Return-Path: Delivered-To: apmail-incubator-amber-commits-archive@minotaur.apache.org Received: (qmail 3165 invoked from network); 18 Dec 2010 17:09:06 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 18 Dec 2010 17:09:06 -0000 Received: (qmail 11116 invoked by uid 500); 18 Dec 2010 17:09:06 -0000 Delivered-To: apmail-incubator-amber-commits-archive@incubator.apache.org Received: (qmail 11095 invoked by uid 500); 18 Dec 2010 17:09:06 -0000 Mailing-List: contact amber-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: amber-dev@incubator.apache.org Delivered-To: mailing list amber-commits@incubator.apache.org Received: (qmail 11087 invoked by uid 99); 18 Dec 2010 17:09:06 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Dec 2010 17:09:06 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Dec 2010 17:09:05 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 28EFB23888E8; Sat, 18 Dec 2010 17:08:45 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: svn commit: r1050675 - in /incubator/amber/trunk/oauth-2.0/oauth2-rs-filter: ./ src/ src/main/ src/main/java/ src/main/java/org/ src/main/java/org/apache/ src/main/java/org/apache/amber/ src/main/java/org/apache/amber/oauth2/ src/main/java/org/apache/a... Date: Sat, 18 Dec 2010 17:08:45 -0000 To: amber-commits@incubator.apache.org From: tommaso@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20101218170845.28EFB23888E8@eris.apache.org> Author: tommaso Date: Sat Dec 18 17:08:44 2010 New Revision: 1050675 URL: http://svn.apache.org/viewvc?rev=1050675&view=rev Log: [AMBER-12] - import of Leelo OAuth 2.0 implementation - rs-filter module Added: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/ (with props) incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/pom.xml (with props) incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthClient.java (with props) incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthDecision.java (with props) incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthFilter.java (with props) incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthRSProvider.java (with props) incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthUtils.java (with props) Propchange: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/ ------------------------------------------------------------------------------ --- svn:ignore (added) +++ svn:ignore Sat Dec 18 17:08:44 2010 @@ -0,0 +1 @@ +target Added: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/pom.xml URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/pom.xml?rev=1050675&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/pom.xml (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/pom.xml Sat Dec 18 17:08:44 2010 @@ -0,0 +1,55 @@ + + + + + 4.0.0 + + amber-oauth2-parent + org.apache.amber + 0.2-SNAPSHOT + + oauth2-rs-filter + 0.2-SNAPSHOT + Apache Amber: OAuth 2.0 Implementation - Resource Server Filter + + + oauth2-rs-filter + + + + + oauth2-resourceserver + org.apache.amber + ${project.version} + + + + org.apache.amber + oauth2-common + ${project.version} + + + + Propchange: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/pom.xml ------------------------------------------------------------------------------ svn:eol-style = native Added: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthClient.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthClient.java?rev=1050675&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthClient.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthClient.java Sat Dec 18 17:08:44 2010 @@ -0,0 +1,32 @@ +/** + * Copyright 2010 Newcastle University + * + * http://research.ncl.ac.uk/smart/ + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.amber.oauth2.rsfilter; + +/** + * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) + * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) + * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) + */ +public interface OAuthClient { + + String getClientId(); +} Propchange: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthClient.java ------------------------------------------------------------------------------ svn:eol-style = native Added: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthDecision.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthDecision.java?rev=1050675&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthDecision.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthDecision.java Sat Dec 18 17:08:44 2010 @@ -0,0 +1,39 @@ +/** + * Copyright 2010 Newcastle University + * + * http://research.ncl.ac.uk/smart/ + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.amber.oauth2.rsfilter; + +import java.security.Principal; + +/** + * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) + * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) + * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) + */ +public interface OAuthDecision { + + boolean isAuthorized(); + + Principal getPrincipal(); + + OAuthClient getOAuthClient(); + +} Propchange: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthDecision.java ------------------------------------------------------------------------------ svn:eol-style = native Added: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthFilter.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthFilter.java?rev=1050675&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthFilter.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthFilter.java Sat Dec 18 17:08:44 2010 @@ -0,0 +1,180 @@ +/** + * Copyright 2010 Newcastle University + * + * http://research.ncl.ac.uk/smart/ + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.amber.oauth2.rsfilter; + +import java.io.IOException; +import java.security.Principal; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; +import javax.servlet.http.HttpServletResponse; + +import org.apache.amber.oauth2.common.OAuth; +import org.apache.amber.oauth2.common.error.OAuthError; +import org.apache.amber.oauth2.common.exception.OAuthProblemException; +import org.apache.amber.oauth2.common.exception.OAuthSystemException; +import org.apache.amber.oauth2.common.message.types.ParameterStyle; +import org.apache.amber.oauth2.rs.request.OAuthAccessResourceRequest; +import org.apache.amber.oauth2.rs.response.OAuthRSResponse; +import org.apache.amber.oauth2.common.message.OAuthResponse; + +/** + * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) + * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) + * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) + */ +public class OAuthFilter implements Filter { + + public static final String OAUTH_RS_PROVIDER_CLASS = "oauth.rs.provider-class"; + + public static final String RS_REALM = "oauth.rs.realm"; + public static final String RS_REALM_DEFAULT = "OAuth Protected Service"; + + public static final String RS_TOKENS = "oauth.rs.tokens"; + public static final ParameterStyle RS_TOKENS_DEFAULT = ParameterStyle.HEADER; + + private static final String TOKEN_DELIMITER = ","; + + private String realm; + + private OAuthRSProvider provider; + + private ParameterStyle[] parameterStyles; + + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + + provider = OAuthUtils + .initiateServletContext(filterConfig.getServletContext(), OAUTH_RS_PROVIDER_CLASS, + OAuthRSProvider.class); + realm = filterConfig.getServletContext().getInitParameter(RS_REALM); + if (OAuthUtils.isEmpty(realm)) { + realm = RS_REALM_DEFAULT; + } + + String parameterStylesString = filterConfig.getServletContext().getInitParameter(RS_TOKENS); + if (OAuthUtils.isEmpty(parameterStylesString)) { + parameterStyles = new ParameterStyle[] {RS_TOKENS_DEFAULT}; + } else { + String[] parameters = parameterStylesString.split(TOKEN_DELIMITER); + if (parameters != null && parameters.length > 0) { + for (int i = 0; i < parameters.length; i++) { + parameterStyles = new ParameterStyle[parameters.length]; + ParameterStyle tempParameterStyle = ParameterStyle.valueOf(parameters[i]); + if (tempParameterStyle != null) { + parameterStyles[i] = tempParameterStyle; + } else { + throw new ServletException("Incorrect ParameterStyle: " + parameters[i]); + } + } + } + } + + } + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + throws IOException, ServletException { + HttpServletRequest req = (HttpServletRequest)request; + HttpServletResponse res = (HttpServletResponse)response; + + try { + + // Make an OAuth Request out of this servlet request + OAuthAccessResourceRequest oauthRequest = new OAuthAccessResourceRequest(req, + parameterStyles); + + // Get the access token + String accessToken = oauthRequest.getAccessToken(); + + final OAuthDecision decision = provider.validateRequest(realm, accessToken, req); + + request = new HttpServletRequestWrapper((HttpServletRequest)request) { + @Override + public Principal getUserPrincipal() { + return decision.getPrincipal(); + } + + }; + + request.setAttribute(OAuth.OAUTH_CLIENT_ID, decision.getOAuthClient().getClientId()); + + chain.doFilter(request, response); + return; + + } catch (OAuthSystemException e1) { + throw new ServletException(e1); + } catch (OAuthProblemException e) { + respondWithError(res, e); + return; + } + + } + + + @Override + public void destroy() { + + } + + private void respondWithError(HttpServletResponse resp, OAuthProblemException error) + throws IOException, ServletException { + + OAuthResponse oauthResponse = null; + + try { + if (OAuthUtils.isEmpty(error.getError())) { + oauthResponse = OAuthRSResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED) + .setRealm(realm) + .buildHeaderMessage(); + + } else { + + int responseCode = 401; + if (error.getError().equals(OAuthError.CodeResponse.INVALID_REQUEST)) { + responseCode = 400; + } else if (error.getError().equals(OAuthError.ResourceResponse.INSUFFICIENT_SCOPE)) { + responseCode = 403; + } + + oauthResponse = OAuthRSResponse + .errorResponse(responseCode) + .setRealm(realm) + .setError(error.getError()) + .setErrorDescription(error.getDescription()) + .setErrorUri(error.getUri()) + .buildHeaderMessage(); + } + resp.addHeader(OAuth.HeaderType.WWW_AUTHENTICATE, + oauthResponse.getHeader(OAuth.HeaderType.WWW_AUTHENTICATE)); + resp.sendError(oauthResponse.getResponseStatus()); + } catch (OAuthSystemException e) { + throw new ServletException(e); + } + } +} Propchange: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthFilter.java ------------------------------------------------------------------------------ svn:eol-style = native Added: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthRSProvider.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthRSProvider.java?rev=1050675&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthRSProvider.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthRSProvider.java Sat Dec 18 17:08:44 2010 @@ -0,0 +1,39 @@ +/** + * Copyright 2010 Newcastle University + * + * http://research.ncl.ac.uk/smart/ + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.amber.oauth2.rsfilter; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.amber.oauth2.common.exception.OAuthProblemException; + + +/** + * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) + * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) + * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) + */ +public interface OAuthRSProvider { + + OAuthDecision validateRequest(String rsId, String token, HttpServletRequest req) throws + OAuthProblemException; + +} \ No newline at end of file Propchange: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthRSProvider.java ------------------------------------------------------------------------------ svn:eol-style = native Added: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthUtils.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthUtils.java?rev=1050675&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthUtils.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthUtils.java Sat Dec 18 17:08:44 2010 @@ -0,0 +1,83 @@ +/** + * Copyright 2010 Newcastle University + * + * http://research.ncl.ac.uk/smart/ + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.amber.oauth2.rsfilter; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; + +/** + * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) + * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) + * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) + */ +public class OAuthUtils { + + public static T initiateServletContext(ServletContext context, String key, Class expectedClass) + throws ServletException { + + T provider = (T)context.getAttribute(key); + + if (provider != null) { + return provider; + } + + provider = (T)loadObject(context, key, expectedClass); + + // set the provider and validator + context.setAttribute(key, provider); + + return provider; + } + + public static Object loadObject(ServletContext context, String classParamName, Class expectedClass) + throws ServletException { + + Object ob = null; + + String providerClassName = context.getInitParameter(classParamName); + if (isEmpty(providerClassName)) { + throw new ServletException(classParamName + " context param required"); + } + try { + Class clazz = Class.forName(providerClassName); + if (!expectedClass.isAssignableFrom(clazz)) { + throw new ServletException(classParamName + " class: " + providerClassName + + " must be an instance of: " + expectedClass.getName()); + } + ob = createObjectFromClassName(clazz); + } catch (ClassNotFoundException e) { + throw new ServletException(classParamName + " class " + providerClassName + " not found"); + } catch (Exception e) { + throw new ServletException("Cannot instantiate: " + providerClassName); + } + return ob; + } + + public static Object createObjectFromClassName(Class clazz) + throws IllegalAccessException, InstantiationException { + return clazz.newInstance(); + } + + public static boolean isEmpty(String value) { + return value == null || "".equals(value); + } +} Propchange: incubator/amber/trunk/oauth-2.0/oauth2-rs-filter/src/main/java/org/apache/amber/oauth2/rsfilter/OAuthUtils.java ------------------------------------------------------------------------------ svn:eol-style = native