            }
+            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    protected void validateCallbackURL(Client client,
+                                       String oauthCallback) throws OAuthProblemException {
+
+        if (!StringUtils.isEmpty(client.getCallbackURL())
+            && !client.getCallbackURL().equals(oauthCallback)
+                || !StringUtils.isEmpty(client.getApplicationURI())
+                    && !oauthCallback.startsWith(client.getApplicationURI())) {
+            OAuthProblemException problemEx = new OAuthProblemException(
+                OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK);
+            problemEx
+                .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
+                    HttpServletResponse.SC_BAD_REQUEST);
+            throw problemEx;
+            
+        }
+        
+    }
+
+    public void setTokenLifetime(long tokenLifetime) {
+        this.tokenLifetime = tokenLifetime;
+    }
+
+    public void setDefaultPermission(String defaultPermission) {
+        this.defaultPermission = defaultPermission;
+    }
+    
+    public void setDefaultScope(String defaultScope) {
+        this.defaultScope = defaultScope;
+    }
+        
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth.services;
+
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Response;
+
+
+/**
+ * This resource issues a temporarily request token to the Client
+ * which will be later authorised and exchanged for the access token 
+ */
+@Path("/initiate")
+public class RequestTokenService extends AbstractOAuthService {
+
+    private RequestTokenHandler handler = new RequestTokenHandler();
+    
+    public void setRequestTokenHandler(RequestTokenHandler h) {
+        this.handler = h;
+    }
+    
+    @POST
+    @Produces("application/x-www-form-urlencoded")
+    public Response getRequestToken() {
+        return handler.handle(getHttpRequest(), getDataProvider());
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth.utils;
+
+public final class OAuthConstants {
+    
+    public static final String OAUTH_DATA_PROVIDER_CLASS = "oauth.data.provider-class";
+    public static final String OAUTH_DATA_VALIDATOR_CLASS = "oauth.data.validator-class";
+    public static final String OAUTH_DATA_PROVIDER_INSTANCE_KEY = "oauth.data.provider-instance.key";
+
+    public static final String VERIFIER_INVALID = "verifier_invalid";
+
+    public static final String AUTHENTICITY_TOKEN = "session_authenticity_token";
+    public static final String X_OAUTH_SCOPE = "x_oauth_scope";
+    public static final String X_OAUTH_PERMISSION = "x_oauth_permission";
+
+    public static final String AUTHORIZATION_DECISION_KEY = "oauthDecision";
+    public static final String AUTHORIZATION_DECISION_ALLOW = "allow";
+    public static final String AUTHORIZATION_DECISION_DENY = "deny";
+
+    private OAuthConstants() {
+        
+    }
+
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,218 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.utils;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthMessage;
+import net.oauth.OAuthProblemException;
+
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.jaxrs.impl.MetadataMap;
+import org.apache.cxf.jaxrs.utils.FormUtils;
+import org.apache.cxf.rs.security.oauth.data.RequestToken;
+import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
+import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+
+public final class OAuthUtils {
+
+    private static final String PARAMETER_SEPARATOR = "&";
+    private static final String NAME_VALUE_SEPARATOR = "=";
+
+    private OAuthUtils() {
+    }
+
+    public static void addParametersIfNeeded(HttpServletRequest request,
+            OAuthMessage oAuthMessage) throws IOException {
+        if (oAuthMessage.getParameters().isEmpty() 
+            && MediaType.APPLICATION_FORM_URLENCODED.equals(oAuthMessage.getBodyType())) {
+            String enc = oAuthMessage.getBodyEncoding();
+            enc = enc == null ? "UTF-8" : enc;
+            String body = FormUtils.readBody(oAuthMessage.getBodyAsStream(), enc);
+            MultivaluedMap<String, String> map = new MetadataMap<String, String>();
+            FormUtils.populateMapFromString(map, body, enc, true, request);
+            for (String key : map.keySet()) {
+                oAuthMessage.addParameter(key, map.getFirst(key));
+            }
+        }
+    }
+    
+    
+    public static Response handleException(Exception e, int status) {
+        return handleException(e, status, null);
+    }
+
+    public static Response handleException(Exception e, int status,
+                                           String realm) {
+        if (e instanceof OAuthProblemException) {
+            OAuthProblemException problem = (OAuthProblemException) e;
+            OAuthMessage message = new OAuthMessage(null, null, problem
+                    .getParameters().entrySet());
+            try {
+                return
+                        Response.status(status).header("WWW-Authenticate",
+                                message.getAuthorizationHeader(realm)).entity(e.getMessage()).build();
+            } catch (IOException e1) {
+                throw new WebApplicationException(
+                        Response.status(status).entity(e.getMessage()).build());
+            }
+        }
+        throw new WebApplicationException(
+                Response.status(status).entity(e.getMessage()).build());
+    }
+
+    public static List<String> parseParamFromRequest(String paramValue) throws IOException {
+        
+        List<String> scopeList = new ArrayList<String>();
+
+        if (!StringUtils.isEmpty(paramValue)) {
+            StringTokenizer tokenizer = new StringTokenizer(paramValue, ",");
+
+            while (tokenizer.hasMoreTokens()) {
+                String token = tokenizer.nextToken();
+                scopeList.add(token);
+            }
+        }
+        return scopeList;
+    }
+
+    public static List<String> parsePermissionsFromRequest(OAuthMessage message) throws IOException {
+        return parseParamFromRequest(message.getParameter(OAuthConstants.X_OAUTH_PERMISSION));
+    }
+    
+    public static List<String> parseScopesFromRequest(OAuthMessage message) throws IOException {
+        return parseParamFromRequest(message.getParameter(OAuthConstants.X_OAUTH_SCOPE));
+    }
+
+    /**
+     * Translates parameters into <code>application/x-www-form-urlencoded</code> String
+     *
+     * @param parameters parameters to encode
+     * @param encoding   The name of a supported
+     *                   <a href="../lang/package-summary.html#charenc">character
+     *                   encoding</a>.
+     * @return Translated string
+     */
+    public static String format(
+            final Collection<? extends Map.Entry<String, String>> parameters,
+            final String encoding) {
+        final StringBuilder result = new StringBuilder();
+        for (final Map.Entry<String, String> parameter : parameters) {
+            if (!StringUtils.isEmpty(parameter.getKey())
+                    && !StringUtils.isEmpty(parameter.getValue())) {
+                final String encodedName = encode(parameter.getKey(), encoding);
+                final String value = parameter.getValue();
+                final String encodedValue = value != null ? encode(value, encoding) : "";
+                if (result.length() > 0) {
+                    result.append(PARAMETER_SEPARATOR);
+                }
+                result.append(encodedName);
+                result.append(NAME_VALUE_SEPARATOR);
+                result.append(encodedValue);
+            }
+        }
+        return result.toString();
+    }
+
+    private static String encode(final String content, final String encoding) {
+        try {
+            return URLEncoder.encode(content,
+                    encoding != null ? encoding : "UTF-8");
+        } catch (UnsupportedEncodingException problem) {
+            throw new IllegalArgumentException(problem);
+        }
+    }
+
+    public static RequestToken handleTokenRejectedException() throws OAuthProblemException {
+        OAuthProblemException problemEx = new OAuthProblemException(
+                OAuth.Problems.TOKEN_REJECTED);
+        problemEx
+                .setParameter(OAuthProblemException.HTTP_STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);
+        throw problemEx;
+    }
+
+    public static Object instantiateClass(String className) throws Exception {
+        Class<?> clazz = ClassLoaderUtils.loadClass(className, OAuthUtils.class);
+        return clazz.newInstance();
+    }
+
+    public static synchronized OAuthDataProvider getOAuthDataProvider(
+            OAuthDataProvider provider,
+            ServletContext servletContext) {
+        if (provider != null) {
+            return provider;
+        }
+        return getOAuthDataProvider(servletContext);
+    }
+    
+    public static synchronized OAuthDataProvider getOAuthDataProvider(
+            ServletContext servletContext) {
+        OAuthDataProvider dataProvider = (OAuthDataProvider) servletContext
+                .getAttribute(OAuthConstants.OAUTH_DATA_PROVIDER_INSTANCE_KEY);
+
+        if (dataProvider == null) {
+            String dataProviderClassName = servletContext
+                    .getInitParameter(OAuthConstants.OAUTH_DATA_PROVIDER_CLASS);
+
+            if (StringUtils.isEmpty(dataProviderClassName)) {
+                throw new RuntimeException(
+                        "There should be provided [ " + OAuthConstants.OAUTH_DATA_PROVIDER_CLASS
+                                + " ] context init param in web.xml");
+            }
+            
+            String oauthValidatorClassName = servletContext
+                    .getInitParameter(OAuthConstants.OAUTH_DATA_VALIDATOR_CLASS);
+
+            if (StringUtils.isEmpty(oauthValidatorClassName)) {
+                //if no validator was provided fallback to default validator
+                oauthValidatorClassName = DefaultOAuthValidator.class.getName();
+            }
+
+            try {
+                dataProvider = (OAuthDataProvider) OAuthUtils
+                        .instantiateClass(dataProviderClassName);
+               
+                servletContext
+                        .setAttribute(OAuthConstants.OAUTH_DATA_PROVIDER_INSTANCE_KEY, dataProvider);
+            } catch (Exception e) {
+                throw new RuntimeException(
+                        "Cannot instantiate OAuth Data Provider class: " + dataProviderClassName, e);
+            }
+        }
+
+        return dataProvider;
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/pom.xml?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/pom.xml (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/pom.xml Mon Sep 19 13:20:40 2011
@@ -0,0 +1,53 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing scopes and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.apache.cxf</groupId>
+    <artifactId>cxf-rt-rs-security-oauth-parent</artifactId>
+    <version>2.5.0-SNAPSHOT</version>
+    <packaging>pom</packaging>
+    <name>Apache CXF Runtime RS Security OAuth Parent</name>
+    <url>http://cxf.apache.org</url>
+
+    <parent>
+        <groupId>org.apache.cxf</groupId>
+        <artifactId>cxf-parent</artifactId>
+        <version>2.5.0-SNAPSHOT</version>
+        <relativePath>../../../parent/pom.xml</relativePath>
+    </parent>
+    <properties>
+        <oauth.version>20100527</oauth.version>
+    </properties> 
+
+
+    <modules>
+        <module>oauth</module>
+        <module>oauth-test</module> 
+    </modules>
+
+    <repositories>
+        <repository>
+            <id>oauth</id>
+            <name>OAuth Repository</name>
+            <url>http://oauth.googlecode.com/svn/code/maven/</url>
+        </repository>
+    </repositories>
+</project>

Propchange: cxf/trunk/rt/rs/security/oauth-parent/pom.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/pom.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/rs/security/oauth-parent/pom.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Modified: cxf/trunk/systests/rs-security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/pom.xml?rev=1172611&r1=1172610&r2=1172611&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/pom.xml (original)
+++ cxf/trunk/systests/rs-security/pom.xml Mon Sep 19 13:20:40 2011
@@ -33,6 +33,7 @@
     
     <properties>
         <cxf.surefire.fork.mode>pertest</cxf.surefire.fork.mode>
+        <oauth.version>20100527</oauth.version>
     </properties>
     
     <dependencies>
@@ -41,25 +42,6 @@
             <artifactId>xalan</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.apache.abdera</groupId>
-            <artifactId>abdera-core</artifactId>
-            <version>${cxf.abdera.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.abdera</groupId>
-            <artifactId>abdera-parser</artifactId>
-            <version>${cxf.abdera.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.abdera</groupId>
-            <artifactId>abdera-extensions-json</artifactId>
-            <version>${cxf.abdera.version}</version>
-        </dependency>
-        <dependency>
-          <groupId>org.apache.ant</groupId>
-          <artifactId>ant</artifactId>
-        </dependency>
-         <dependency>
        		<groupId>org.eclipse.jetty</groupId>
        		<artifactId>jetty-server</artifactId>
         </dependency>
@@ -73,11 +55,6 @@
        		<artifactId>jetty-webapp</artifactId>
         </dependency>
         <dependency>
-           <groupId>org.eclipse.jetty</groupId>
-           <artifactId>jetty-jsp-2.1</artifactId>
-           <version>${cxf.jetty.version}</version>
-       </dependency>
-        <dependency>
             <groupId>${cxf.servlet-api.group}</groupId>
             <artifactId>${cxf.servlet-api.artifact}</artifactId>
         </dependency>
@@ -103,34 +80,20 @@
         </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-databinding-xmlbeans</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-frontend-jaxws</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-ws-policy</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-rs-security-xml</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-frontend-js</artifactId>
+            <artifactId>cxf-rt-rs-security-oauth</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-bindings-soap</artifactId>
+            <artifactId>cxf-rt-rs-security-oauth-test</artifactId>
             <version>${project.version}</version>
-        </dependency>
+            <scope>test</scope>
+        </dependency>  
         <dependency>
             <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-bindings-http</artifactId>
@@ -138,24 +101,9 @@
         </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-databinding-aegis</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-transports-http</artifactId>
             <version>${project.version}</version>
         </dependency>
-         <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-transports-jms</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.activemq</groupId>
-            <artifactId>activemq-core</artifactId>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-transports-http-jetty</artifactId>
@@ -168,11 +116,6 @@
          </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-transports-local</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-frontend-jaxrs</artifactId>
             <version>${project.version}</version>
         </dependency>
@@ -183,24 +126,17 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-databinding-sdo</artifactId>
-            <version>${project.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-management-web</artifactId>
-            <version>${project.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
           <groupId>javax.annotation</groupId>
           <artifactId>jsr250-api</artifactId>
           <version>1.0</version>
           <scope>test</scope>
         </dependency>
-
+        <dependency>
+            <groupId>net.oauth.core</groupId>
+            <artifactId>oauth-consumer</artifactId>
+            <version>${oauth.version}</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-aop</artifactId>
@@ -236,17 +172,6 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>httpunit</groupId>
-            <artifactId>httpunit</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>nekohtml</groupId>
-            <artifactId>nekohtml</artifactId>
-            <version>1.9.6.2</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-core</artifactId>
         </dependency>
@@ -256,21 +181,6 @@
             <version>${cxf.spring.version}</version>
         </dependency>
         <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-core</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-core-tiger</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-acl</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
             <scope>test</scope>
@@ -289,35 +199,11 @@
             <artifactId>FastInfoset</artifactId>
         </dependency>
         <dependency>
-            <groupId>rhino</groupId>
-            <artifactId>js</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.xmlbeans</groupId>
-            <artifactId>xmlbeans</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
             <groupId>org.codehaus.jettison</groupId>
             <artifactId>jettison</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>commons-httpclient</groupId>
-            <artifactId>commons-httpclient</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-          <groupId>org.codehaus.jackson</groupId>
-          <artifactId>jackson-jaxrs</artifactId>
-          <version>1.2.0</version>
-        </dependency>
-        <dependency>
-          <groupId>org.codehaus.jackson</groupId>
-          <artifactId>jackson-core-asl</artifactId>
-          <version>1.2.0</version>
-        </dependency>
+        
     </dependencies>
     
     <build>
@@ -383,6 +269,12 @@
             </build>
         </profile>
     </profiles>
-    
+    <repositories>
+        <repository>
+            <id>oauth</id>
+            <name>OAuth Repository</name>
+            <url>http://oauth.googlecode.com/svn/code/maven/</url>
+        </repository>
+    </repositories>
     
 </project>

Added: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/OAuthServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/OAuthServer.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/OAuthServer.java (added)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/OAuthServer.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.oauth;
+
+import java.net.URISyntaxException;
+
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.TestUtil;
+import org.eclipse.jetty.server.Connector;
+import org.eclipse.jetty.server.Handler;
+import org.eclipse.jetty.server.handler.DefaultHandler;
+import org.eclipse.jetty.server.handler.HandlerCollection;
+import org.eclipse.jetty.server.nio.SelectChannelConnector;
+import org.eclipse.jetty.webapp.WebAppContext;
+
+
+public class OAuthServer extends AbstractBusTestServerBase {
+
+    public static final int PORT = Integer.valueOf(TestUtil.getPortNumber("oauth-test"));
+    private static final String RESOURCE_PATH =
+        "/org/apache/cxf/systest/jaxrs/oauth/server";
+    private org.eclipse.jetty.server.Server server;
+
+    
+    protected void run() {
+
+        server = new org.eclipse.jetty.server.Server();
+
+        SelectChannelConnector connector = new SelectChannelConnector();
+        connector.setPort(PORT);
+        server.setConnectors(new Connector[] {connector});
+
+        WebAppContext webappcontext = new WebAppContext();
+        String contextPath = null;
+        try {
+            contextPath = getClass().getResource(RESOURCE_PATH).toURI().getPath();
+        } catch (URISyntaxException e1) {
+            e1.printStackTrace();
+        }
+        webappcontext.setContextPath("/");
+
+        webappcontext.setWar(contextPath);
+
+        HandlerCollection handlers = new HandlerCollection();
+        handlers.setHandlers(new Handler[] {webappcontext, new DefaultHandler()});
+
+        server.setHandler(handlers);
+        try {
+            server.start();
+                       
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    public void tearDown() throws Exception {
+        super.tearDown();
+        if (server != null) {
+            server.stop();
+            server.destroy();
+            server = null;
+        }
+    }    
+
+}

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/OAuthServer.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/OAuthServer.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java (added)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java Mon Sep 19 13:20:40 2011
@@ -0,0 +1,124 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.oauth;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.ParameterStyle;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.rs.security.oauth.test.OAuthTestUtils;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.eclipse.jetty.http.HttpHeaders;
+
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class TemporaryCredentialServiceTest extends AbstractBusClientServerTestBase {
+
+    public static final String TEMPORARY_CREDENTIALS_URL = "/a/oauth/initiate";
+    public static final String HOST = "http://localhost:";
+
+    private static final Logger LOG = LogUtils.getL7dLogger(TemporaryCredentialServiceTest.class);
+
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue("server did not launch correctly", 
+                   launchServer(OAuthServer.class, true));
+    }
+    
+    @Test
+    public void testGetTemporaryCredentialsURIQuery() throws Exception {
+        Map<String, String> parameters = new HashMap<String, String>();
+        parameters.put(OAuth.OAUTH_CALLBACK, OAuthTestUtils.CALLBACK);
+        
+        //check all parameter transimssions
+        for (ParameterStyle style : ParameterStyle.values()) {
+            //for all signing methods
+            for (String signMethod : OAuthTestUtils.SIGN_METHOD) {
+                LOG.log(Level.INFO, "Preparing request with parameter style: {0} and signature method: {1}",
+                    new String[] {style.toString(), signMethod});
+
+                parameters.put(OAuth.OAUTH_SIGNATURE_METHOD, signMethod);
+                parameters.put(OAuth.OAUTH_NONCE, UUID.randomUUID().toString());
+                parameters.put(OAuth.OAUTH_TIMESTAMP, String.valueOf(System.currentTimeMillis() / 1000));
+                parameters.put(OAuth.OAUTH_CONSUMER_KEY, OAuthTestUtils.CLIENT_ID);
+                OAuthMessage message = invokeRequestToken(parameters, style, OAuthServer.PORT);
+
+                //test response ok
+                boolean isFormEncoded = OAuth.isFormEncoded(message.getBodyType());
+                Assert.assertTrue(isFormEncoded);
+
+                List<OAuth.Parameter> responseParams = OAuthTestUtils.getResponseParams(message);
+
+                String wwwHeader = message.getHeader(HttpHeaders.WWW_AUTHENTICATE);
+                Assert.assertNull(wwwHeader);
+
+                String callbacConf = OAuthTestUtils
+                    .findOAuthParameter(responseParams, OAuth.OAUTH_CALLBACK_CONFIRMED)
+                    .getValue();
+                Assert.assertEquals("true", callbacConf);
+
+                String oauthToken = OAuthTestUtils.findOAuthParameter(responseParams, OAuth.OAUTH_TOKEN)
+                    .getKey();
+                Assert.assertFalse(StringUtils.isEmpty(oauthToken));
+
+                String tokenSecret = OAuthTestUtils
+                    .findOAuthParameter(responseParams, OAuth.OAUTH_TOKEN_SECRET)
+                    .getKey();
+                Assert.assertFalse(StringUtils.isEmpty(tokenSecret));
+
+
+                //test wrong client id
+                parameters.put(OAuth.OAUTH_CONSUMER_KEY, "wrong");
+                message = invokeRequestToken(parameters, style, OAuthServer.PORT);
+
+                wwwHeader = message.getHeader(HttpHeaders.WWW_AUTHENTICATE);
+                List<OAuth.Parameter> list = OAuthMessage.decodeAuthorization(wwwHeader);
+
+                String oauthProblem = OAuthTestUtils.findOAuthParameter(list, "oauth_problem").getValue();
+                Assert.assertEquals(OAuth.Problems.CONSUMER_KEY_UNKNOWN, oauthProblem);
+            }
+        }
+    }
+
+    protected OAuthMessage invokeRequestToken(Map<String, String> parameters, ParameterStyle style,
+                                              int port)
+        throws IOException, URISyntaxException, OAuthException {
+        OAuthMessage message;
+        String uri = HOST + port + TEMPORARY_CREDENTIALS_URL;
+        message = OAuthTestUtils
+            .access(uri, OAuthMessage.POST, parameters, style);
+        return message;
+    }
+
+}

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml (added)
+++ cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml Mon Sep 19 13:20:40 2011
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd">
+
+    <import resource="classpath:META-INF/cxf/cxf-servlet.xml"/>
+    <import resource="classpath:META-INF/cxf/cxf.xml"/>
+
+
+    <jaxrs:server id="oauthServer" address="/oauth/">
+        <jaxrs:serviceBeans>
+            <ref bean="temporaryCredentialService"/>
+        </jaxrs:serviceBeans>
+    </jaxrs:server>
+
+    <bean id="temporaryCredentialService"
+          class="org.apache.cxf.rs.security.oauth.services.RequestTokenService">
+    </bean>
+
+</beans>
\ No newline at end of file

Propchange: cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/web.xml?rev=1172611&view=auto
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/web.xml (added)
+++ cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/web.xml Mon Sep 19 13:20:40 2011
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<!DOCTYPE web-app
+        PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+        "http://java.sun.com/dtd/web-app_2_3.dtd">
+<web-app>
+
+    <context-param>
+        <param-name>oauth.data.provider-class</param-name>
+        <param-value>org.apache.cxf.rs.security.oauth.test.MemoryOAuthDataProvider</param-value>
+    </context-param>
+
+    <context-param>
+        <param-name>contextConfigLocation</param-name>
+        <param-value>WEB-INF/*-beans.xml</param-value>
+    </context-param>
+
+    <listener>
+        <listener-class>
+            org.springframework.web.context.ContextLoaderListener
+        </listener-class>
+    </listener>
+
+    <servlet>
+        <servlet-name>CXFServlet</servlet-name>
+        <servlet-class>
+            org.apache.cxf.transport.servlet.CXFServlet
+        </servlet-class>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>CXFServlet</servlet-name>
+        <url-pattern>/a/*</url-pattern>
+    </servlet-mapping>
+
+</web-app>
+

Propchange: cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/web.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/web.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/web.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml



Mime
View raw message