Return-Path: X-Original-To: apmail-incubator-amber-commits-archive@minotaur.apache.org Delivered-To: apmail-incubator-amber-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1DFE291F8 for ; Thu, 1 Mar 2012 11:00:17 +0000 (UTC) Received: (qmail 3597 invoked by uid 500); 1 Mar 2012 11:00:17 -0000 Delivered-To: apmail-incubator-amber-commits-archive@incubator.apache.org Received: (qmail 3568 invoked by uid 500); 1 Mar 2012 11:00:16 -0000 Mailing-List: contact amber-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: amber-dev@incubator.apache.org Delivered-To: mailing list amber-commits@incubator.apache.org Received: (qmail 3557 invoked by uid 99); 1 Mar 2012 11:00:16 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Mar 2012 11:00:16 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Mar 2012 11:00:04 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 0A2F7238890D; Thu, 1 Mar 2012 10:59:42 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1295509 - in /incubator/amber/trunk/oauth-2.0: oauth2-common/src/main/java/org/apache/amber/oauth2/common/ oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/ oauth2-resourceserver/src/main/java/org/apache/amber/oauth... Date: Thu, 01 Mar 2012 10:59:40 -0000 To: amber-commits@incubator.apache.org From: asanso@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120301105942.0A2F7238890D@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: asanso Date: Thu Mar 1 10:59:40 2012 New Revision: 1295509 URL: http://svn.apache.org/viewvc?rev=1295509&view=rev Log: AMBER-48 : Resource Server module extension Added: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/TokenType.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/BearerResourceServer.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/ResourceServer.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerBodyTokenExtractor.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerHeaderTokenExtractor.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerBodyOAuthValidator.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerHeaderOAuthValidator.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerQueryOAuthValidator.java Removed: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BodyOAuthValidator.java Modified: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BodyTokenExtractor.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/HeaderTokenExtractor.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/request/OAuthAccessResourceRequest.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/HeaderOAuthValidator.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/QueryOAuthValidator.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/BodyTokenExtractorTest.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/HeaderTokenExtractorTest.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/BodyOAuthValidatorTest.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/HeaderOAuthValidatorTest.java incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/QueryOAuthValidatorTest.java Modified: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java?rev=1295509&r1=1295508&r2=1295509&view=diff ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java (original) +++ incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/OAuth.java Thu Mar 1 10:59:40 2012 @@ -22,6 +22,7 @@ package org.apache.amber.oauth2.common; import org.apache.amber.oauth2.common.message.types.ParameterStyle; +import org.apache.amber.oauth2.common.message.types.TokenType; /** * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) @@ -80,5 +81,7 @@ public final class OAuth { public static final String OAUTH_BEARER_TOKEN = "access_token"; public static final ParameterStyle DEFAULT_PARAMETER_STYLE = ParameterStyle.HEADER; + public static final TokenType DEFAULT_TOKEN_TYPE = TokenType.BEARER; + public static final String OAUTH_VERSION_DIFFER = "oauth_signature_method"; } Added: incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/TokenType.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/TokenType.java?rev=1295509&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/TokenType.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-common/src/main/java/org/apache/amber/oauth2/common/message/types/TokenType.java Thu Mar 1 10:59:40 2012 @@ -0,0 +1,43 @@ +package org.apache.amber.oauth2.common.message.types; +/** + * Copyright 2010 Newcastle University + * + * http://research.ncl.ac.uk/smart/ + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +/** + * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) + * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) + * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) + */ +public enum TokenType { + BEARER("Bearer"), + MAC("MAC"); + + private String tokenType; + + TokenType(String grantType) { + this.tokenType = grantType; + } + + @Override + public String toString() { + return tokenType; + } +} Added: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/BearerResourceServer.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/BearerResourceServer.java?rev=1295509&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/BearerResourceServer.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/BearerResourceServer.java Thu Mar 1 10:59:40 2012 @@ -0,0 +1,26 @@ +package org.apache.amber.oauth2.rs; + +import java.util.HashMap; +import java.util.Map; +import org.apache.amber.oauth2.common.message.types.ParameterStyle; +import org.apache.amber.oauth2.rs.extractor.BearerBodyTokenExtractor; +import org.apache.amber.oauth2.rs.extractor.BearerHeaderTokenExtractor; +import org.apache.amber.oauth2.rs.extractor.BearerQueryTokenExtractor; +import org.apache.amber.oauth2.rs.validator.BearerBodyOAuthValidator; +import org.apache.amber.oauth2.rs.validator.BearerHeaderOAuthValidator; +import org.apache.amber.oauth2.rs.validator.BearerQueryOAuthValidator; + +public class BearerResourceServer extends ResourceServer{ + + { + extractors.put(ParameterStyle.HEADER, BearerHeaderTokenExtractor.class); + extractors.put(ParameterStyle.BODY, BearerBodyTokenExtractor.class); + extractors.put(ParameterStyle.QUERY, BearerQueryTokenExtractor.class); + + validators.put(ParameterStyle.HEADER, BearerHeaderOAuthValidator.class); + validators.put(ParameterStyle.BODY, BearerBodyOAuthValidator.class); + validators.put(ParameterStyle.QUERY, BearerQueryOAuthValidator.class); + } + + +} Added: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/ResourceServer.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/ResourceServer.java?rev=1295509&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/ResourceServer.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/ResourceServer.java Thu Mar 1 10:59:40 2012 @@ -0,0 +1,31 @@ +package org.apache.amber.oauth2.rs; + +import java.util.HashMap; +import java.util.Map; +import org.apache.amber.oauth2.common.exception.OAuthSystemException; +import org.apache.amber.oauth2.common.message.types.ParameterStyle; +import org.apache.amber.oauth2.common.utils.OAuthUtils; +import org.apache.amber.oauth2.common.validators.OAuthValidator; +import org.apache.amber.oauth2.rs.extractor.TokenExtractor; + +public abstract class ResourceServer { + + protected Map extractors = new HashMap(); + protected Map validators = new HashMap(); + + public OAuthValidator instantiateValidator(ParameterStyle ps) throws OAuthSystemException { + Class clazz = validators.get(ps); + if (clazz == null) { + throw new OAuthSystemException("Cannot instantiate a message validator."); + } + return (OAuthValidator)OAuthUtils.instantiateClass(clazz); + } + + public TokenExtractor instantiateExtractor(ParameterStyle ps) throws OAuthSystemException { + Class clazz = extractors.get(ps); + if (clazz == null) { + throw new OAuthSystemException("Cannot instantiate a token extractor."); + } + return (TokenExtractor)OAuthUtils.instantiateClass(clazz); + } + } Added: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerBodyTokenExtractor.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerBodyTokenExtractor.java?rev=1295509&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerBodyTokenExtractor.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerBodyTokenExtractor.java Thu Mar 1 10:59:40 2012 @@ -0,0 +1,49 @@ +/** + * Copyright 2010 Newcastle University + * + * http://research.ncl.ac.uk/smart/ + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.amber.oauth2.rs.extractor; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.amber.oauth2.common.OAuth; + + +/** + * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) + * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) + * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) + */ +public class BearerBodyTokenExtractor implements TokenExtractor { + + @Override + public String getAccessToken(HttpServletRequest request) { + String token = request.getParameter(OAuth.OAUTH_BEARER_TOKEN); + if (token == null) { + token = request.getParameter(OAuth.OAUTH_TOKEN); + } + return token; + } + + @Override + public String getAccessToken(HttpServletRequest request, String tokenName) { + return request.getParameter(tokenName); + } +} Added: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerHeaderTokenExtractor.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerHeaderTokenExtractor.java?rev=1295509&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerHeaderTokenExtractor.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerHeaderTokenExtractor.java Thu Mar 1 10:59:40 2012 @@ -0,0 +1,51 @@ +/** + * Copyright 2010 Newcastle University + * + * http://research.ncl.ac.uk/smart/ + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.amber.oauth2.rs.extractor; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.amber.oauth2.common.utils.OAuthUtils; +import org.apache.amber.oauth2.common.OAuth; + + +/** + * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) + * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) + * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) + */ +public class BearerHeaderTokenExtractor implements TokenExtractor { + + + @Override + public String getAccessToken(HttpServletRequest request) { + String authzHeader = request.getHeader(OAuth.HeaderType.AUTHORIZATION); + return OAuthUtils.getAuthHeaderField(authzHeader); + } + + @Override + public String getAccessToken(HttpServletRequest request, String tokenName) { + String authzHeader = request.getHeader(OAuth.HeaderType.AUTHORIZATION); + return OAuthUtils.getAuthHeaderField(authzHeader); + } + + +} Added: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java?rev=1295509&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java Thu Mar 1 10:59:40 2012 @@ -0,0 +1,49 @@ +/** + * Copyright 2010 Newcastle University + * + * http://research.ncl.ac.uk/smart/ + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.amber.oauth2.rs.extractor; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.amber.oauth2.common.OAuth; + +/** + * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) + * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) + * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) + */ +public class BearerQueryTokenExtractor implements TokenExtractor { + + @Override + public String getAccessToken(HttpServletRequest request) { + String token = request.getParameter(OAuth.OAUTH_BEARER_TOKEN); + if (token == null) { + token = request.getParameter(OAuth.OAUTH_TOKEN); + } + return token; + } + + @Override + public String getAccessToken(HttpServletRequest request, String tokenName) { + return request.getParameter(tokenName); + } + +} Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BodyTokenExtractor.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BodyTokenExtractor.java?rev=1295509&r1=1295508&r2=1295509&view=diff ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BodyTokenExtractor.java (original) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BodyTokenExtractor.java Thu Mar 1 10:59:40 2012 @@ -1,49 +0,0 @@ -/** - * Copyright 2010 Newcastle University - * - * http://research.ncl.ac.uk/smart/ - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.amber.oauth2.rs.extractor; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.amber.oauth2.common.OAuth; - - -/** - * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) - * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) - * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) - */ -public class BodyTokenExtractor implements TokenExtractor { - - @Override - public String getAccessToken(HttpServletRequest request) { - String token = request.getParameter(OAuth.OAUTH_BEARER_TOKEN); - if (token == null) { - token = request.getParameter(OAuth.OAUTH_TOKEN); - } - return token; - } - - @Override - public String getAccessToken(HttpServletRequest request, String tokenName) { - return request.getParameter(tokenName); - } -} Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/HeaderTokenExtractor.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/HeaderTokenExtractor.java?rev=1295509&r1=1295508&r2=1295509&view=diff ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/HeaderTokenExtractor.java (original) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/HeaderTokenExtractor.java Thu Mar 1 10:59:40 2012 @@ -1,51 +0,0 @@ -/** - * Copyright 2010 Newcastle University - * - * http://research.ncl.ac.uk/smart/ - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.amber.oauth2.rs.extractor; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.amber.oauth2.common.utils.OAuthUtils; -import org.apache.amber.oauth2.common.OAuth; - - -/** - * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) - * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) - * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) - */ -public class HeaderTokenExtractor implements TokenExtractor { - - - @Override - public String getAccessToken(HttpServletRequest request) { - String authzHeader = request.getHeader(OAuth.HeaderType.AUTHORIZATION); - return OAuthUtils.getAuthHeaderField(authzHeader); - } - - @Override - public String getAccessToken(HttpServletRequest request, String tokenName) { - String authzHeader = request.getHeader(OAuth.HeaderType.AUTHORIZATION); - return OAuthUtils.getAuthHeaderField(authzHeader); - } - - -} Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java?rev=1295509&r1=1295508&r2=1295509&view=diff ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java (original) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractor.java Thu Mar 1 10:59:40 2012 @@ -1,49 +0,0 @@ -/** - * Copyright 2010 Newcastle University - * - * http://research.ncl.ac.uk/smart/ - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.amber.oauth2.rs.extractor; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.amber.oauth2.common.OAuth; - -/** - * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) - * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) - * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) - */ -public class QueryTokenExtractor implements TokenExtractor { - - @Override - public String getAccessToken(HttpServletRequest request) { - String token = request.getParameter(OAuth.OAUTH_BEARER_TOKEN); - if (token == null) { - token = request.getParameter(OAuth.OAUTH_TOKEN); - } - return token; - } - - @Override - public String getAccessToken(HttpServletRequest request, String tokenName) { - return request.getParameter(tokenName); - } - -} Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/request/OAuthAccessResourceRequest.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/request/OAuthAccessResourceRequest.java?rev=1295509&r1=1295508&r2=1295509&view=diff ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/request/OAuthAccessResourceRequest.java (original) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/request/OAuthAccessResourceRequest.java Thu Mar 1 10:59:40 2012 @@ -25,22 +25,17 @@ package org.apache.amber.oauth2.rs.reque import java.util.HashMap; import java.util.Map; import javax.servlet.http.HttpServletRequest; - import org.apache.amber.oauth2.common.error.OAuthError; import org.apache.amber.oauth2.common.exception.OAuthProblemException; import org.apache.amber.oauth2.common.exception.OAuthSystemException; import org.apache.amber.oauth2.common.message.types.ParameterStyle; +import org.apache.amber.oauth2.common.message.types.TokenType; import org.apache.amber.oauth2.common.utils.OAuthUtils; import org.apache.amber.oauth2.common.validators.OAuthValidator; -import org.apache.amber.oauth2.common.OAuth; -import org.apache.amber.oauth2.rs.extractor.HeaderTokenExtractor; -import org.apache.amber.oauth2.rs.extractor.QueryTokenExtractor; +import org.apache.amber.oauth2.common.OAuth; +import org.apache.amber.oauth2.rs.BearerResourceServer; +import org.apache.amber.oauth2.rs.ResourceServer; import org.apache.amber.oauth2.rs.extractor.TokenExtractor; -import org.apache.amber.oauth2.rs.validator.BodyOAuthValidator; -import org.apache.amber.oauth2.rs.validator.HeaderOAuthValidator; -import org.apache.amber.oauth2.rs.extractor.BodyTokenExtractor; -import org.apache.amber.oauth2.rs.validator.QueryOAuthValidator; - /** * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) @@ -50,32 +45,39 @@ import org.apache.amber.oauth2.rs.valida public class OAuthAccessResourceRequest { private HttpServletRequest request; - private ParameterStyle[] parameterStyles = new ParameterStyle[] {OAuth.DEFAULT_PARAMETER_STYLE}; + private ParameterStyle[] parameterStyles=new ParameterStyle[] {OAuth.DEFAULT_PARAMETER_STYLE}; + private TokenType[] tokenTypes=new TokenType []{OAuth.DEFAULT_TOKEN_TYPE}; private ParameterStyle usedParameterStyle; + private ResourceServer usedResourceServer; - private Map extractors = new HashMap(); - private Map validators = new HashMap(); + protected static Map tokens = new HashMap(); private TokenExtractor extractor; - + { - extractors.put(ParameterStyle.HEADER, HeaderTokenExtractor.class); - extractors.put(ParameterStyle.BODY, BodyTokenExtractor.class); - extractors.put(ParameterStyle.QUERY, QueryTokenExtractor.class); - - validators.put(ParameterStyle.HEADER, HeaderOAuthValidator.class); - validators.put(ParameterStyle.BODY, BodyOAuthValidator.class); - validators.put(ParameterStyle.QUERY, QueryOAuthValidator.class); + tokens.put(TokenType.BEARER, BearerResourceServer.class); + //TODO add MACResourceServer - see AMBER-41 } - + public OAuthAccessResourceRequest(HttpServletRequest request) throws OAuthSystemException, OAuthProblemException { - this(request, OAuth.DEFAULT_PARAMETER_STYLE); + this(request,new TokenType []{OAuth.DEFAULT_TOKEN_TYPE}, new ParameterStyle[] {OAuth.DEFAULT_PARAMETER_STYLE}); } public OAuthAccessResourceRequest(HttpServletRequest request, ParameterStyle... parameterStyles) + throws OAuthSystemException, OAuthProblemException { + this(request,new TokenType []{OAuth.DEFAULT_TOKEN_TYPE}, parameterStyles); + } + + public OAuthAccessResourceRequest(HttpServletRequest request, TokenType... tokenTypes) + throws OAuthSystemException, OAuthProblemException { + this(request,tokenTypes, new ParameterStyle[] {OAuth.DEFAULT_PARAMETER_STYLE}); + } + + public OAuthAccessResourceRequest(HttpServletRequest request, TokenType[] tokenTypes ,ParameterStyle[] parameterStyles) throws OAuthSystemException, OAuthProblemException { this.request = request; + this.tokenTypes = tokenTypes; this.parameterStyles = parameterStyles; this.validate(); } @@ -90,25 +92,29 @@ public class OAuthAccessResourceRequest boolean lackAuthInfo = false; OAuthProblemException ex = null; String lackAuthReason = "OAuth parameters were not found"; - for (ParameterStyle style : parameterStyles) { - try { - - OAuthValidator validator = instantiateValidator(style); - validator.validateContentType(request); - validator.validateMethod(request); - validator.validateRequiredParameters(request); - - usedParameterStyle = style; - foundValidStyles++; - } catch (OAuthProblemException e) { - //request lacks any authentication information? - if (OAuthUtils.isEmpty(e.getError())) { - lackAuthInfo = true; - lackAuthReason = e.getDescription(); - } else { - ex = OAuthProblemException.error(e.getError(), e.getDescription()); - } - } + for (TokenType tokenType : tokenTypes) { + ResourceServer resourceServer=instantiateResourceServer(tokenType); + for (ParameterStyle style : parameterStyles) { + try { + + OAuthValidator validator = resourceServer.instantiateValidator(style); + validator.validateContentType(request); + validator.validateMethod(request); + validator.validateRequiredParameters(request); + + usedParameterStyle = style; + usedResourceServer = resourceServer; + foundValidStyles++; + } catch (OAuthProblemException e) { + //request lacks any authentication information? + if (OAuthUtils.isEmpty(e.getError())) { + lackAuthInfo = true; + lackAuthReason = e.getDescription(); + } else { + ex = OAuthProblemException.error(e.getError(), e.getDescription()); + } + } + } } if (foundValidStyles > 1) { @@ -129,22 +135,15 @@ public class OAuthAccessResourceRequest "OAuth parameters were not found"); } - instantiateExtractor(usedParameterStyle); - } - - private OAuthValidator instantiateValidator(ParameterStyle ps) throws OAuthSystemException { - Class clazz = validators.get(ps); - if (clazz == null) { - throw new OAuthSystemException("Cannot instantiate a message validator."); - } - return (OAuthValidator)OAuthUtils.instantiateClass(clazz); + extractor= usedResourceServer.instantiateExtractor(usedParameterStyle); } - private void instantiateExtractor(ParameterStyle ps) throws OAuthSystemException { - Class clazz = extractors.get(ps); + public static ResourceServer instantiateResourceServer(TokenType tokenType) throws OAuthSystemException { + Class clazz = tokens.get(tokenType); if (clazz == null) { - throw new OAuthSystemException("Cannot instantiate a token extractor."); + throw new OAuthSystemException("Cannot instantiate a resource server."); } - extractor = (TokenExtractor)OAuthUtils.instantiateClass(clazz); + return (ResourceServer)OAuthUtils.instantiateClass(clazz); } + } Added: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerBodyOAuthValidator.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerBodyOAuthValidator.java?rev=1295509&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerBodyOAuthValidator.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerBodyOAuthValidator.java Thu Mar 1 10:59:40 2012 @@ -0,0 +1,91 @@ +/** + * Copyright 2010 Newcastle University + * + * http://research.ncl.ac.uk/smart/ + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.amber.oauth2.rs.validator; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.amber.oauth2.common.OAuth; +import org.apache.amber.oauth2.common.error.OAuthError; +import org.apache.amber.oauth2.common.exception.OAuthProblemException; +import org.apache.amber.oauth2.common.utils.OAuthUtils; +import org.apache.amber.oauth2.common.validators.AbstractValidator; + + +/** + * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) + * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) + * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) + */ +public class BearerBodyOAuthValidator extends AbstractValidator { + + @Override + public void validateMethod(HttpServletRequest request) throws OAuthProblemException { + // Check if the method is POST, PUT, or DELETE + String method = request.getMethod(); + if (!(OAuth.HttpMethod.POST.equals(method) || OAuth.HttpMethod.PUT.equals(method) || OAuth.HttpMethod + .DELETE.equals(method))) { + throw OAuthProblemException + .error(OAuthError.TokenResponse.INVALID_REQUEST) + .description("Incorrect method. POST, PUT, DELETE are supported."); + } + } + + @Override + public void validateContentType(HttpServletRequest request) throws OAuthProblemException { + if (OAuthUtils.isMultipart(request)) { + throw OAuthProblemException.error(OAuthError.CodeResponse.INVALID_REQUEST). + description("Request is not single part."); + } + super.validateContentType(request); + } + + + @Override + public void validateRequiredParameters(HttpServletRequest request) throws OAuthProblemException { + + if (OAuthUtils.isMultipart(request)) { + throw OAuthProblemException.error(OAuthError.TokenResponse.INVALID_REQUEST). + description("Request is not single part."); + } + + + String[] tokens = request.getParameterValues(OAuth.OAUTH_BEARER_TOKEN); + if (OAuthUtils.hasEmptyValues(tokens)) { + tokens = request.getParameterValues(OAuth.OAUTH_TOKEN); + if (OAuthUtils.hasEmptyValues(tokens)) { + throw OAuthProblemException.error(null, "Missing OAuth token."); + } + } + + if (tokens.length > 1) { + throw OAuthProblemException.error(OAuthError.TokenResponse.INVALID_REQUEST) + .description("Multiple tokens attached."); + } + + String oauthVersionDiff = request.getParameter(OAuth.OAUTH_VERSION_DIFFER); + if (!OAuthUtils.isEmpty(oauthVersionDiff)) { + throw OAuthProblemException.error(OAuthError.TokenResponse.INVALID_REQUEST) + .description("Incorrect OAuth version. Found OAuth V1.0."); + } + + } +} Added: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerHeaderOAuthValidator.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerHeaderOAuthValidator.java?rev=1295509&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerHeaderOAuthValidator.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerHeaderOAuthValidator.java Thu Mar 1 10:59:40 2012 @@ -0,0 +1,79 @@ +/** + * Copyright 2010 Newcastle University + * + * http://research.ncl.ac.uk/smart/ + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.amber.oauth2.rs.validator; + +import java.util.Map; +import javax.servlet.http.HttpServletRequest; + +import org.apache.amber.oauth2.common.OAuth; +import org.apache.amber.oauth2.common.error.OAuthError; +import org.apache.amber.oauth2.common.exception.OAuthProblemException; +import org.apache.amber.oauth2.common.utils.OAuthUtils; +import org.apache.amber.oauth2.common.validators.AbstractValidator; + + +/** + * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) + * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) + * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) + */ +public class BearerHeaderOAuthValidator extends AbstractValidator { + + @Override + public void validateContentType(HttpServletRequest request) throws OAuthProblemException { + } + + @Override + public void validateMethod(HttpServletRequest request) throws OAuthProblemException { + } + + @Override + public void validateRequiredParameters(HttpServletRequest request) throws OAuthProblemException { + // Check if there is the Authorization Header + String authzHeader = request.getHeader(OAuth.HeaderType.AUTHORIZATION); + if (OAuthUtils.isEmpty(authzHeader)) { + throw OAuthProblemException.error("", "Missing authorization header."); + } + + // See if the authorization method is set to OAuth + String authzMethod = OAuthUtils.getAuthzMethod(authzHeader); + if (!OAuth.OAUTH_HEADER_NAME.equals(authzMethod)) { + throw OAuthProblemException.error("", "Incorrect authorization method."); + } + + // Get the header field + String headerField = OAuthUtils.getAuthHeaderField(authzHeader); + if (OAuthUtils.isEmpty(headerField)) { + throw OAuthProblemException + .error(OAuthError.TokenResponse.INVALID_REQUEST, "Missing required parameter."); + } + + // Check if this OAuth 1.0 or OAuth 2.0 + Map values = OAuthUtils.decodeOAuthHeader(authzHeader); + String oauthVersionDiff = values.get(OAuth.OAUTH_VERSION_DIFFER); + if (!OAuthUtils.isEmpty(oauthVersionDiff)) { + throw OAuthProblemException + .error(OAuthError.TokenResponse.INVALID_REQUEST, + "Incorrect OAuth version. Found OAuth V1.0."); + } + } +} Added: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerQueryOAuthValidator.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerQueryOAuthValidator.java?rev=1295509&view=auto ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerQueryOAuthValidator.java (added) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/BearerQueryOAuthValidator.java Thu Mar 1 10:59:40 2012 @@ -0,0 +1,72 @@ +/** + * Copyright 2010 Newcastle University + * + * http://research.ncl.ac.uk/smart/ + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.amber.oauth2.rs.validator; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.amber.oauth2.common.OAuth; +import org.apache.amber.oauth2.common.error.OAuthError; +import org.apache.amber.oauth2.common.exception.OAuthProblemException; +import org.apache.amber.oauth2.common.utils.OAuthUtils; +import org.apache.amber.oauth2.common.validators.AbstractValidator; + + +/** + * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) + * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) + * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) + */ +public class BearerQueryOAuthValidator extends AbstractValidator { + + @Override + public void validateContentType(HttpServletRequest request) throws OAuthProblemException { + } + + @Override + public void validateMethod(HttpServletRequest request) throws OAuthProblemException { + } + + @Override + public void validateRequiredParameters(HttpServletRequest request) throws OAuthProblemException { + + + String[] tokens = request.getParameterValues(OAuth.OAUTH_BEARER_TOKEN); + if (OAuthUtils.hasEmptyValues(tokens)) { + tokens = request.getParameterValues(OAuth.OAUTH_TOKEN); + if (OAuthUtils.hasEmptyValues(tokens)) { + throw OAuthProblemException.error(null, "Missing OAuth token."); + } + } + + if (tokens != null && tokens.length > 1) { + throw OAuthProblemException + .error(OAuthError.TokenResponse.INVALID_REQUEST, "Multiple tokens attached."); + } + + String oauthVersionDiff = request.getParameter(OAuth.OAUTH_VERSION_DIFFER); + if (!OAuthUtils.isEmpty(oauthVersionDiff)) { + throw OAuthProblemException + .error(OAuthError.TokenResponse.INVALID_REQUEST, + "Incorrect OAuth version. Found OAuth V1.0."); + } + } +} Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/HeaderOAuthValidator.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/HeaderOAuthValidator.java?rev=1295509&r1=1295508&r2=1295509&view=diff ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/HeaderOAuthValidator.java (original) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/HeaderOAuthValidator.java Thu Mar 1 10:59:40 2012 @@ -1,79 +0,0 @@ -/** - * Copyright 2010 Newcastle University - * - * http://research.ncl.ac.uk/smart/ - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.amber.oauth2.rs.validator; - -import java.util.Map; -import javax.servlet.http.HttpServletRequest; - -import org.apache.amber.oauth2.common.OAuth; -import org.apache.amber.oauth2.common.error.OAuthError; -import org.apache.amber.oauth2.common.exception.OAuthProblemException; -import org.apache.amber.oauth2.common.utils.OAuthUtils; -import org.apache.amber.oauth2.common.validators.AbstractValidator; - - -/** - * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) - * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) - * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) - */ -public class HeaderOAuthValidator extends AbstractValidator { - - @Override - public void validateContentType(HttpServletRequest request) throws OAuthProblemException { - } - - @Override - public void validateMethod(HttpServletRequest request) throws OAuthProblemException { - } - - @Override - public void validateRequiredParameters(HttpServletRequest request) throws OAuthProblemException { - // Check if there is the Authorization Header - String authzHeader = request.getHeader(OAuth.HeaderType.AUTHORIZATION); - if (OAuthUtils.isEmpty(authzHeader)) { - throw OAuthProblemException.error("", "Missing authorization header."); - } - - // See if the authorization method is set to OAuth - String authzMethod = OAuthUtils.getAuthzMethod(authzHeader); - if (!OAuth.OAUTH_HEADER_NAME.equals(authzMethod)) { - throw OAuthProblemException.error("", "Incorrect authorization method."); - } - - // Get the header field - String headerField = OAuthUtils.getAuthHeaderField(authzHeader); - if (OAuthUtils.isEmpty(headerField)) { - throw OAuthProblemException - .error(OAuthError.TokenResponse.INVALID_REQUEST, "Missing required parameter."); - } - - // Check if this OAuth 1.0 or OAuth 2.0 - Map values = OAuthUtils.decodeOAuthHeader(authzHeader); - String oauthVersionDiff = values.get(OAuth.OAUTH_VERSION_DIFFER); - if (!OAuthUtils.isEmpty(oauthVersionDiff)) { - throw OAuthProblemException - .error(OAuthError.TokenResponse.INVALID_REQUEST, - "Incorrect OAuth version. Found OAuth V1.0."); - } - } -} Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/QueryOAuthValidator.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/QueryOAuthValidator.java?rev=1295509&r1=1295508&r2=1295509&view=diff ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/QueryOAuthValidator.java (original) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/validator/QueryOAuthValidator.java Thu Mar 1 10:59:40 2012 @@ -1,72 +0,0 @@ -/** - * Copyright 2010 Newcastle University - * - * http://research.ncl.ac.uk/smart/ - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.amber.oauth2.rs.validator; - -import javax.servlet.http.HttpServletRequest; - -import org.apache.amber.oauth2.common.OAuth; -import org.apache.amber.oauth2.common.error.OAuthError; -import org.apache.amber.oauth2.common.exception.OAuthProblemException; -import org.apache.amber.oauth2.common.utils.OAuthUtils; -import org.apache.amber.oauth2.common.validators.AbstractValidator; - - -/** - * @author Maciej Machulak (m.p.machulak@ncl.ac.uk) - * @author Lukasz Moren (lukasz.moren@ncl.ac.uk) - * @author Aad van Moorsel (aad.vanmoorsel@ncl.ac.uk) - */ -public class QueryOAuthValidator extends AbstractValidator { - - @Override - public void validateContentType(HttpServletRequest request) throws OAuthProblemException { - } - - @Override - public void validateMethod(HttpServletRequest request) throws OAuthProblemException { - } - - @Override - public void validateRequiredParameters(HttpServletRequest request) throws OAuthProblemException { - - - String[] tokens = request.getParameterValues(OAuth.OAUTH_BEARER_TOKEN); - if (OAuthUtils.hasEmptyValues(tokens)) { - tokens = request.getParameterValues(OAuth.OAUTH_TOKEN); - if (OAuthUtils.hasEmptyValues(tokens)) { - throw OAuthProblemException.error(null, "Missing OAuth token."); - } - } - - if (tokens != null && tokens.length > 1) { - throw OAuthProblemException - .error(OAuthError.TokenResponse.INVALID_REQUEST, "Multiple tokens attached."); - } - - String oauthVersionDiff = request.getParameter(OAuth.OAUTH_VERSION_DIFFER); - if (!OAuthUtils.isEmpty(oauthVersionDiff)) { - throw OAuthProblemException - .error(OAuthError.TokenResponse.INVALID_REQUEST, - "Incorrect OAuth version. Found OAuth V1.0."); - } - } -} Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/BodyTokenExtractorTest.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/BodyTokenExtractorTest.java?rev=1295509&r1=1295508&r2=1295509&view=diff ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/BodyTokenExtractorTest.java (original) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/BodyTokenExtractorTest.java Thu Mar 1 10:59:40 2012 @@ -47,7 +47,7 @@ public class BodyTokenExtractorTest { HttpServletRequest request = createStrictMock(HttpServletRequest.class); expect(request.getParameter(OAuth.OAUTH_BEARER_TOKEN)).andStubReturn("sometoken"); replay(request); - BodyTokenExtractor bte = new BodyTokenExtractor(); + BearerBodyTokenExtractor bte = new BearerBodyTokenExtractor(); Assert.assertEquals("sometoken", bte.getAccessToken(request)); verify(request); } @@ -59,7 +59,7 @@ public class BodyTokenExtractorTest { expect(request.getParameter(OAuth.OAUTH_BEARER_TOKEN)).andStubReturn(null); expect(request.getParameter(OAuth.OAUTH_TOKEN)).andStubReturn(null); replay(request); - BodyTokenExtractor bte = new BodyTokenExtractor(); + BearerBodyTokenExtractor bte = new BearerBodyTokenExtractor(); Assert.assertNull(bte.getAccessToken(request)); verify(request); } Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/HeaderTokenExtractorTest.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/HeaderTokenExtractorTest.java?rev=1295509&r1=1295508&r2=1295509&view=diff ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/HeaderTokenExtractorTest.java (original) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/HeaderTokenExtractorTest.java Thu Mar 1 10:59:40 2012 @@ -26,7 +26,7 @@ import javax.servlet.http.HttpServletReq import junit.framework.Assert; import org.apache.amber.oauth2.common.OAuth; -import org.apache.amber.oauth2.rs.extractor.HeaderTokenExtractor; +import org.apache.amber.oauth2.rs.extractor.BearerHeaderTokenExtractor; import org.junit.Test; import static org.easymock.EasyMock.createStrictMock; @@ -48,7 +48,7 @@ public class HeaderTokenExtractorTest { HttpServletRequest request = createStrictMock(HttpServletRequest.class); expect(request.getHeader(OAuth.HeaderType.AUTHORIZATION)).andStubReturn("Bearer sometoken"); replay(request); - HeaderTokenExtractor hte = new HeaderTokenExtractor(); + BearerHeaderTokenExtractor hte = new BearerHeaderTokenExtractor(); Assert.assertEquals("sometoken", hte.getAccessToken(request)); verify(request); } @@ -59,7 +59,7 @@ public class HeaderTokenExtractorTest { HttpServletRequest request = createStrictMock(HttpServletRequest.class); expect(request.getHeader(OAuth.HeaderType.AUTHORIZATION)).andStubReturn(null); replay(request); - HeaderTokenExtractor hte = new HeaderTokenExtractor(); + BearerHeaderTokenExtractor hte = new BearerHeaderTokenExtractor(); Assert.assertNull(hte.getAccessToken(request)); verify(request); } Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java?rev=1295509&r1=1295508&r2=1295509&view=diff ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java (original) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/extractor/QueryTokenExtractorTest.java Thu Mar 1 10:59:40 2012 @@ -47,7 +47,7 @@ public class QueryTokenExtractorTest { HttpServletRequest request = createStrictMock(HttpServletRequest.class); expect(request.getParameter(OAuth.OAUTH_BEARER_TOKEN)).andStubReturn("sometoken"); replay(request); - QueryTokenExtractor qte = new QueryTokenExtractor(); + BearerQueryTokenExtractor qte = new BearerQueryTokenExtractor(); Assert.assertEquals("sometoken", qte.getAccessToken(request)); verify(request); @@ -60,7 +60,7 @@ public class QueryTokenExtractorTest { expect(request.getParameter(OAuth.OAUTH_TOKEN)).andStubReturn(null); expect(request.getParameter(OAuth.OAUTH_BEARER_TOKEN)).andStubReturn(null); replay(request); - QueryTokenExtractor qte = new QueryTokenExtractor(); + BearerQueryTokenExtractor qte = new BearerQueryTokenExtractor(); Assert.assertNull(qte.getAccessToken(request)); verify(request); Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/BodyOAuthValidatorTest.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/BodyOAuthValidatorTest.java?rev=1295509&r1=1295508&r2=1295509&view=diff ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/BodyOAuthValidatorTest.java (original) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/BodyOAuthValidatorTest.java Thu Mar 1 10:59:40 2012 @@ -50,7 +50,7 @@ public class BodyOAuthValidatorTest { expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED); replay(request); try { - BodyOAuthValidator bov = new BodyOAuthValidator(); + BearerBodyOAuthValidator bov = new BearerBodyOAuthValidator(); bov.performAllValidations(request); Assert.fail("Exception not thrown."); } catch (OAuthProblemException e) { @@ -67,7 +67,7 @@ public class BodyOAuthValidatorTest { expect(request.getContentType()).andStubReturn("multipart/form-data"); replay(request); try { - BodyOAuthValidator bov = new BodyOAuthValidator(); + BearerBodyOAuthValidator bov = new BearerBodyOAuthValidator(); bov.performAllValidations(request); Assert.fail("Exception not thrown."); } catch (OAuthProblemException e) { @@ -84,7 +84,7 @@ public class BodyOAuthValidatorTest { expect(request.getContentType()).andStubReturn(OAuth.ContentType.JSON); replay(request); try { - BodyOAuthValidator bov = new BodyOAuthValidator(); + BearerBodyOAuthValidator bov = new BearerBodyOAuthValidator(); bov.performAllValidations(request); Assert.fail("Exception not thrown."); } catch (OAuthProblemException e) { @@ -103,7 +103,7 @@ public class BodyOAuthValidatorTest { expect(request.getParameterValues(OAuth.OAUTH_BEARER_TOKEN)).andStubReturn(new String[] {"access_token"}); replay(request); try { - BodyOAuthValidator bov = new BodyOAuthValidator(); + BearerBodyOAuthValidator bov = new BearerBodyOAuthValidator(); bov.performAllValidations(request); Assert.fail("Exception not thrown."); } catch (OAuthProblemException e) { @@ -123,7 +123,7 @@ public class BodyOAuthValidatorTest { expect(request.getParameterValues(OAuth.OAUTH_TOKEN)).andStubReturn(null); replay(request); try { - BodyOAuthValidator bov = new BodyOAuthValidator(); + BearerBodyOAuthValidator bov = new BearerBodyOAuthValidator(); bov.performAllValidations(request); Assert.fail("Exception not thrown."); } catch (OAuthProblemException e) { @@ -143,7 +143,7 @@ public class BodyOAuthValidatorTest { .andStubReturn(new String[] {"access_token1", "access_token2"}); replay(request); try { - BodyOAuthValidator bov = new BodyOAuthValidator(); + BearerBodyOAuthValidator bov = new BearerBodyOAuthValidator(); bov.performAllValidations(request); Assert.fail("Exception not thrown."); } catch (OAuthProblemException e) { @@ -161,7 +161,7 @@ public class BodyOAuthValidatorTest { expect(request.getParameter(OAuth.OAUTH_VERSION_DIFFER)).andStubReturn(null); expect(request.getParameterValues(OAuth.OAUTH_BEARER_TOKEN)).andStubReturn(new String[] {"access_token"}); replay(request); - BodyOAuthValidator bov = new BodyOAuthValidator(); + BearerBodyOAuthValidator bov = new BearerBodyOAuthValidator(); bov.performAllValidations(request); verify(request); } Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/HeaderOAuthValidatorTest.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/HeaderOAuthValidatorTest.java?rev=1295509&r1=1295508&r2=1295509&view=diff ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/HeaderOAuthValidatorTest.java (original) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/HeaderOAuthValidatorTest.java Thu Mar 1 10:59:40 2012 @@ -28,7 +28,7 @@ import junit.framework.Assert; import org.apache.amber.oauth2.common.OAuth; import org.apache.amber.oauth2.common.error.OAuthError; import org.apache.amber.oauth2.common.exception.OAuthProblemException; -import org.apache.amber.oauth2.rs.validator.HeaderOAuthValidator; +import org.apache.amber.oauth2.rs.validator.BearerHeaderOAuthValidator; import org.junit.Test; import org.apache.amber.oauth2.common.utils.OAuthUtils; @@ -52,7 +52,7 @@ public class HeaderOAuthValidatorTest { expect(request.getHeader(OAuth.HeaderType.AUTHORIZATION)).andStubReturn(null); replay(request); try { - HeaderOAuthValidator bov = new HeaderOAuthValidator(); + BearerHeaderOAuthValidator bov = new BearerHeaderOAuthValidator(); bov.performAllValidations(request); Assert.fail("Exception not thrown."); } catch (OAuthProblemException e) { @@ -70,7 +70,7 @@ public class HeaderOAuthValidatorTest { expect(request.getHeader(OAuth.HeaderType.AUTHORIZATION)).andStubReturn("Basic arawersadf"); replay(request); try { - HeaderOAuthValidator bov = new HeaderOAuthValidator(); + BearerHeaderOAuthValidator bov = new BearerHeaderOAuthValidator(); bov.performAllValidations(request); Assert.fail("Exception not thrown."); } catch (OAuthProblemException e) { @@ -89,7 +89,7 @@ public class HeaderOAuthValidatorTest { expect(request.getHeader(OAuth.HeaderType.AUTHORIZATION)).andStubReturn("Bearer "); replay(request); try { - HeaderOAuthValidator bov = new HeaderOAuthValidator(); + BearerHeaderOAuthValidator bov = new BearerHeaderOAuthValidator(); bov.performAllValidations(request); Assert.fail("Exception not thrown."); } catch (OAuthProblemException e) { @@ -109,7 +109,7 @@ public class HeaderOAuthValidatorTest { .andStubReturn("Bearer sdfsadfsadf,oauth_signature_method=\"HMAC-SHA1\""); replay(request); try { - HeaderOAuthValidator bov = new HeaderOAuthValidator(); + BearerHeaderOAuthValidator bov = new BearerHeaderOAuthValidator(); bov.performAllValidations(request); Assert.fail("Exception not thrown."); } catch (OAuthProblemException e) { @@ -125,7 +125,7 @@ public class HeaderOAuthValidatorTest { HttpServletRequest request = createMock(HttpServletRequest.class); expect(request.getHeader(OAuth.HeaderType.AUTHORIZATION)).andStubReturn("Bearer sdfsadfsadf"); replay(request); - HeaderOAuthValidator bov = new HeaderOAuthValidator(); + BearerHeaderOAuthValidator bov = new BearerHeaderOAuthValidator(); bov.performAllValidations(request); verify(request); Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/QueryOAuthValidatorTest.java URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/QueryOAuthValidatorTest.java?rev=1295509&r1=1295508&r2=1295509&view=diff ============================================================================== --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/QueryOAuthValidatorTest.java (original) +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/test/java/org/apache/amber/oauth2/rs/validator/QueryOAuthValidatorTest.java Thu Mar 1 10:59:40 2012 @@ -52,7 +52,7 @@ public class QueryOAuthValidatorTest { expect(request.getParameterValues(OAuth.OAUTH_BEARER_TOKEN)).andStubReturn(new String[] {"access_token"}); replay(request); try { - QueryOAuthValidator qov = new QueryOAuthValidator(); + BearerQueryOAuthValidator qov = new BearerQueryOAuthValidator(); qov.performAllValidations(request); Assert.fail("Exception not thrown."); } catch (OAuthProblemException e) { @@ -72,7 +72,7 @@ public class QueryOAuthValidatorTest { expect(request.getParameterValues(OAuth.OAUTH_TOKEN)).andStubReturn(null); replay(request); try { - QueryOAuthValidator qov = new QueryOAuthValidator(); + BearerQueryOAuthValidator qov = new BearerQueryOAuthValidator(); qov.performAllValidations(request); Assert.fail("Exception not thrown."); } catch (OAuthProblemException e) { @@ -92,7 +92,7 @@ public class QueryOAuthValidatorTest { .andStubReturn(new String[] {"access_token1", "access_token2"}); replay(request); try { - QueryOAuthValidator qov = new QueryOAuthValidator(); + BearerQueryOAuthValidator qov = new BearerQueryOAuthValidator(); qov.performAllValidations(request); Assert.fail("Exception not thrown."); } catch (OAuthProblemException e) { @@ -110,7 +110,7 @@ public class QueryOAuthValidatorTest { expect(request.getParameter(OAuth.OAUTH_VERSION_DIFFER)).andStubReturn(null); expect(request.getParameterValues(OAuth.OAUTH_BEARER_TOKEN)).andStubReturn(new String[] {"access_token1"}); replay(request); - QueryOAuthValidator qov = new QueryOAuthValidator(); + BearerQueryOAuthValidator qov = new BearerQueryOAuthValidator(); qov.performAllValidations(request); verify(request);