cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1176317 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth: filters/ provider/ services/ utils/
Date Tue, 27 Sep 2011 10:42:53 GMT
Author: sergeyb
Date: Tue Sep 27 10:42:52 2011
New Revision: 1176317

URL: http://svn.apache.org/viewvc?rev=1176317&view=rev
Log:
[CXF-2759] Minor refactorings

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1176317&r1=1176316&r2=1176317&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
Tue Sep 27 10:42:52 2011
@@ -26,8 +26,6 @@ import java.util.logging.Logger;
 import javax.servlet.http.HttpServletRequest;
 
 import net.oauth.OAuth;
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
 import net.oauth.server.OAuthServlet;
@@ -36,17 +34,24 @@ import org.apache.cxf.common.logging.Log
 import org.apache.cxf.common.security.SimplePrincipal;
 import org.apache.cxf.rs.security.oauth.data.AccessToken;
 import org.apache.cxf.rs.security.oauth.data.Client;
-import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
 import org.apache.cxf.security.SecurityContext;
 
 
 public class AbstractAuthFilter {
 
-    public static final String OAUTH_AUTHORITIES = "oauth_authorities";
-
     private static final Logger LOG = LogUtils.getL7dLogger(AbstractAuthFilter.class);
-
+    private static final String[] REQUIRED_PARAMETERS = 
+        new String[] {
+            OAuth.OAUTH_CONSUMER_KEY,
+            OAuth.OAUTH_TOKEN,
+            OAuth.OAUTH_SIGNATURE_METHOD,
+            OAuth.OAUTH_SIGNATURE,
+            OAuth.OAUTH_TIMESTAMP,
+            OAuth.OAUTH_NONCE
+        };
+    
     private OAuthDataProvider dataProvider;
 
     protected AbstractAuthFilter() {
@@ -68,12 +73,7 @@ public class AbstractAuthFilter {
         
         OAuthMessage oAuthMessage = OAuthServlet.getMessage(req, req.getRequestURL().toString());
         if (oAuthMessage.getParameter(OAuth.OAUTH_TOKEN) != null) {
-            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
-                OAuth.OAUTH_TOKEN,
-                OAuth.OAUTH_SIGNATURE_METHOD,
-                OAuth.OAUTH_SIGNATURE,
-                OAuth.OAUTH_TIMESTAMP,
-                OAuth.OAUTH_NONCE);
+            oAuthMessage.requireParameters(REQUIRED_PARAMETERS);
 
             accessToken = dataProvider.getAccessToken(oAuthMessage.getToken());
 
@@ -98,16 +98,8 @@ public class AbstractAuthFilter {
                 throw new OAuthProblemException();
             }
         }
-        
 
-        OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(),
-            authInfo.getConsumerKey(),
-            authInfo.getSecretKey(), null);
-
-        OAuthAccessor accessor = new OAuthAccessor(consumer);
-        accessor.accessToken = accessToken.getTokenString();
-        accessor.tokenSecret = accessToken.getTokenSecret();
-        new DefaultOAuthValidator().validateMessage(oAuthMessage, accessor);
+        OAuthUtils.validateMessage(oAuthMessage, authInfo, accessToken);
 
         return new OAuthInfo(authInfo, accessToken, dataProvider);
         

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java?rev=1176317&r1=1176316&r2=1176317&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
Tue Sep 27 10:42:52 2011
@@ -36,7 +36,8 @@ public class DefaultOAuthValidator exten
     public DefaultOAuthValidator() {
     }
 
-    public void checkParameters(OAuthMessage message) throws OAuthException, IOException,
URISyntaxException {
+    public void checkSingleParameter(OAuthMessage message) throws OAuthException, IOException,

+        URISyntaxException {
         super.checkSingleParameters(message);
     }
 

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java?rev=1176317&r1=1176316&r2=1176317&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
Tue Sep 27 10:42:52 2011
@@ -18,7 +18,6 @@
  */
 package org.apache.cxf.rs.security.oauth.services;
 
-import java.net.URISyntaxException;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.logging.Level;
@@ -29,18 +28,12 @@ import javax.servlet.http.HttpServletRes
 import javax.ws.rs.core.Response;
 
 import net.oauth.OAuth;
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
-import net.oauth.OAuthException;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
-import net.oauth.server.OAuthServlet;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.rs.security.oauth.data.AccessToken;
-import org.apache.cxf.rs.security.oauth.data.Client;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
-import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
@@ -49,19 +42,21 @@ import org.apache.cxf.rs.security.oauth.
 public class AccessTokenHandler {
 
     private static final Logger LOG = LogUtils.getL7dLogger(AccessTokenHandler.class);
-
+    private static final String[] REQUIRED_PARAMETERS = 
+        new String[] {
+            OAuth.OAUTH_CONSUMER_KEY,
+            OAuth.OAUTH_TOKEN,
+            OAuth.OAUTH_SIGNATURE_METHOD,
+            OAuth.OAUTH_SIGNATURE,
+            OAuth.OAUTH_TIMESTAMP,
+            OAuth.OAUTH_NONCE,
+            OAuth.OAUTH_VERIFIER
+        };
+    
     public Response handle(HttpServletRequest request, OAuthDataProvider dataProvider) {
-        OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
-
         try {
-            OAuthUtils.addParametersIfNeeded(request, oAuthMessage);
-            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
-                OAuth.OAUTH_TOKEN,
-                OAuth.OAUTH_SIGNATURE_METHOD,
-                OAuth.OAUTH_SIGNATURE,
-                OAuth.OAUTH_TIMESTAMP,
-                OAuth.OAUTH_NONCE,
-                OAuth.OAUTH_VERIFIER);
+            OAuthMessage oAuthMessage = 
+                OAuthUtils.getOAuthMessage(request, REQUIRED_PARAMETERS);
 
             RequestToken requestToken = dataProvider.getRequestToken(oAuthMessage.getToken());
             if (requestToken == null) {
@@ -72,17 +67,7 @@ public class AccessTokenHandler {
                 throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
             }
             
-            Client authInfo = requestToken.getClient();
-            OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
-                authInfo.getSecretKey(), null);
-            OAuthAccessor accessor = new OAuthAccessor(consumer);
-            accessor.requestToken = requestToken.getTokenString();
-            accessor.tokenSecret = requestToken.getTokenSecret();
-            try {
-                new DefaultOAuthValidator().validateMessage(oAuthMessage, accessor);
-            } catch (URISyntaxException e) {
-                throw new OAuthException(e);
-            }
+            OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken);
 
             AccessToken accessToken = dataProvider.createAccessToken(requestToken);
 

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1176317&r1=1176316&r2=1176317&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Tue Sep 27 10:42:52 2011
@@ -33,7 +33,6 @@ import javax.ws.rs.core.Response;
 import net.oauth.OAuth;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
-import net.oauth.server.OAuthServlet;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
@@ -49,27 +48,24 @@ import org.apache.cxf.rs.security.oauth.
 public class AuthorizationRequestHandler {
 
     private static final Logger LOG = LogUtils.getL7dLogger(AuthorizationRequestHandler.class);
-
+    private static final String[] REQUIRED_PARAMETERS = 
+        new String[] {
+            OAuth.OAUTH_TOKEN
+        };
+    
     public Response handle(HttpServletRequest request, OAuthDataProvider dataProvider) {
 
         try {
-            LOG.log(Level.INFO, "Resource Owner Authorization Endpoint invoked");
-
-            //create security token that is passed to sign in page and validate it in confirmation
service
-            OAuthAuthorizationData secData = new OAuthAuthorizationData();
-
-            OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString()
-            );
-            OAuthUtils.addParametersIfNeeded(request, oAuthMessage);
-            oAuthMessage.requireParameters(OAuth.OAUTH_TOKEN);
-            new DefaultOAuthValidator().checkParameters(oAuthMessage);
-
+            OAuthMessage oAuthMessage = 
+                OAuthUtils.getOAuthMessage(request, REQUIRED_PARAMETERS);
+            new DefaultOAuthValidator().checkSingleParameter(oAuthMessage);
 
             RequestToken token = dataProvider.getRequestToken(oAuthMessage.getToken());
             if (token == null) {
                 throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
             }
             
+            OAuthAuthorizationData secData = new OAuthAuthorizationData();
             if (!compareRequestSessionTokens(request)) {
                 secData.setPermissions(
                         dataProvider.getPermissionsInfo(token.getPermissions()));

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1176317&r1=1176316&r2=1176317&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
Tue Sep 27 10:42:52 2011
@@ -18,7 +18,6 @@
  */
 package org.apache.cxf.rs.security.oauth.services;
 
-import java.net.URISyntaxException;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -31,25 +30,29 @@ import javax.servlet.http.HttpServletRes
 import javax.ws.rs.core.Response;
 
 import net.oauth.OAuth;
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
-import net.oauth.OAuthException;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
-import net.oauth.server.OAuthServlet;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.rs.security.oauth.data.Client;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
-import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
 
 public class RequestTokenHandler {
 
     private static final Logger LOG = LogUtils.getL7dLogger(RequestTokenHandler.class);
+    private static final String[] REQUIRED_PARAMETERS = 
+        new String[] {
+            OAuth.OAUTH_CONSUMER_KEY,
+            OAuth.OAUTH_SIGNATURE_METHOD,
+            OAuth.OAUTH_SIGNATURE,
+            OAuth.OAUTH_TIMESTAMP,
+            OAuth.OAUTH_NONCE,
+            OAuth.OAUTH_CALLBACK
+        };
     
     private long tokenLifetime = 3600L;
     private String defaultPermission;
@@ -57,22 +60,8 @@ public class RequestTokenHandler {
     
     public Response handle(HttpServletRequest request, OAuthDataProvider dataProvider) {
         try {
-            if (LOG.isLoggable(Level.FINE)) {
-                LOG.log(Level.FINE, "Temporary Service Credentials service invoked by host:
{0}",
-                    new Object[] {request.getRemoteHost()});
-            }
-            OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
-            OAuthUtils.addParametersIfNeeded(request, oAuthMessage);
-            oAuthMessage.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
-                OAuth.OAUTH_SIGNATURE_METHOD,
-                OAuth.OAUTH_SIGNATURE,
-                OAuth.OAUTH_TIMESTAMP,
-                OAuth.OAUTH_NONCE,
-                OAuth.OAUTH_CALLBACK);
-
-            if (LOG.isLoggable(Level.FINE)) {
-                LOG.log(Level.FINE, "All required OAuth parameters are present");
-            }
+            OAuthMessage oAuthMessage = 
+                OAuthUtils.getOAuthMessage(request, REQUIRED_PARAMETERS);
 
             Client client = dataProvider
                 .getClient(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));
@@ -86,17 +75,7 @@ public class RequestTokenHandler {
                 throw problemEx;
             }
 
-            OAuthConsumer consumer = new OAuthConsumer(oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK),
-                client.getConsumerKey(), client.getSecretKey(), null);
-
-            OAuthAccessor accessor = new OAuthAccessor(consumer);
-
-            //validate message
-            try {
-                new DefaultOAuthValidator().validateMessage(oAuthMessage, accessor);
-            } catch (URISyntaxException e) {
-                throw new OAuthException(e);
-            }
+            OAuthUtils.validateMessage(oAuthMessage, client, null);
 
             String callback = oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK);
             validateCallbackURL(client, callback);

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1176317&r1=1176316&r2=1176317&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Tue Sep 27 10:42:52 2011
@@ -36,14 +36,19 @@ import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 
 import net.oauth.OAuth;
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
+import net.oauth.server.OAuthServlet;
 
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.utils.FormUtils;
+import org.apache.cxf.rs.security.oauth.data.Client;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
+import org.apache.cxf.rs.security.oauth.data.Token;
 import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
 
@@ -55,6 +60,35 @@ public final class OAuthUtils {
     private OAuthUtils() {
     }
 
+    public static void validateMessage(OAuthMessage oAuthMessage, Client client, Token token)

+        throws Exception {
+        OAuthConsumer consumer = new OAuthConsumer(client.getCallbackURL(), client.getConsumerKey(),
+            client.getSecretKey(), null);
+        OAuthAccessor accessor = new OAuthAccessor(consumer);
+        if (token != null) {
+            if (token instanceof RequestToken) {
+                accessor.requestToken = token.getTokenString(); 
+            } else {
+                accessor.accessToken = token.getTokenString();
+            }
+            accessor.tokenSecret = token.getTokenSecret();
+        }
+        
+        DefaultOAuthValidator validator = new DefaultOAuthValidator(); 
+        validator.validateMessage(oAuthMessage, accessor);
+        if (token != null) {
+            validator.validateToken(token);
+        }
+    }
+    
+    public static OAuthMessage getOAuthMessage(HttpServletRequest request,
+                                               String[] requiredParams) throws Exception
{
+        OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
+        OAuthUtils.addParametersIfNeeded(request, oAuthMessage);
+        oAuthMessage.requireParameters(requiredParams);
+        return oAuthMessage;
+    }
+    
     public static void addParametersIfNeeded(HttpServletRequest request,
             OAuthMessage oAuthMessage) throws IOException {
         if (oAuthMessage.getParameters().isEmpty() 



Mime
View raw message