oltu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From asa...@apache.org
Subject svn commit: r1235697 - in /incubator/amber/trunk/oauth-2.0: oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/ oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/ oauth2-authzserver/src/test/java/org/apache/amber/oa...
Date Wed, 25 Jan 2012 09:01:51 GMT
Author: asanso
Date: Wed Jan 25 09:01:50 2012
New Revision: 1235697

URL: http://svn.apache.org/viewvc?rev=1235697&view=rev
Log:
AMBER-42 : Update amber based on the latest oauth 2.0 draft v22 . Apply patch from Raymond Feng. Thanks!

Added:
    incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/ClientCredentialValidator.java
Removed:
    incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/AccessTokenAssertion.java
Modified:
    incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthAuthzRequest.java
    incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthRequest.java
    incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthTokenRequest.java
    incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/AuthorizationCodeValidator.java
    incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeTokenValidator.java
    incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeValidator.java
    incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/PasswordValidator.java
    incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/RefreshTokenValidator.java
    incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/TokenValidator.java
    incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/test/java/org/apache/amber/oauth2/as/OAuthRequestTest.java
    incubator/amber/trunk/oauth-2.0/oauth2-client/src/main/java/org/apache/amber/oauth2/client/request/OAuthClientRequest.java
    incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java
    incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/error/OAuthError.java
    incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/GrantType.java
    incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/ResponseType.java
    incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/utils/OAuthUtils.java
    incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/AccessTokenTestAuthCodeTest.java
    incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/AuthzEndpoint.java
    incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/TokenEndpoint.java
    incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java
    incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java

Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthAuthzRequest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthAuthzRequest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthAuthzRequest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthAuthzRequest.java Wed Jan 25 09:01:50 2012
@@ -44,19 +44,20 @@ public class OAuthAuthzRequest extends O
     }
 
     @Override
-    protected OAuthValidator initValidator() throws OAuthProblemException, OAuthSystemException {
+    protected OAuthValidator<HttpServletRequest> initValidator() throws OAuthProblemException, OAuthSystemException {
         //end user authorization validators
         validators.put(ResponseType.CODE.toString(), CodeValidator.class);
         validators.put(ResponseType.TOKEN.toString(), TokenValidator.class);
+        
         String requestTypeValue = getParam(OAuth.OAUTH_RESPONSE_TYPE);
         if (OAuthUtils.isEmpty(requestTypeValue)) {
             throw OAuthUtils.handleOAuthProblemException("Missing response_type parameter value");
         }
-        Class clazz = validators.get(requestTypeValue);
+        Class<? extends OAuthValidator<HttpServletRequest>> clazz = validators.get(requestTypeValue);
         if (clazz == null) {
             throw OAuthUtils.handleOAuthProblemException("Invalid response_type parameter value");
         }
-        return (OAuthValidator)OAuthUtils.instantiateClass(clazz);
+        return OAuthUtils.instantiateClass(clazz);
 
     }
 
@@ -64,4 +65,8 @@ public class OAuthAuthzRequest extends O
         return getParam(OAuth.OAUTH_STATE);
     }
 
+    public String getResponseType() {
+        return getParam(OAuth.OAUTH_RESPONSE_TYPE);
+    }
+
 }

Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthRequest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthRequest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthRequest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthRequest.java Wed Jan 25 09:01:50 2012
@@ -24,6 +24,7 @@ package org.apache.amber.oauth2.as.reque
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.amber.oauth2.common.OAuth;
@@ -44,8 +45,9 @@ public abstract class OAuthRequest {
     private Logger log = LoggerFactory.getLogger(OAuthRequest.class);
 
     protected HttpServletRequest request;
-    protected OAuthValidator validator;
-    protected Map<String, Class> validators = new HashMap<String, Class>();
+    protected OAuthValidator<HttpServletRequest> validator;
+    protected Map<String, Class<? extends OAuthValidator<HttpServletRequest>>> validators =
+        new HashMap<String, Class<? extends OAuthValidator<HttpServletRequest>>>();
 
     public OAuthRequest(HttpServletRequest request) throws OAuthSystemException, OAuthProblemException {
         this.request = request;
@@ -69,8 +71,7 @@ public abstract class OAuthRequest {
                 }
             } catch (Exception ex) {
                 if (log.isDebugEnabled()) {
-                    log.debug("Cannot read redirect_url from the request: {}",
-                        new String[] {ex.getMessage()});
+                    log.debug("Cannot read redirect_url from the request: {}", new String[] {ex.getMessage()});
                 }
             }
 
@@ -79,16 +80,13 @@ public abstract class OAuthRequest {
 
     }
 
-    protected abstract OAuthValidator initValidator() throws OAuthProblemException, OAuthSystemException;
+    protected abstract OAuthValidator<HttpServletRequest> initValidator() throws OAuthProblemException,
+        OAuthSystemException;
 
     public String getParam(String name) {
         return request.getParameter(name);
     }
 
-    public String getRefreshToken() {
-        return getParam(OAuth.OAUTH_REFRESH_TOKEN);
-    }
-
     public String getClientId() {
         return getParam(OAuth.OAUTH_CLIENT_ID);
     }

Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthTokenRequest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthTokenRequest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthTokenRequest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/request/OAuthTokenRequest.java Wed Jan 25 09:01:50 2012
@@ -24,7 +24,7 @@ package org.apache.amber.oauth2.as.reque
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.amber.oauth2.as.validator.AuthorizationCodeValidator;
-import org.apache.amber.oauth2.as.validator.AssertionValidator;
+import org.apache.amber.oauth2.as.validator.ClientCredentialValidator;
 import org.apache.amber.oauth2.as.validator.PasswordValidator;
 import org.apache.amber.oauth2.as.validator.RefreshTokenValidator;
 import org.apache.amber.oauth2.common.OAuth;
@@ -48,20 +48,20 @@ public class OAuthTokenRequest extends O
     }
 
     @Override
-    protected OAuthValidator initValidator() throws OAuthProblemException, OAuthSystemException {
+    protected OAuthValidator<HttpServletRequest> initValidator() throws OAuthProblemException, OAuthSystemException {
         validators.put(GrantType.PASSWORD.toString(), PasswordValidator.class);
-        validators.put(GrantType.ASSERTION.toString(), AssertionValidator.class);
+        validators.put(GrantType.CLIENT_CREDENTIALS.toString(), ClientCredentialValidator.class);
         validators.put(GrantType.AUTHORIZATION_CODE.toString(), AuthorizationCodeValidator.class);
         validators.put(GrantType.REFRESH_TOKEN.toString(), RefreshTokenValidator.class);
         String requestTypeValue = getParam(OAuth.OAUTH_GRANT_TYPE);
         if (OAuthUtils.isEmpty(requestTypeValue)) {
             throw OAuthUtils.handleOAuthProblemException("Missing grant_type parameter value");
         }
-        Class clazz = validators.get(requestTypeValue);
+        Class<? extends OAuthValidator<HttpServletRequest>> clazz = validators.get(requestTypeValue);
         if (clazz == null) {
             throw OAuthUtils.handleOAuthProblemException("Invalid grant_type parameter value");
         }
-        return (OAuthValidator)OAuthUtils.instantiateClass(clazz);
+        return OAuthUtils.instantiateClass(clazz);
     }
 
     public String getPassword() {
@@ -72,14 +72,10 @@ public class OAuthTokenRequest extends O
         return getParam(OAuth.OAUTH_USERNAME);
     }
 
-    public String getAssertion() {
-        return getParam(OAuth.OAUTH_ASSERTION);
+    public String getRefreshToken() {
+        return getParam(OAuth.OAUTH_REFRESH_TOKEN);
     }
-
-    public String getAssertionType() {
-        return getParam(OAuth.OAUTH_ASSERTION_TYPE);
-    }
-
+    
     public String getCode() {
         return getParam(OAuth.OAUTH_CODE);
     }

Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/AuthorizationCodeValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/AuthorizationCodeValidator.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/AuthorizationCodeValidator.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/AuthorizationCodeValidator.java Wed Jan 25 09:01:50 2012
@@ -21,6 +21,8 @@
 
 package org.apache.amber.oauth2.as.validator;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.apache.amber.oauth2.common.OAuth;
 import org.apache.amber.oauth2.common.validators.AbstractValidator;
 
@@ -29,7 +31,7 @@ import org.apache.amber.oauth2.common.va
  * @author Lukasz Moren (lukasz.moren@ncl.ac.uk)
  * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
  */
-public class AuthorizationCodeValidator extends AbstractValidator {
+public class AuthorizationCodeValidator extends AbstractValidator<HttpServletRequest> {
 
     public AuthorizationCodeValidator() {
         requiredParams.add(OAuth.OAUTH_GRANT_TYPE);

Added: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/ClientCredentialValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/ClientCredentialValidator.java?rev=1235697&view=auto
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/ClientCredentialValidator.java (added)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/ClientCredentialValidator.java Wed Jan 25 09:01:50 2012
@@ -0,0 +1,33 @@
+/**
+ *       Copyright 2010 Newcastle University
+ *
+ *          http://research.ncl.ac.uk/smart/
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.amber.oauth2.as.validator;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.amber.oauth2.common.OAuth;
+import org.apache.amber.oauth2.common.validators.AbstractValidator;
+
+public class ClientCredentialValidator extends AbstractValidator<HttpServletRequest> {
+    public ClientCredentialValidator() {
+        requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
+    }
+}

Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeTokenValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeTokenValidator.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeTokenValidator.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeTokenValidator.java Wed Jan 25 09:01:50 2012
@@ -0,0 +1,59 @@
+
+/**
+ *       Copyright 2010 Newcastle University
+ *
+ *          http://research.ncl.ac.uk/smart/
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.amber.oauth2.as.validator;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.amber.oauth2.common.OAuth;
+import org.apache.amber.oauth2.common.error.OAuthError;
+import org.apache.amber.oauth2.common.exception.OAuthProblemException;
+import org.apache.amber.oauth2.common.validators.AbstractValidator;
+
+
+/**
+ * @author Maciej Machulak (m.p.machulak@ncl.ac.uk)
+ * @author Lukasz Moren (lukasz.moren@ncl.ac.uk)
+ * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
+ */
+public class CodeTokenValidator extends AbstractValidator<HttpServletRequest> {
+
+    public CodeTokenValidator() {
+        requiredParams.add(OAuth.OAUTH_RESPONSE_TYPE);
+        requiredParams.add(OAuth.OAUTH_CLIENT_ID);
+        requiredParams.add(OAuth.OAUTH_REDIRECT_URI);
+    }
+
+    @Override
+    public void validateMethod(HttpServletRequest request) throws OAuthProblemException {
+        String method = request.getMethod();
+        if (!method.equals(OAuth.HttpMethod.GET) && !method.equals(OAuth.HttpMethod.POST)) {
+            throw OAuthProblemException.error(OAuthError.CodeResponse.INVALID_REQUEST)
+                .description("Method not correct.");
+        }
+    }
+
+    @Override
+    public void validateContentType(HttpServletRequest request) throws OAuthProblemException {
+    }
+}
+

Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeValidator.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeValidator.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/CodeValidator.java Wed Jan 25 09:01:50 2012
@@ -34,7 +34,7 @@ import org.apache.amber.oauth2.common.va
  * @author Lukasz Moren (lukasz.moren@ncl.ac.uk)
  * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
  */
-public class CodeValidator extends AbstractValidator {
+public class CodeValidator extends AbstractValidator<HttpServletRequest> {
 
     public CodeValidator() {
         requiredParams.add(OAuth.OAUTH_RESPONSE_TYPE);

Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/PasswordValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/PasswordValidator.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/PasswordValidator.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/PasswordValidator.java Wed Jan 25 09:01:50 2012
@@ -21,6 +21,8 @@
 
 package org.apache.amber.oauth2.as.validator;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.apache.amber.oauth2.common.OAuth;
 import org.apache.amber.oauth2.common.validators.AbstractValidator;
 
@@ -29,7 +31,7 @@ import org.apache.amber.oauth2.common.va
  * @author Lukasz Moren (lukasz.moren@ncl.ac.uk)
  * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
  */
-public class PasswordValidator extends AbstractValidator {
+public class PasswordValidator extends AbstractValidator<HttpServletRequest> {
 
     public PasswordValidator() {
 

Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/RefreshTokenValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/RefreshTokenValidator.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/RefreshTokenValidator.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/RefreshTokenValidator.java Wed Jan 25 09:01:50 2012
@@ -22,6 +22,8 @@
 package org.apache.amber.oauth2.as.validator;
 
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.apache.amber.oauth2.common.OAuth;
 import org.apache.amber.oauth2.common.validators.AbstractValidator;
 
@@ -30,7 +32,7 @@ import org.apache.amber.oauth2.common.va
  * @author Lukasz Moren (lukasz.moren@ncl.ac.uk)
  * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
  */
-public class RefreshTokenValidator extends AbstractValidator {
+public class RefreshTokenValidator extends AbstractValidator<HttpServletRequest> {
 
     public RefreshTokenValidator() {
         requiredParams.add(OAuth.OAUTH_GRANT_TYPE);

Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/TokenValidator.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/TokenValidator.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/TokenValidator.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/main/java/org/apache/amber/oauth2/as/validator/TokenValidator.java Wed Jan 25 09:01:50 2012
@@ -33,7 +33,7 @@ import org.apache.amber.oauth2.common.va
  * @author Lukasz Moren (lukasz.moren@ncl.ac.uk)
  * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
  */
-public class TokenValidator extends AbstractValidator {
+public class TokenValidator extends AbstractValidator<HttpServletRequest> {
 
     public TokenValidator() {
         requiredParams.add(OAuth.OAUTH_RESPONSE_TYPE);

Modified: incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/test/java/org/apache/amber/oauth2/as/OAuthRequestTest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/test/java/org/apache/amber/oauth2/as/OAuthRequestTest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/test/java/org/apache/amber/oauth2/as/OAuthRequestTest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-authzserver/src/test/java/org/apache/amber/oauth2/as/OAuthRequestTest.java Wed Jan 25 09:01:50 2012
@@ -21,7 +21,15 @@
 
 package org.apache.amber.oauth2.as;
 
+import static org.easymock.EasyMock.createMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.reset;
+import static org.easymock.EasyMock.verify;
+import static org.junit.Assert.fail;
+
 import java.util.Set;
+
 import javax.servlet.http.HttpServletRequest;
 
 import junit.framework.Assert;
@@ -36,13 +44,6 @@ import org.apache.amber.oauth2.common.me
 import org.apache.amber.oauth2.common.message.types.ResponseType;
 import org.junit.Test;
 
-import static org.easymock.EasyMock.createMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.reset;
-import static org.easymock.EasyMock.verify;
-import static org.junit.Assert.fail;
-
 
 /**
  * @author Maciej Machulak (m.p.machulak@ncl.ac.uk)
@@ -225,13 +226,12 @@ public class OAuthRequestTest {
         verify(request);
 
         reset(request);
-        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
-            .andStubReturn(GrantType.ASSERTION.toString());
         expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.GET);
         expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
 
         expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
         expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
+        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE)).andStubReturn("authorization_code");
         replay(request);
 
         try {
@@ -281,7 +281,7 @@ public class OAuthRequestTest {
         reset(request);
 
         expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
-            .andStubReturn(GrantType.NONE.toString());
+            .andStubReturn(null);
         expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.GET);
         expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
 
@@ -321,13 +321,13 @@ public class OAuthRequestTest {
         verify(request);
         reset(request);
 
-        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
-            .andStubReturn(GrantType.ASSERTION.toString());
         expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
         expect(request.getContentType()).andStubReturn(OAuth.ContentType.JSON);
 
         expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("test_client");
         expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://example.com/callback");
+        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE)).andStubReturn("authorization_code");
+
         replay(request);
 
         try {
@@ -382,7 +382,7 @@ public class OAuthRequestTest {
         reset(request);
 
         expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
-            .andStubReturn(GrantType.NONE.toString());
+            .andStubReturn(null);
         expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
         expect(request.getContentType()).andStubReturn(OAuth.ContentType.JSON);
 
@@ -535,70 +535,6 @@ public class OAuthRequestTest {
         verify(request);
     }
 
-    @Test
-    public void testTokenAssertionRequestMissingParameter() throws Exception {
-        HttpServletRequest request = createMock(HttpServletRequest.class);
-        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
-            .andStubReturn(GrantType.ASSERTION.toString());
-        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
-        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
-        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://www.example.com/red");
-
-        expect(request.getParameter(OAuth.OAUTH_ASSERTION)).andStubReturn(null);
-        expect(request.getParameter(OAuth.OAUTH_ASSERTION_TYPE)).andStubReturn("test_type");
-        replay(request);
-
-        try {
-            new OAuthTokenRequest(request);
-            fail("Exception expected");
-        } catch (OAuthProblemException e) {
-            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
-        }
-
-        verify(request);
-
-        reset(request);
-
-        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
-            .andStubReturn(GrantType.ASSERTION.toString());
-        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
-        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
-        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://www.example.com/red");
-
-        expect(request.getParameter(OAuth.OAUTH_ASSERTION)).andStubReturn("test_assertion");
-        expect(request.getParameter(OAuth.OAUTH_ASSERTION_TYPE)).andStubReturn(null);
-        replay(request);
-
-        try {
-            new OAuthTokenRequest(request);
-            fail("Exception expected");
-        } catch (OAuthProblemException e) {
-            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
-        }
-
-        verify(request);
-
-        reset(request);
-
-        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
-            .andStubReturn(GrantType.ASSERTION.toString());
-        expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
-        expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
-        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn("http://www.example.com/red");
-
-        expect(request.getParameter(OAuth.OAUTH_ASSERTION)).andStubReturn("");
-        expect(request.getParameter(OAuth.OAUTH_ASSERTION_TYPE)).andStubReturn("");
-        replay(request);
-
-        try {
-            new OAuthTokenRequest(request);
-            fail("Exception expected");
-        } catch (OAuthProblemException e) {
-            Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
-        }
-
-        verify(request);
-    }
 
     @Test
     public void testRefreshTokenRequestMissingParameter() throws Exception {
@@ -720,13 +656,10 @@ public class OAuthRequestTest {
         verify(request);
         reset(request);
 
-        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE))
-            .andStubReturn(GrantType.ASSERTION.toString());
         expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.POST);
         expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
 
-        expect(request.getParameter(OAuth.OAUTH_ASSERTION)).andStubReturn("test_assertion");
-        expect(request.getParameter(OAuth.OAUTH_ASSERTION_TYPE)).andStubReturn("test_type");
+        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE)).andStubReturn(GrantType.CLIENT_CREDENTIALS.toString());
         replay(request);
 
         try {
@@ -735,8 +668,8 @@ public class OAuthRequestTest {
         } catch (OAuthProblemException e) {
             fail("Exception not expected");
         }
-        Assert.assertEquals("test_assertion", req.getAssertion());
-        Assert.assertEquals("test_type", req.getAssertionType());
+//        Assert.assertEquals("test_assertion", req.getAssertion());
+//        Assert.assertEquals("test_type", req.getAssertionType());
 
         verify(request);
         reset(request);

Modified: incubator/amber/trunk/oauth-2.0/oauth2-client/src/main/java/org/apache/amber/oauth2/client/request/OAuthClientRequest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-client/src/main/java/org/apache/amber/oauth2/client/request/OAuthClientRequest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-client/src/main/java/org/apache/amber/oauth2/client/request/OAuthClientRequest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-client/src/main/java/org/apache/amber/oauth2/client/request/OAuthClientRequest.java Wed Jan 25 09:01:50 2012
@@ -27,10 +27,10 @@ import java.util.Map;
 import org.apache.amber.oauth2.common.OAuth;
 import org.apache.amber.oauth2.common.exception.OAuthSystemException;
 import org.apache.amber.oauth2.common.message.OAuthMessage;
-import org.apache.amber.oauth2.common.parameters.OAuthParametersApplier;
-import org.apache.amber.oauth2.common.parameters.QueryParameterApplier;
 import org.apache.amber.oauth2.common.message.types.GrantType;
 import org.apache.amber.oauth2.common.parameters.BodyURLEncodedParametersApplier;
+import org.apache.amber.oauth2.common.parameters.OAuthParametersApplier;
+import org.apache.amber.oauth2.common.parameters.QueryParameterApplier;
 
 /**
  * OAuth Client Request
@@ -169,7 +169,7 @@ public class OAuthClientRequest implemen
         }
 
         public TokenRequestBuilder setGrantType(GrantType grantType) {
-            this.parameters.put(OAuth.OAUTH_GRANT_TYPE, grantType.toString());
+            this.parameters.put(OAuth.OAUTH_GRANT_TYPE, grantType == null ? null : grantType.toString());
             return this;
         }
 

Modified: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java Wed Jan 25 09:01:50 2012
@@ -77,6 +77,7 @@ public final class OAuth {
     public static final String OAUTH_TOKEN = "oauth_token";
 
     public static final String OAUTH_TOKEN_DRAFT_0 = "access_token";
+    public static final String OAUTH_BEARER_TOKEN = "access_token";
 
     public static final ParameterStyle DEFAULT_PARAMETER_STYLE = ParameterStyle.HEADER;
     public static final String OAUTH_VERSION_DIFFER = "oauth_signature_method";

Modified: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/error/OAuthError.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/error/OAuthError.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/error/OAuthError.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/error/OAuthError.java Wed Jan 25 09:01:50 2012
@@ -34,22 +34,104 @@ public abstract class OAuthError {
     public static final String OAUTH_ERROR_URI = "error_uri";
 
     public static final class CodeResponse {
+        /**
+         * The request is missing a required parameter, includes an
+        unsupported parameter value, or is otherwise malformed.
+         */
         public static final String INVALID_REQUEST = "invalid_request";
+
         public static final String INVALID_CLIENT = "invalid_client";
+
+        /**
+         * The client is not authorized to request an authorization
+        code using this method.
+         */
         public static final String UNAUTHORIZED_CLIENT = "unauthorized_client";
         public static final String REDIRECT_URI_MISMATCH = "redirect_uri_mismatch";
+
+        /**
+         * The resource owner or authorization server denied the
+        request.
+         */
         public static final String ACCESS_DENIED = "access_denied";
+
+        /**
+         * The authorization server does not support obtaining an
+        authorization code using this method.
+         */
         public static final String UNSUPPORTED_RESPONSE_TYPE = "unsupported_response_type";
+
+        /**
+         * The requested scope is invalid, unknown, or malformed.
+         */
         public static final String INVALID_SCOPE = "invalid_scope";
+
+        /**
+         * The authorization server encountered an unexpected
+        condition which prevented it from fulfilling the request.
+         */
+        public static final String SERVER_ERROR = "server_error";
+
+        /**
+         *         The authorization server is currently unable to handle
+        the request due to a temporary overloading or maintenance
+        of the server.
+         */
+        public static final String TEMPORARILY_UNAVAILABLE = "temporarily_unavailable";
+
     }
 
     public static final class TokenResponse {
+        /**
+        The request is missing a required parameter, includes an
+        unsupported parameter value, repeats a parameter,
+        includes multiple credentials, utilizes more than one
+        mechanism for authenticating the client, or is otherwise
+        malformed.
+        */
+
         public static final String INVALID_REQUEST = "invalid_request";
+        /**
+        Client authentication failed (e.g. unknown client, no
+        client authentication included, or unsupported
+        authentication method).  The authorization server MAY
+        return an HTTP 401 (Unauthorized) status code to indicate
+        which HTTP authentication schemes are supported.  If the
+        client attempted to authenticate via the "Authorization"
+        request header field, the authorization server MUST
+        respond with an HTTP 401 (Unauthorized) status code, and
+        include the "WWW-Authenticate" response header field
+        matching the authentication scheme used by the client.
+        */
         public static final String INVALID_CLIENT = "invalid_client";
-        public static final String UNAUTHORIZED_CLIENT = "unauthorized_client";
+
+        /**
+        The provided authorization grant (e.g. authorization
+        code, resource owner credentials, client credentials) is
+        invalid, expired, revoked, does not match the redirection
+        URI used in the authorization request, or was issued to
+        another client.
+        */
         public static final String INVALID_GRANT = "invalid_grant";
+
+        /**
+        The authenticated client is not authorized to use this
+        authorization grant type.
+        */
+        public static final String UNAUTHORIZED_CLIENT = "unauthorized_client";
+
+        /**
+        The authorization grant type is not supported by the
+        authorization server.
+        */
         public static final String UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type";
+
+        /**
+         * The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.
+         */
+
         public static final String INVALID_SCOPE = "invalid_scope";
+        public static final String REDIRECT_URI_MISMATCH = "redirect_uri_mismatch";
     }
 
     public static final class ResourceResponse {

Modified: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/GrantType.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/GrantType.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/GrantType.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/GrantType.java Wed Jan 25 09:01:50 2012
@@ -27,13 +27,11 @@ package org.apache.amber.oauth2.common.m
  * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk)
  */
 public enum GrantType {
+    // NONE("none"),
     AUTHORIZATION_CODE("authorization_code"),
     PASSWORD("password"),
-    @Deprecated
-    ASSERTION("assertion"),
     REFRESH_TOKEN("refresh_token"),
-    CLIENT_CREDENTIALS("client_credentials"),
-    NONE("none");
+    CLIENT_CREDENTIALS("client_credentials");
 
     private String grantType;
 

Modified: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/ResponseType.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/ResponseType.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/ResponseType.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/ResponseType.java Wed Jan 25 09:01:50 2012
@@ -29,9 +29,7 @@ package org.apache.amber.oauth2.common.m
 public enum ResponseType {
 
     CODE("code"),
-    TOKEN("token"),
-    @Deprecated
-    CODE_AND_TOKEN("code_and_token");
+    TOKEN("token");
 
     private String code;
 

Modified: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/utils/OAuthUtils.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/utils/OAuthUtils.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/utils/OAuthUtils.java Wed Jan 25 09:01:50 2012
@@ -39,6 +39,7 @@ import java.util.Set;
 import java.util.StringTokenizer;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.amber.oauth2.common.OAuth;
@@ -289,9 +290,9 @@ public final class OAuthUtils {
         return false;
     }
 
-    public static Object instantiateClass(Class clazz) throws OAuthSystemException {
+    public static <T> T instantiateClass(Class<T> clazz) throws OAuthSystemException {
         try {
-            return (Object)clazz.newInstance();
+            return (T)clazz.newInstance();
         } catch (Exception e) {
             throw new OAuthSystemException(e);
         }

Modified: incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/AccessTokenTestAuthCodeTest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/AccessTokenTestAuthCodeTest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/AccessTokenTestAuthCodeTest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/AccessTokenTestAuthCodeTest.java Wed Jan 25 09:01:50 2012
@@ -83,7 +83,7 @@ public class AccessTokenTestAuthCodeTest
     public void testNoneGrantType() throws Exception {
         OAuthClientRequest request = OAuthClientRequest
             .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
-            .setGrantType(GrantType.NONE)
+            .setGrantType(null)
             .setClientId(Common.CLIENT_ID)
             .buildBodyMessage();
 

Modified: incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/AuthzEndpoint.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/AuthzEndpoint.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/AuthzEndpoint.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/AuthzEndpoint.java Wed Jan 25 09:01:50 2012
@@ -23,6 +23,7 @@ package org.apache.amber.oauth2.integrat
 
 import java.net.URI;
 import java.net.URISyntaxException;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.GET;
@@ -32,15 +33,15 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 
 import org.apache.amber.oauth2.as.issuer.MD5Generator;
+import org.apache.amber.oauth2.as.issuer.OAuthIssuerImpl;
 import org.apache.amber.oauth2.as.request.OAuthAuthzRequest;
 import org.apache.amber.oauth2.as.response.OAuthASResponse;
+import org.apache.amber.oauth2.common.OAuth;
 import org.apache.amber.oauth2.common.exception.OAuthProblemException;
-import org.apache.amber.oauth2.common.message.types.ResponseType;
 import org.apache.amber.oauth2.common.exception.OAuthSystemException;
-import org.apache.amber.oauth2.common.utils.OAuthUtils;
-import org.apache.amber.oauth2.as.issuer.OAuthIssuerImpl;
-import org.apache.amber.oauth2.common.OAuth;
 import org.apache.amber.oauth2.common.message.OAuthResponse;
+import org.apache.amber.oauth2.common.message.types.ResponseType;
+import org.apache.amber.oauth2.common.utils.OAuthUtils;
 
 /**
  * @author Maciej Machulak (m.p.machulak@ncl.ac.uk)

Modified: incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/TokenEndpoint.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/TokenEndpoint.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/TokenEndpoint.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-integration-tests/src/test/java/org/apache/amber/oauth2/integration/endpoints/TokenEndpoint.java Wed Jan 25 09:01:50 2012
@@ -63,17 +63,14 @@ public class TokenEndpoint {
 
         try {
             oauthRequest = new OAuthTokenRequest(request);
-
+            
             //check if clientid is valid
-            if (!GrantType.ASSERTION.toString().equals(oauthRequest.getGrantType())) {
-                if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) {
-                    OAuthResponse response = OAuthASResponse
-                        .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
-                        .setError(OAuthError.TokenResponse.INVALID_CLIENT)
-                        .setErrorDescription("client_id not found")
+            if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) {
+                OAuthResponse response =
+                    OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
+                        .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id not found")
                         .buildJSONMessage();
-                    return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
-                }
+                return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
             }
 
             //do checking for different grant types
@@ -99,17 +96,6 @@ public class TokenEndpoint {
                     return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
                 }
             } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
-                .equals(GrantType.ASSERTION.toString())) {
-                if (!Common.ASSERTION.equals(oauthRequest.getAssertion())) {
-                    OAuthResponse response = OAuthASResponse
-                        .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
-                        .setError(OAuthError.TokenResponse.INVALID_GRANT)
-                        .setErrorDescription("invalid assertion")
-                        .buildJSONMessage();
-                    return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
-                }
-
-            } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
                 .equals(GrantType.REFRESH_TOKEN.toString())) {
                 OAuthResponse response = OAuthASResponse
                     .errorResponse(HttpServletResponse.SC_BAD_REQUEST)

Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java Wed Jan 25 09:01:50 2012
@@ -34,7 +34,11 @@ public class QueryTokenExtractor impleme
 
     @Override
     public String getAccessToken(HttpServletRequest request) {
-        return request.getParameter(OAuth.OAUTH_TOKEN);
+        String token = request.getParameter(OAuth.OAUTH_TOKEN);
+        if (token == null) {
+            token = request.getParameter(OAuth.OAUTH_BEARER_TOKEN);
+        }
+        return token;
     }
 
     @Override

Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java?rev=1235697&r1=1235696&r2=1235697&view=diff
==============================================================================
--- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java (original)
+++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java Wed Jan 25 09:01:50 2012
@@ -21,19 +21,18 @@
 
 package org.apache.amber.oauth2.rs.extractor;
 
+import static org.easymock.EasyMock.createStrictMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.verify;
+
 import javax.servlet.http.HttpServletRequest;
 
 import junit.framework.Assert;
 
 import org.apache.amber.oauth2.common.OAuth;
-import org.apache.amber.oauth2.rs.extractor.QueryTokenExtractor;
 import org.junit.Test;
 
-import static org.easymock.EasyMock.createStrictMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.verify;
-
 
 /**
  * @author Maciej Machulak (m.p.machulak@ncl.ac.uk)
@@ -59,6 +58,7 @@ public class QueryTokenExtractorTest {
 
         HttpServletRequest request = createStrictMock(HttpServletRequest.class);
         expect(request.getParameter(OAuth.OAUTH_TOKEN)).andStubReturn(null);
+        expect(request.getParameter(OAuth.OAUTH_BEARER_TOKEN)).andStubReturn(null);
         replay(request);
         QueryTokenExtractor qte = new QueryTokenExtractor();
         Assert.assertNull(qte.getAccessToken(request));



Mime
View raw message