cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1185295 - in /cxf/trunk: distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/ rt/rs/security/oauth-paren...
Date Mon, 17 Oct 2011 17:22:32 GMT
Author: sergeyb
Date: Mon Oct 17 17:22:31 2011
New Revision: 1185295

URL: http://svn.apache.org/viewvc?rev=1185295&view=rev
Log:
[CXF-2759] Adding initial java docs, plus few minor refactorings

Added:
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java
      - copied, changed from r1184927, cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientSupport.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5SequenceGenerator.java
      - copied, changed from r1184927, cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5TokenGenerator.java
Removed:
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientSupport.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5TokenGenerator.java
Modified:
    cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
    cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
    cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java

Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java Mon Oct 17 17:22:31 2011
@@ -27,7 +27,7 @@ import javax.servlet.http.HttpServletReq
 import org.apache.cxf.common.util.StringUtils;
 
 import org.apache.cxf.rs.security.oauth.data.Client;
-import org.apache.cxf.rs.security.oauth.provider.MD5TokenGenerator;
+import org.apache.cxf.rs.security.oauth.provider.MD5SequenceGenerator;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
 
@@ -63,15 +63,15 @@ public class ApplicationController imple
             return handleInternalRedirect(clientApp);
         }
 
-        MD5TokenGenerator tokenGen = new MD5TokenGenerator();
+        MD5SequenceGenerator tokenGen = new MD5SequenceGenerator();
         Principal principal = SecurityContextHolder.getContext().getAuthentication();
         String consumerKey = clientApp.getConsumerKey();
         if (StringUtils.isEmpty(consumerKey)) {
             consumerKey = tokenGen
-                .generateToken((principal.getName() + clientApp.getClientName()).getBytes("UTF-8"));
+                .generate((principal.getName() + clientApp.getClientName()).getBytes("UTF-8"));
         }
 
-        String secretKey = tokenGen.generateToken(new SecureRandom().generateSeed(20));
+        String secretKey = tokenGen.generate(new SecureRandom().generateSeed(20));
 
         Client clientInfo = 
 new Client(consumerKey, secretKey, clientApp.getClientName(), clientApp.getCallbackURL());

Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java Mon Oct 17 17:22:31 2011
@@ -37,7 +37,7 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
 import org.apache.cxf.rs.security.oauth.data.Token;
 import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
-import org.apache.cxf.rs.security.oauth.provider.MD5TokenGenerator;
+import org.apache.cxf.rs.security.oauth.provider.MD5SequenceGenerator;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
 
@@ -67,7 +67,7 @@ public class MemoryOAuthDataProvider imp
 
     protected ConcurrentHashMap<String, Token> oauthTokens = new ConcurrentHashMap<String, Token>();
 
-    protected MD5TokenGenerator tokenGenerator = new MD5TokenGenerator();
+    protected MD5SequenceGenerator tokenGenerator = new MD5SequenceGenerator();
 
     protected DefaultOAuthValidator validator = new DefaultOAuthValidator();
 
@@ -123,17 +123,17 @@ public class MemoryOAuthDataProvider imp
         return requestToken;
     }
 
-    public String createRequestTokenVerifier(RequestToken requestToken) throws
+    public String setRequestTokenVerifier(RequestToken requestToken) throws
             OAuthServiceException {
-        requestToken.setOauthVerifier(generateToken());
-        return requestToken.getOauthVerifier();
+        requestToken.setVerifier(generateToken());
+        return requestToken.getVerifier();
     }
 
     public AccessToken createAccessToken(RequestToken requestToken) throws
             OAuthServiceException {
 
         Client client = requestToken.getClient();
-        requestToken = getRequestToken(requestToken.getTokenString());
+        requestToken = getRequestToken(requestToken.getTokenKey());
 
         String accessTokenString = generateToken();
         String tokenSecretString = generateToken();
@@ -144,7 +144,7 @@ public class MemoryOAuthDataProvider imp
         accessToken.setUris(requestToken.getUris());
 
         synchronized (oauthTokens) {
-            oauthTokens.remove(requestToken.getTokenString());
+            oauthTokens.remove(requestToken.getTokenKey());
             oauthTokens.put(accessTokenString, accessToken);
             synchronized (userAuthorizedClients) {
                 userAuthorizedClients.add(client.getConsumerKey(), client.getConsumerKey());
@@ -179,7 +179,7 @@ public class MemoryOAuthDataProvider imp
             for (Token token : oauthTokens.values()) {
                 Client authNInfo = token.getClient();
                 if (consumerKey.equals(authNInfo.getConsumerKey())) {
-                    oauthTokens.remove(token.getTokenString());
+                    oauthTokens.remove(token.getTokenKey());
                 }
             }
         }
@@ -188,7 +188,7 @@ public class MemoryOAuthDataProvider imp
     protected String generateToken() throws OAuthServiceException {
         String token;
         try {
-            token = tokenGenerator.generateToken(UUID.randomUUID().toString().getBytes("UTF-8"));
+            token = tokenGenerator.generate(UUID.randomUUID().toString().getBytes("UTF-8"));
         } catch (Exception e) {
             throw new OAuthServiceException("Unable to create token ", e.getCause());
         }

Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java Mon Oct 17 17:22:31 2011
@@ -78,7 +78,7 @@ public class SampleOAuthDataProvider ext
         for (Token token : oauthTokens.values()) {
             Client authNInfo = token.getClient();
             if (consumerKey.equals(authNInfo.getConsumerKey())) {
-                oauthTokens.remove(token.getTokenString());
+                oauthTokens.remove(token.getTokenKey());
             }
         }
     }   

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java Mon Oct 17 17:22:31 2011
@@ -37,7 +37,7 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
 import org.apache.cxf.rs.security.oauth.data.Token;
 import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
-import org.apache.cxf.rs.security.oauth.provider.MD5TokenGenerator;
+import org.apache.cxf.rs.security.oauth.provider.MD5SequenceGenerator;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
 
@@ -62,7 +62,8 @@ public class MemoryOAuthDataProvider imp
 
     protected ConcurrentHashMap<String, Token> oauthTokens = new ConcurrentHashMap<String, Token>();
 
-    protected MD5TokenGenerator tokenGenerator = new MD5TokenGenerator();
+    protected MD5SequenceGenerator tokenGenerator = 
+        new MD5SequenceGenerator();
 
     protected DefaultOAuthValidator validator = new DefaultOAuthValidator();
 
@@ -121,17 +122,17 @@ public class MemoryOAuthDataProvider imp
         return requestToken;
     }
 
-    public String createRequestTokenVerifier(RequestToken requestToken) throws
+    public String setRequestTokenVerifier(RequestToken requestToken) throws
             OAuthServiceException {
-        requestToken.setOauthVerifier(generateToken());
-        return requestToken.getOauthVerifier();
+        requestToken.setVerifier(generateToken());
+        return requestToken.getVerifier();
     }
 
     public AccessToken createAccessToken(RequestToken requestToken) throws
             OAuthServiceException {
 
         Client client = requestToken.getClient();
-        requestToken = getRequestToken(requestToken.getTokenString());
+        requestToken = getRequestToken(requestToken.getTokenKey());
 
         String accessTokenString = generateToken();
         String tokenSecretString = generateToken();
@@ -142,7 +143,7 @@ public class MemoryOAuthDataProvider imp
         accessToken.setUris(requestToken.getUris());
 
         synchronized (oauthTokens) {
-            oauthTokens.remove(requestToken.getTokenString());
+            oauthTokens.remove(requestToken.getTokenKey());
             oauthTokens.put(accessTokenString, accessToken);
             synchronized (userAuthorizedClients) {
                 userAuthorizedClients.add(client.getConsumerKey(), client.getConsumerKey());
@@ -177,7 +178,7 @@ public class MemoryOAuthDataProvider imp
             for (Token token : oauthTokens.values()) {
                 Client authNInfo = token.getClient();
                 if (consumerKey.equals(authNInfo.getConsumerKey())) {
-                    oauthTokens.remove(token.getTokenString());
+                    oauthTokens.remove(token.getTokenKey());
                 }
             }
         }
@@ -186,7 +187,7 @@ public class MemoryOAuthDataProvider imp
     protected String generateToken() throws OAuthServiceException {
         String token;
         try {
-            token = tokenGenerator.generateToken(UUID.randomUUID().toString().getBytes("UTF-8"));
+            token = tokenGenerator.generate(UUID.randomUUID().toString().getBytes("UTF-8"));
         } catch (Exception e) {
             throw new OAuthServiceException("Unable to create token ", e.getCause());
         }

Copied: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java (from r1184927, cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientSupport.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java?p2=cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java&p1=cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientSupport.java&r1=1184927&r2=1185295&rev=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientSupport.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java Mon Oct 17 17:22:31 2011
@@ -34,16 +34,37 @@ import net.oauth.OAuthMessage;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.jaxrs.ext.form.Form;
 
-public final class OAuthClientSupport {
-    private OAuthClientSupport() {
+/**
+ * The utility class for simplifying making OAuth request and access token
+ * requests as well as for creating Authorization OAuth headers
+ */
+public final class OAuthClientUtils {
+    private OAuthClientUtils() {
         
     }
-    public static URI getAuthorizationServiceURI(String authorizationServiceURI, String token) {
+    
+    /**
+     * Returns URI of the authorization service with the query parameter containing 
+     * the request token key 
+     * @param authorizationServiceURI the service URI
+     * @param requestToken the request token key
+     * @return
+     */
+    public static URI getAuthorizationURI(String authorizationServiceURI, String requestToken) {
         return UriBuilder.fromUri(authorizationServiceURI).
-            queryParam("oauth_token", token).build();
+            queryParam("oauth_token", requestToken).build();
                                            
     }
     
+    /**
+     * Returns a simple representation of the Request token
+     * @param requestTokenService initialized RequestToken service client
+     * @param consumer Consumer bean containing the consumer key and secret
+     * @param callback the callback URI where the request token verifier will
+     *        be returned 
+     * @param extraParams additional parameters such as state, scope, etc
+     * @return the token
+     */
     public static Token getRequestToken(WebClient requestTokenService,
                              Consumer consumer,
                              URI callback,
@@ -63,6 +84,14 @@ public final class OAuthClientSupport {
         OAuthAccessor accessor = new OAuthAccessor(oAuthConsumer);
         return getToken(requestTokenService, accessor, parameters);
     }
+    
+    /**
+     * Returns a simple representation of the Access token
+     * @param accessTokenService initialized AccessToken service client
+     * @param consumer Consumer bean containing the consumer key and secret
+     * @param verifier the verifier/authorization key
+     * @return the token
+     */
     public static Token getAccessToken(WebClient accessTokenService,
                                        Consumer consumer,
                                        Token requestToken,
@@ -81,14 +110,22 @@ public final class OAuthClientSupport {
         return getToken(accessTokenService, accessor, parameters);
     }
     
+    /**
+     * Creates OAuth Authorization header
+     * @param consumer Consumer bean containing the consumer key and secret
+     * @param token Access token representation
+     * @param method HTTP method
+     * @param requestURI request URI
+     * @return the header value
+     */
     public static String createAuthorizationHeader(Consumer consumer,
-                                            Token token, 
+                                            Token accessToken, 
                                             String method, 
                                             String requestURI) {
         Map<String, String> parameters = new HashMap<String, String>();
         parameters.put(OAuth.OAUTH_CONSUMER_KEY, consumer.getKey());
-        if (token != null) {
-            parameters.put(OAuth.OAUTH_TOKEN, token.getToken());
+        if (accessToken != null) {
+            parameters.put(OAuth.OAUTH_TOKEN, accessToken.getToken());
         }
         parameters.put(OAuth.OAUTH_SIGNATURE_METHOD, "HMAC-SHA1");
         parameters.put(OAuth.OAUTH_NONCE, UUID.randomUUID().toString());
@@ -97,9 +134,9 @@ public final class OAuthClientSupport {
         OAuthConsumer oAuthConsumer = 
             new OAuthConsumer(null, consumer.getKey(), consumer.getSecret(), null);
         OAuthAccessor accessor = new OAuthAccessor(oAuthConsumer);
-        if (token != null) {
-            accessor.accessToken = token.getToken();
-            accessor.tokenSecret = token.getSecret();
+        if (accessToken != null) {
+            accessor.accessToken = accessToken.getToken();
+            accessor.tokenSecret = accessToken.getSecret();
         }
         return doGetAuthorizationHeader(accessor, method, requestURI, parameters);
     }
@@ -128,6 +165,10 @@ public final class OAuthClientSupport {
             throw new WebApplicationException(500);
         }
     }
+    
+    /**
+     * Simple token representation
+     */
     public static class Token {
         private String token;
         private String secret;
@@ -146,6 +187,9 @@ public final class OAuthClientSupport {
 
 
     }
+    /**
+     * Simple consumer representation
+     */
     public static class Consumer {
         
         private String key;

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java Mon Oct 17 17:22:31 2011
@@ -18,7 +18,9 @@
  */
 package org.apache.cxf.rs.security.oauth.data;
 
-
+/**
+ * Access Token representation
+ */
 public class AccessToken extends Token {
     public AccessToken(Client client, String tokenString,
                        String tokenSecret) {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java Mon Oct 17 17:22:31 2011
@@ -20,7 +20,9 @@ package org.apache.cxf.rs.security.oauth
 
 import java.util.Collections;
 import java.util.List;
-
+/**
+ * Represents a registered third-party consumer
+ */
 public class Client {
     private String consumerKey;
     private String secretKey;
@@ -32,68 +34,120 @@ public class Client {
     private List<String> uris = Collections.emptyList();
     private List<String> scopes = Collections.emptyList();
 
-    public Client(String consumerKey, 
+    public Client(String consumerId, 
                   String secretKey,
                   String applicationName,
                   String applicationURI) {
-        this.consumerKey = consumerKey;
+        this.consumerKey = consumerId;
         this.secretKey = secretKey;
         this.applicationURI = applicationURI;
         this.applicationName = applicationName;
     }
     
-    public Client(String consumerKey, String secretKey) {
-        this(consumerKey, secretKey, null, null);
+    public Client(String consumerId, String secretKey) {
+        this(consumerId, secretKey, null, null);
     }
 
+    /**
+     * Gets the consumer registration id
+     * @return the consumer key
+     */
     public String getConsumerKey() {
         return consumerKey;
     }
 
+    /**
+     * Gets the secret key
+     * @return the secret key
+     */
     public String getSecretKey() {
         return secretKey;
     }
 
+    /**
+     * Gets the name of the third-party application
+     * this client represents
+     * @return the application name
+     */
     public String getApplicationName() {
         return applicationName;
     }
 
+    /**
+     * Sets the name of the third-party application
+     * this client represents
+     * @param applicationName the name
+     */
     public void setApplicationName(String applicationName) {
         this.applicationName = applicationName;
     }
-    
+
+    /**
+     * Gets the public URI of the third-party application.
+     * For example, this property can be used to validate 
+     * request token callbacks
+     * @return the application URI
+     */
     public String getApplicationURI() {
         return applicationURI;
     }
 
+    /**
+     * Sets the public URI of the third-party application.
+     */
     public void setApplicationURI(String applicationURI) {
         this.applicationURI = applicationURI;
     }
 
+    /**
+     * Gets the optional login name; can be used 
+     * for enforcing the RBAC rules 
+     * @return the login name
+     */
     public String getLoginName() {
         return loginName == null ? consumerKey : loginName;
     }
     
+    /**
+     * Sets the optional login name
+     * @param name the login name
+     */
     public void setLoginName(String name) {
         this.loginName = name;
     }
     
-    public List<String> getUris() {
-        return uris;
-    }
-    
-    public void setUris(List<String> uris) {
-        this.uris = uris;
-    }
-    
+    /**
+     * Returns a list of opaque permissions/scopes
+     * @return the scopes
+     */
     public List<String> getScopes() {
         return scopes;
     }
 
+    /**
+     * Sets a list of opaque permissions/scopes
+     * @param scopes the scopes
+     */
     public void setScopes(List<String> scopes) {
         this.scopes = scopes;
     }
     
+    /**
+     * Returns a list of relative URIs the consumer wishes to access
+     * @return the uris
+     */
+    public List<String> getUris() {
+        return uris;
+    }
+
+    /**
+     * Sets a list of relative URIs the consumer wishes to access
+     * @param uris the uris
+     */
+    public void setUris(List<String> uris) {
+        this.uris = uris;
+    }
+    
     @Override
     public boolean equals(Object o) {
         if (this == o) {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java Mon Oct 17 17:22:31 2011
@@ -23,6 +23,11 @@ import java.util.List;
 
 import javax.xml.bind.annotation.XmlRootElement;
 
+/**
+ * This bean represents a resource owner authorization challenge.
+ * Typically, an HTML view will be returned to a resource owner who
+ * will authorize or deny the third-party consumer
+ */
 @XmlRootElement(name = "authorizationData", 
                 namespace = "http://org.apache.cxf.rs.security.oauth")
 public class OAuthAuthorizationData implements Serializable {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java Mon Oct 17 17:22:31 2011
@@ -21,6 +21,9 @@ package org.apache.cxf.rs.security.oauth
 import java.util.Collections;
 import java.util.List;
 
+/**
+ * Provides the complete information about a given opaque permission.
+ */
 public class OAuthPermission extends Permission {
     private List<String> roles = Collections.emptyList();
     private List<String> httpVerbs = Collections.emptyList();
@@ -36,30 +39,59 @@ public class OAuthPermission extends Per
         this.roles = roles;
     }
     
+    /**
+     * Returns an optional list of role names
+     * @return the roles
+     */
     public List<String> getRoles() {
         return roles;
     }
 
+    /**
+     * Sets an optional list of HTTP verbs 
+     * @param httpVerbs the verbs
+     */
     public void setHttpVerbs(List<String> httpVerbs) {
         this.httpVerbs = httpVerbs;
     }
 
+    /**
+     * Returns an optional list of HTTP verbs
+     * @return the list of verbs
+     */
     public List<String> getHttpVerbs() {
         return httpVerbs;
     }
 
+    /**
+     * Sets an optional URI
+     * @param uri the uri
+     */
     public void setUri(String uri) {
         this.uri = uri;
     }
 
+    /**
+     * Returns an optional URI    
+     * @return the uri
+     */
     public String getUri() {
         return uri;
     }
 
+    /**
+     * Can be used to disable the default requirement for all
+     * consumer requests to contain an access token
+     * @param authorizationKeyRequired the boolean value
+     */
     public void setAuthorizationKeyRequired(boolean authorizationKeyRequired) {
         this.authorizationKeyRequired = authorizationKeyRequired;
     }
 
+    /**
+     * Indicates if the access token must be present or not
+     * @return the boolean value
+     */
     public boolean isAuthorizationKeyRequired() {
         return authorizationKeyRequired;
     }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java Mon Oct 17 17:22:31 2011
@@ -18,7 +18,11 @@
  */
 package org.apache.cxf.rs.security.oauth.data;
 
-
+/**
+ * Base permission description which is visible to 
+ * authorization handlers
+ * @see OAuthAuthorizationData
+ */
 public class Permission {
     private String permission;
     private String description;

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java Mon Oct 17 17:22:31 2011
@@ -18,6 +18,9 @@
  */
 package org.apache.cxf.rs.security.oauth.data;
 
+/**
+ * Request Token representation
+ */
 public class RequestToken extends Token {
 
     private String oauthVerifier;
@@ -34,26 +37,51 @@ public class RequestToken extends Token 
         super(client, tokenString, tokenSecret, lifetime);
     }
 
-    public void setOauthVerifier(String oauthVerifier) {
-        this.oauthVerifier = oauthVerifier;
+    /**
+     * Sets the token verifier
+     * @param oauthVerifier
+     */
+    public void setVerifier(String verifier) {
+        this.oauthVerifier = verifier;
     }
 
-    public String getOauthVerifier() {
+    /**
+     * Gets the token verifier
+     * @return the verifier
+     */
+    public String getVerifier() {
         return oauthVerifier;
     }
 
+    /**
+     * Sets the callback URI 
+     * @param callback the callback
+     */
     public void setCallback(String callback) {
         this.callback = callback;
     }
 
+    /**
+     * Gets the callback URI
+     * @return the callback
+     */
     public String getCallback() {
         return callback;
     }
 
+    /**
+     * Sets the state - it will be reported back to the consumer
+     * after the authorization decision on this token has been made. 
+     * @param state
+     */
     public void setState(String state) {
         this.state = state;
     }
 
+    /**
+     * Gets the state
+     * @return the state
+     */
     public String getState() {
         return state;
     }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java Mon Oct 17 17:22:31 2011
@@ -20,6 +20,10 @@ package org.apache.cxf.rs.security.oauth
 
 import java.util.List;
 
+/**
+ * Captures the information associated with the request token registration request.
+ * @see RequestToken  
+ */
 public class RequestTokenRegistration {
     private Client client; 
     private String state;

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java Mon Oct 17 17:22:31 2011
@@ -21,7 +21,9 @@ package org.apache.cxf.rs.security.oauth
 import java.util.Collections;
 import java.util.List;
 
-
+/**
+ * Base Token representation
+ */
 public abstract class Token {
 
     protected String tokenString;
@@ -32,17 +34,17 @@ public abstract class Token {
     protected List<String> scopes = Collections.emptyList();
     protected List<String> uris = Collections.emptyList();
     
-    protected Token(Client client, String tokenString,
+    protected Token(Client client, String tokenKey,
                     String tokenSecret, long lifetime) {
         this.client = client;
-        this.tokenString = tokenString;
+        this.tokenString = tokenKey;
         this.tokenSecret = tokenSecret;
         initTokenLifeTime(lifetime);
     }
 
-    protected Token(Client client, String tokenString,
+    protected Token(Client client, String tokenKey,
                     String tokenSecret) {
-        this(client, tokenString, tokenSecret, -1);
+        this(client, tokenKey, tokenSecret, -1);
     }
 
     private void initTokenLifeTime(Long lifetm) {
@@ -50,39 +52,74 @@ public abstract class Token {
         issuedAt = System.currentTimeMillis() / 1000;
     }
 
+    /**
+     * Returns the Client associated with this token
+     * @return the client
+     */
     public Client getClient() {
         return client;
     }
 
-    public String getTokenString() {
+    /**
+     * Returns the token key
+     * @return the key
+     */
+    public String getTokenKey() {
         return tokenString;
     }
 
+    /**
+     * Returns the token secret
+     * @return the secret
+     */
     public String getTokenSecret() {
         return tokenSecret;
     }
 
+    /**
+     * Returns the time (in seconds) when this token was issued at
+     * @return the seconds
+     */
     public long getIssuedAt() {
         return issuedAt;
     }
 
+    /**
+     * Returns the number of seconds this token can be valid after it was issued
+     * @return the seconds
+     */
     public long getLifetime() {
         return lifetime;
     }
 
+    /**
+     * Returns a list of opaque permissions/scopes
+     * @return the scopes
+     */
     public List<String> getScopes() {
         return scopes;
     }
 
+    /**
+     * Sets a list of opaque permissions/scopes
+     * @param scopes the scopes
+     */
     public void setScopes(List<String> scopes) {
         this.scopes = scopes;
     }
-       
-
+    
+    /**
+     * Returns a list of relative URIs the consumer wishes to access
+     * @return the uris
+     */
     public List<String> getUris() {
         return uris;
     }
 
+    /**
+     * Sets a list of relative URIs the consumer wishes to access
+     * @param uris the uris
+     */
     public void setUris(List<String> uris) {
         this.uris = uris;
     }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java Mon Oct 17 17:22:31 2011
@@ -41,7 +41,9 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
 import org.apache.cxf.security.SecurityContext;
 
-
+/**
+ * Base OAuth filter which can be used to protect end-user endpoints
+ */
 public class AbstractAuthFilter {
 
     private static final Logger LOG = LogUtils.getL7dLogger(AbstractAuthFilter.class);
@@ -61,10 +63,23 @@ public class AbstractAuthFilter {
         
     }
     
+    /**
+     * Sets {@link OAuthDataProvider} provider.
+     * @param provider the provider
+     */
     public void setDataProvider(OAuthDataProvider provider) {
         dataProvider = provider;
     }
     
+    /**
+     * Authenticates the third-party consumer and returns
+     * {@link OAuthInfo} bean capturing the information about the request. 
+     * @param req http request
+     * @return OAuth info
+     * @see OAuthInfo
+     * @throws Exception
+     * @throws OAuthProblemException
+     */
     public OAuthInfo handleOAuthRequest(HttpServletRequest req) throws
         Exception, OAuthProblemException {
         if (LOG.isLoggable(Level.FINE)) {
@@ -82,7 +97,8 @@ public class AbstractAuthFilter {
 
             //check if access token is not null
             if (accessToken == null) {
-                throw new OAuthProblemException();
+                LOG.warning("Access token is unavailable");
+                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
             }
             client = accessToken.getClient(); 
             
@@ -91,28 +107,28 @@ public class AbstractAuthFilter {
             String consumerSecret = oAuthMessage.getParameter("oauth_consumer_secret");
             client = dataProvider.getClient(consumerKey);
             if (client == null || consumerSecret == null || !consumerSecret.equals(client.getSecretKey())) {
-                throw new OAuthProblemException();
+                LOG.warning("Client is invalid");
+                throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
             }
         }
 
         OAuthUtils.validateMessage(oAuthMessage, client, accessToken);
 
         //check valid URI
-        if (!checkRequestURI(req, getAllUris(client, accessToken))) {
-            throw new OAuthProblemException();
-        }
+        checkRequestURI(req, getAllUris(client, accessToken));
         
         List<OAuthPermission> permissions = dataProvider.getPermissionsInfo(
                 getAllScopes(client, accessToken));
         
         for (OAuthPermission perm : permissions) {
-            if (perm.getUri() != null 
-                && !checkRequestURI(req, Collections.singletonList(perm.getUri()))) {
-                throw new OAuthProblemException();
+            if (perm.getUri() != null) {
+                checkRequestURI(req, Collections.singletonList(perm.getUri()));
             }
             if (!perm.getHttpVerbs().isEmpty() 
                 && !perm.getHttpVerbs().contains(req.getMethod())) {
-                throw new OAuthProblemException();
+                String message = "Invalid http verb";
+                LOG.warning(message);
+                throw new OAuthProblemException(message);
             }
             checkNoAccessTokenIsAllowed(client, accessToken, perm);
         }
@@ -146,10 +162,11 @@ public class AbstractAuthFilter {
         return uris;
     }
 
-    protected boolean checkRequestURI(HttpServletRequest request, List<String> uris) {
+    protected void checkRequestURI(HttpServletRequest request, List<String> uris)
+        throws OAuthProblemException {
         
         if (uris.isEmpty()) {
-            return true;
+            return;
         }
         String servletPath = request.getPathInfo();
         boolean foundValidScope = false;
@@ -167,7 +184,11 @@ public class AbstractAuthFilter {
                 }
             }
         }
-        return foundValidScope;
+        if (!foundValidScope) {
+            String message = "Invalid request URI";
+            LOG.warning(message);
+            throw new OAuthProblemException(message);
+        }
     }
     
     protected SecurityContext createSecurityContext(HttpServletRequest request, 

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java Mon Oct 17 17:22:31 2011
@@ -25,6 +25,9 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.data.Client;
 import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
 
+/**
+ * Captures the information about the current request
+ */
 public class OAuthInfo {
     private Client client;
     private AccessToken token;

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java Mon Oct 17 17:22:31 2011
@@ -30,6 +30,9 @@ import org.apache.cxf.jaxrs.model.ClassR
 import org.apache.cxf.message.Message;
 import org.apache.cxf.security.SecurityContext;
 
+/**
+ * JAX-RS OAuth filter which can be used to protect end user endpoints
+ */
 @Provider
 public class OAuthRequestFilter extends AbstractAuthFilter implements RequestHandler {
     @Context

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java Mon Oct 17 17:22:31 2011
@@ -37,7 +37,9 @@ import net.oauth.server.OAuthServlet;
 import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
 import org.apache.cxf.security.SecurityContext;
 
-
+/**
+ * HTTP Servlet filter which can be used to protect end user endpoints
+ */
 public class OAuthServletFilter extends AbstractAuthFilter implements javax.servlet.Filter {
 
     public void init(FilterConfig filterConfig) throws ServletException {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java Mon Oct 17 17:22:31 2011
@@ -30,7 +30,11 @@ import net.oauth.SimpleOAuthValidator;
 
 import org.apache.cxf.rs.security.oauth.data.Token;
 
-
+/**
+ * The utility OAuth validator which is primarily used 
+ * by the runtime to validate that the issued tokens have not expired.
+ * Note that the runtime does validate OAuth signatures separately.
+ */
 public class DefaultOAuthValidator extends SimpleOAuthValidator {
 
     public DefaultOAuthValidator() {

Copied: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5SequenceGenerator.java (from r1184927, cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5TokenGenerator.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5SequenceGenerator.java?p2=cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5SequenceGenerator.java&p1=cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5TokenGenerator.java&r1=1184927&r2=1185295&rev=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5TokenGenerator.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/MD5SequenceGenerator.java Mon Oct 17 17:22:31 2011
@@ -23,9 +23,13 @@ import java.security.NoSuchAlgorithmExce
 
 import net.oauth.OAuthException;
 
-
-public class MD5TokenGenerator {
-    public String generateToken(byte[] input) throws OAuthException {
+/**
+ * The utility MD5 sequence generator which can be used for generating
+ * request or access token keys and secrets as well as request token
+ * verifiers
+ */
+public class MD5SequenceGenerator {
+    public String generate(byte[] input) throws OAuthException {
         if (input == null) {
             throw new OAuthException("You have to pass input to Token Generator");
         }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java Mon Oct 17 17:22:31 2011
@@ -21,29 +21,87 @@ package org.apache.cxf.rs.security.oauth
 
 import java.util.List;
 
-
 import org.apache.cxf.rs.security.oauth.data.AccessToken;
 import org.apache.cxf.rs.security.oauth.data.Client;
 import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
 
-
+/**
+ * OAuth provider responsible for persisting the information about 
+ * OAuth consumers, request and access tokens.
+ */
 public interface OAuthDataProvider {
 
+    /**
+     * Returns the previously registered third-party {@link Client} 
+     * @param clientId the client id
+     * @return Client
+     * @throws OAuthServiceException
+     */
     Client getClient(String clientId) throws OAuthServiceException;
 
+    /**
+     * Creates a temporarily request token which will capture the
+     * information about the {@link Client} attempting to access or
+     * modify the resource owner's resource 
+     * @param reg RequestTokenRegistration
+     * @return new request token
+     * @see RequestTokenRegistration
+     * @throws OAuthServiceException
+     */
     RequestToken createRequestToken(RequestTokenRegistration reg) throws OAuthServiceException;
 
+    /**
+     * Returns the previously registered {@link RequestToken}
+     * @param requestToken the token key
+     * @return RequestToken
+     * @throws OAuthServiceException
+     */
     RequestToken getRequestToken(String requestToken) throws OAuthServiceException;
 
-    String createRequestTokenVerifier(RequestToken requestToken) throws OAuthServiceException;
+    /**
+     * Sets the verifier confirming the resource owner's agreement for
+     * the {@link Client} to perform the action as represented by
+     * the provided {@link RequestToken}. The runtime will report
+     * this verifier to the client who will exchange it for 
+     * a new {@link AccessToken}
+     *    
+     * @param requestToken the request token
+     * @return the generated verifier
+     * @throws OAuthServiceException
+     */
+    String setRequestTokenVerifier(RequestToken requestToken) throws OAuthServiceException;
     
+    /**
+     * Creates a new {@link AccessToken}
+     * @param requestToken the request token approved by the resource owner
+     * @return new AccessToken
+     * @throws OAuthServiceException
+     */
     AccessToken createAccessToken(RequestToken requestToken) throws OAuthServiceException;
 
+    /**
+     * Returns the {@link AccessToken}
+     * @param accessToken the token key 
+     * @return AccessToken
+     * @throws OAuthServiceException
+     */
     AccessToken getAccessToken(String accessToken) throws OAuthServiceException;
 
+    /**
+     * Removes the tokens associated with a given client id
+     * @param clientId the client id
+     * @throws OAuthServiceException
+     */
     void removeTokens(String clientId) throws OAuthServiceException;;
 
+    /**
+     * Returns the list of {@link OAuthPermission} beans describing opaque
+     * permissions (aka scopes) such as "read_data", etc
+     * @param requestPermissions the list of opaque scopes/permissions 
+     * @see OAuthPermission 
+     * @return permissions
+     */
     List<OAuthPermission> getPermissionsInfo(List<String> requestPermissions);
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthServiceException.java Mon Oct 17 17:22:31 2011
@@ -19,6 +19,9 @@
 
 package org.apache.cxf.rs.security.oauth.provider;
 
+/**
+ * Encapsulates OAuth-related problems
+ */
 public class OAuthServiceException extends RuntimeException {
 
     public OAuthServiceException(String message) {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java Mon Oct 17 17:22:31 2011
@@ -26,7 +26,9 @@ import org.apache.cxf.jaxrs.ext.MessageC
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
 
-
+/**
+ * Abstract utility class which OAuth services extend
+ */
 public abstract class AbstractOAuthService {
     private MessageContext mc;
     

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java Mon Oct 17 17:22:31 2011
@@ -63,7 +63,7 @@ public class AccessTokenHandler {
                 throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
             }
             String oauthVerifier = oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER);
-            if (oauthVerifier == null || !oauthVerifier.equals(requestToken.getOauthVerifier())) {
+            if (oauthVerifier == null || !oauthVerifier.equals(requestToken.getVerifier())) {
                 throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
             }
             
@@ -73,7 +73,7 @@ public class AccessTokenHandler {
 
             //create response
             Map<String, Object> responseParams = new HashMap<String, Object>();
-            responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenString());
+            responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenKey());
             responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
 
             String responseString = OAuth.formEncode(responseParams.entrySet());

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java Mon Oct 17 17:22:31 2011
@@ -27,7 +27,9 @@ import javax.ws.rs.core.Response;
 
 
 /**
- * This resource will replace a request token with a new access token
+ * This resource will replace a request token with a new access token which
+ * will complete the OAuth flow. The third-party consumer will use the access
+ * token to access end user resources.
  */
 @Path("/token")
 public class AccessTokenService extends AbstractOAuthService {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java Mon Oct 17 17:22:31 2011
@@ -78,10 +78,10 @@ public class AuthorizationRequestHandler
 
             Map<String, String> queryParams = new HashMap<String, String>();
             if (allow) {
-                String verifier = dataProvider.createRequestTokenVerifier(token);
+                String verifier = dataProvider.setRequestTokenVerifier(token);
                 queryParams.put(OAuth.OAUTH_VERIFIER, verifier);
             }
-            queryParams.put(OAuth.OAUTH_TOKEN, token.getTokenString());
+            queryParams.put(OAuth.OAUTH_TOKEN, token.getTokenKey());
             if (token.getState() != null) {
                 queryParams.put("state", token.getState());
             }
@@ -126,7 +126,7 @@ public class AuthorizationRequestHandler
     protected OAuthAuthorizationData addAdditionalParams(OAuthAuthorizationData secData,
                                                          OAuthDataProvider dataProvider,
                                                          RequestToken token) {
-        secData.setOauthToken(token.getTokenString());
+        secData.setOauthToken(token.getTokenKey());
         secData.setApplicationName(token.getClient().getApplicationName()); 
         secData.setApplicationURI(token.getClient().getApplicationURI());
         

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java Mon Oct 17 17:22:31 2011
@@ -100,7 +100,7 @@ public class RequestTokenHandler {
             }
             //create response
             Map<String, Object> responseParams = new HashMap<String, Object>();
-            responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenString());
+            responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenKey());
             responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
             responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);
 

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java Mon Oct 17 17:22:31 2011
@@ -19,6 +19,9 @@
 
 package org.apache.cxf.rs.security.oauth.utils;
 
+/**
+ * Miscellaneous constants 
+ */
 public final class OAuthConstants {
     
     public static final String OAUTH_DATA_PROVIDER_CLASS = "oauth.data.provider-class";

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1185295&r1=1185294&r2=1185295&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java Mon Oct 17 17:22:31 2011
@@ -48,6 +48,9 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
 
+/**
+ * Various utility methods 
+ */
 public final class OAuthUtils {
 
     private OAuthUtils() {
@@ -60,9 +63,9 @@ public final class OAuthUtils {
         OAuthAccessor accessor = new OAuthAccessor(consumer);
         if (token != null) {
             if (token instanceof RequestToken) {
-                accessor.requestToken = token.getTokenString(); 
+                accessor.requestToken = token.getTokenKey(); 
             } else {
-                accessor.accessToken = token.getTokenString();
+                accessor.accessToken = token.getTokenKey();
             }
             accessor.tokenSecret = token.getTokenSecret();
         }



Mime
View raw message