shindig-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin Brown" <e...@google.com>
Subject Re: svn commit: r690827 - in /incubator/shindig/trunk/java: common/src/main/java/org/apache/shindig/common/util/ common/src/test/java/org/apache/shindig/common/util/ gadgets/src/main/java/org/apache/shindig/gadgets/http/ gadgets/src/main/java/org/apa
Date Mon, 01 Sep 2008 00:33:45 GMT
On Sun, Aug 31, 2008 at 5:03 PM, <beaton@apache.org> wrote:

> Author: beaton
> Date: Sun Aug 31 17:03:09 2008
> New Revision: 690827
>
> URL: http://svn.apache.org/viewvc?rev=690827&view=rev
> Log:
> Add test coverage for OAuth data in post bodies and authz headers.  This
> turned up an interesting corner case in the OAuth spec: what are we
> supposed to do with service providers who ask for OAuth data in POST
> bodies when the request we're sending is a GET?  I decided to deal with
> this by sticking the data in the authorization header, since that stands
> some chance of working.
>
>
> Added:
>
>  incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java
>
>  incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java
> Modified:
>
>  incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java
>
>  incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java
>
>  incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
>
>  incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java
>
>  incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java
>
>  incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java
>
>  incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
>
> Added:
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java?rev=690827&view=auto
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java
> (added)
> +++
> incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java
> Sun Aug 31 17:03:09 2008
> @@ -0,0 +1,52 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements.  See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership.  The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License.  You may obtain a copy of the License at
> + *
> + *   http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied.  See the License for the
> + * specific language governing permissions and limitations
> + * under the License.
> + */
> +
> +package org.apache.shindig.common.util;
> +
> +import org.apache.commons.lang.ArrayUtils;
> +
> +import java.nio.ByteBuffer;
> +import java.nio.charset.Charset;
> +import java.util.Arrays;
> +
> +/**
> + * Utilities for dealing with character set encoding.
> + */
> +public class CharsetUtil {
> +
> +  /**
> +   * UTF-8 Charset.
> +   */
> +  public static final Charset UTF8;
> +
> +  static {
> +    UTF8 = Charset.forName("UTF-8");
> +  }


This won't run on a 1.5 JRE.


>
> +
> +  /**
> +   * @return UTF-8 byte array for the input string.
> +   */
> +  public static byte[] getUtf8Bytes(String s) {
> +    if (s == null) {
> +      return ArrayUtils.EMPTY_BYTE_ARRAY;
> +    }
> +    ByteBuffer bb = UTF8.encode(s);
> +    return Arrays.copyOf(bb.array(), bb.limit());
> +  }
> +}
>
> Added:
> incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java?rev=690827&view=auto
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java
> (added)
> +++
> incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java
> Sun Aug 31 17:03:09 2008
> @@ -0,0 +1,69 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements.  See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership.  The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License.  You may obtain a copy of the License at
> + *
> + *   http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied.  See the License for the
> + * specific language governing permissions and limitations
> + * under the License.
> + */
> +
> +package org.apache.shindig.common.util;
> +
> +import static org.junit.Assert.assertEquals;
> +
> +import org.junit.Test;
> +
> +import junitx.framework.ArrayAssert;
> +
> +/**
> + * Tests for CharsetUtil.
> + */
> +public class CharsetUtilTest {
> +
> +  @Test
> +  public void testGetUtf8String() {
> +    ArrayAssert.assertEquals(new byte[] { 0x69, 0x6e },
> CharsetUtil.getUtf8Bytes("in"));
> +    ArrayAssert.assertEquals(new byte[] {},
> CharsetUtil.getUtf8Bytes(null));
> +    testStringOfLength(0);
> +    testStringOfLength(10);
> +    testStringOfLength(100);
> +    testStringOfLength(1000);
> +  }
> +
> +  private void testStringOfLength(int len) {
> +    StringBuilder sb = new StringBuilder();
> +    for (int i=0; i < len; ++i) {
> +      sb.append('a');
> +    }
> +    byte[] out = CharsetUtil.getUtf8Bytes(sb.toString());
> +    assertEquals(len, out.length);
> +    for (int i=0; i < len; ++i) {
> +      assertEquals('a', out[i]);
> +    }
> +  }
> +
> +
> +  private static final byte[] LATIN1_UTF8_DATA = new byte[] {
> +    'G', 'a', 'm', 'e', 's', ',', ' ', 'H', 'Q', ',', ' ', 'M', 'a', 'n',
> 'g', (byte)0xC3,
> +    (byte) 0xA1, ',', ' ', 'A', 'n', 'i', 'm', 'e', ' ', 'e', ' ', 't',
> 'u', 'd', 'o', ' ',
> +    'q', 'u', 'e', ' ', 'u', 'm', ' ', 'b', 'o', 'm', ' ', 'n', 'e', 'r',
> 'd', ' ', 'a', 'm', 'a'
> +  };
> +
> +  private static final String LATIN1_STRING
> +      = "Games, HQ, Mang\u00E1, Anime e tudo que um bom nerd ama";
> +
> +  @Test
> +  public void testLatin1() {
> +    ArrayAssert.assertEquals(LATIN1_UTF8_DATA,
> CharsetUtil.getUtf8Bytes(LATIN1_STRING));
> +  }
> +}
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java
> Sun Aug 31 17:03:09 2008
> @@ -25,12 +25,10 @@\ import com.ibm.icu.text.CharsetDetector;
>  import com.ibm.icu.text.CharsetMatch;
>
> -import org.apache.commons.lang.ArrayUtils;
>  import org.apache.shindig.common.util.DateUtil;
>
>  import java.io.ByteArrayInputStream;
>  import java.io.InputStream;
> -import java.io.UnsupportedEncodingException;
>  import java.nio.ByteBuffer;
>  import java.nio.charset.Charset;
>  import java.util.Arrays;
> @@ -124,18 +122,7 @@
>   private HttpResponse(int httpStatusCode, String body) {
>     this(new HttpResponseBuilder()
>       .setHttpStatusCode(httpStatusCode)
> -      .setResponse(getUtf8Bytes(body)));
> -  }
> -
> -  private static byte[] getUtf8Bytes(String body) {
> -    try {
> -      if (body == null) {
> -        return ArrayUtils.EMPTY_BYTE_ARRAY;
> -      }
> -      return body.getBytes(DEFAULT_ENCODING);
> -    } catch (UnsupportedEncodingException e) {
> -      throw new RuntimeException(e);
> -    }
> +      .setResponseString(body));
>   }
>
>   public HttpResponse(String body) {
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java
> Sun Aug 31 17:03:09 2008
> @@ -19,6 +19,7 @@
>
>  import com.google.common.collect.*;
>  import org.apache.commons.lang.ArrayUtils;
> +import org.apache.shindig.common.util.CharsetUtil;
>  import org.apache.shindig.common.util.DateUtil;
>
>  import java.util.*;
> @@ -59,6 +60,14 @@
>     return new HttpResponse(this);
>   }
>
> +  /**
> +   * @param responseString The response string.  Converted to UTF-8 bytes
> and copied when set.
> +   */
> +  public HttpResponseBuilder setResponseString(String body) {
> +    responseBytes = CharsetUtil.getUtf8Bytes(body);
> +    return this;
> +  }
> +
>   /**
>    * @param responseBytes The response body. Copied when set.
>    */
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java
> Sun Aug 31 17:03:09 2008
> @@ -25,6 +25,7 @@
>  import org.apache.shindig.gadgets.http.HttpRequest;
>  import org.apache.shindig.gadgets.http.HttpResponse;
>  import org.apache.shindig.gadgets.http.HttpResponseBuilder;
> +import org.apache.shindig.gadgets.oauth.OAuthStore.OAuthParamLocation;
>
>  import net.oauth.OAuth;
>  import net.oauth.OAuthAccessor;
> @@ -376,6 +377,16 @@
>     // paramLocation could be overriden by a run-time parameter to
> fetchRequest
>
>     HttpRequest result = new HttpRequest(base);
> +
> +    // If someone specifies that OAuth parameters go in the body, but then
> sends a request for
> +    // data using GET, we've got a choice.  We can throw some type of
> error, since a GET request
> +    // can't have a body, or we can stick the parameters somewhere else,
> like, say, the header.
> +    // We opt to put them in the header, since that stands some chance of
> working with some
> +    // OAuth service providers.
> +    if (paramLocation == OAuthStore.OAuthParamLocation.POST_BODY &&
> +        !result.getMethod().equals("POST")) {
> +      paramLocation = OAuthStore.OAuthParamLocation.AUTH_HEADER;
> +    }
>
>     switch (paramLocation) {
>       case AUTH_HEADER:
> @@ -413,6 +424,11 @@
>     HttpRequest req = new HttpRequest(Uri.parse(request.URL))
>         .setMethod(request.method)
>         .setIgnoreCache(true);
> +
> +    // Per section 5.2 of OAuth spec
> +    if (accessorInfo.paramLocation == OAuthParamLocation.POST_BODY) {
> +      req.setHeader("Content-Type", "application/x-www-form-urlencoded");
> +    }
>
>     HttpRequest oauthRequest = createHttpRequest(req,
> filterOAuthParams(request));
>
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java
> Sun Aug 31 17:03:09 2008
> @@ -37,12 +37,23 @@
>
>   public GadgetSpec getGadgetSpec(URI gadgetUri, boolean ignoreCache)
>       throws GadgetException {
> -    if (gadgetUri.toString().contains("nokey")) {
> -      String nokeySpec = GadgetTokenStoreTest.GADGET_SPEC.replace(
> -          SERVICE_NAME, SERVICE_NAME_NO_KEY);
> +    String gadget = gadgetUri.toString();
> +    String baseSpec = GadgetTokenStoreTest.GADGET_SPEC;
> +    if (gadget.contains("nokey")) {
> +      // For testing key lookup failures
> +      String nokeySpec = baseSpec.replace(SERVICE_NAME,
> SERVICE_NAME_NO_KEY);
>       return new GadgetSpec(gadgetUri, nokeySpec);
> +    } else if (gadget.contains("header")) {
> +      // For testing oauth data in header
> +      String headerSpec = baseSpec.replace("uri-query", "auth-header");
> +      return new GadgetSpec(gadgetUri, headerSpec);
> +    } else if (gadget.contains("body")) {
> +      // For testing oauth data in body
> +      String bodySpec = baseSpec.replace("uri-query", "post-body");
> +      bodySpec = bodySpec.replace("'GET'", "'POST'");
> +      return new GadgetSpec(gadgetUri, bodySpec);
>     } else {
> -      return new GadgetSpec(gadgetUri, GadgetTokenStoreTest.GADGET_SPEC);
> +      return new GadgetSpec(gadgetUri, baseSpec);
>     }
>   }
>  }
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java
> Sun Aug 31 17:03:09 2008
> @@ -123,4 +123,11 @@
>   }
>
>
> +  @Test
> +  public void setResponseString() {
> +    HttpResponse resp = new HttpResponseBuilder()
> +        .setResponseString("foo")
> +        .create();
> +    assertEquals("foo", resp.getResponseAsString());
> +  }
>  }
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java
> Sun Aug 31 17:03:09 2008
> @@ -24,20 +24,28 @@
>  import net.oauth.OAuthServiceProvider;
>  import net.oauth.OAuthValidator;
>  import net.oauth.SimpleOAuthValidator;
> +
>  import org.apache.shindig.common.crypto.Crypto;
>  import org.apache.shindig.gadgets.GadgetException;
>  import org.apache.shindig.gadgets.http.HttpFetcher;
>  import org.apache.shindig.gadgets.http.HttpRequest;
>  import org.apache.shindig.gadgets.http.HttpResponse;
>  import org.apache.shindig.gadgets.http.HttpResponseBuilder;
> +import org.apache.shindig.gadgets.oauth.OAuthStore.OAuthParamLocation;
>
>  import java.io.IOException;
>  import java.util.ArrayList;
>  import java.util.HashMap;
> +import java.util.HashSet;
>  import java.util.List;
> +import java.util.Set;
>
>  public class FakeOAuthServiceProvider implements HttpFetcher {
>
> +  public static final String BODY_ECHO_HEADER = "X-Echoed-Body";
> +
> +  public static final String AUTHZ_ECHO_HEADER = "X-Echoed-Authz";
> +
>   public final static String SP_HOST = "http://www.example.com";
>
>   public final static String REQUEST_TOKEN_URL =
> @@ -115,6 +123,8 @@
>
>   private int resourceAccessCount = 0;
>
> +  private Set<OAuthParamLocation> validParamLocations;
> +
>   public FakeOAuthServiceProvider() {
>     OAuthServiceProvider provider = new OAuthServiceProvider(
>         REQUEST_TOKEN_URL, APPROVAL_URL, ACCESS_TOKEN_URL);
> @@ -123,11 +133,26 @@
>     tokenState = new HashMap<String, TokenState>();
>     validator = new SimpleOAuthValidator();
>     vagueErrors = false;
> +    validParamLocations = new HashSet<OAuthParamLocation>();
> +    validParamLocations.add(OAuthParamLocation.URI_QUERY);
>   }
>
>   public void setVagueErrors(boolean vagueErrors) {
>     this.vagueErrors = vagueErrors;
>   }
> +
> +  public void addParamLocation(OAuthParamLocation paramLocation) {
> +    validParamLocations.add(paramLocation);
> +  }
> +
> +  public void removeParamLocation(OAuthParamLocation paramLocation) {
> +    validParamLocations.remove(paramLocation);
> +  }
> +
> +  public void setParamLocation(OAuthParamLocation paramLocation) {
> +    validParamLocations.clear();
> +    validParamLocations.add(paramLocation);
> +  }
>
>   @SuppressWarnings("unused")
>   public HttpResponse fetch(HttpRequest request)
> @@ -156,7 +181,7 @@
>
>   private HttpResponse handleRequestTokenUrl(HttpRequest request)
>       throws Exception {
> -    OAuthMessage message = parseMessage(request);
> +    OAuthMessage message = parseMessage(request).message;
>     String requestConsumer =
> message.getParameter(OAuth.OAUTH_CONSUMER_KEY);
>     if (!CONSUMER_KEY.equals(requestConsumer)) {
>       return makeOAuthProblemReport(
> @@ -197,23 +222,61 @@
>
>   // Loosely based off net.oauth.OAuthServlet, and even more loosely
> related
>   // to the OAuth specification
> -  private OAuthMessage parseMessage(HttpRequest request) {
> +  private MessageInfo parseMessage(HttpRequest request) {
> +    MessageInfo info = new MessageInfo();
>     String method = request.getMethod();
> -    if (!method.equals("GET")) {
> -      throw new RuntimeException("Only GET supported for now");
> -    }
> -    ParsedUrl url = new ParsedUrl(request.getUri().toString());
> +    ParsedUrl parsed = new ParsedUrl(request.getUri().toString());
> +
>     List<OAuth.Parameter> params = new ArrayList<OAuth.Parameter>();
> -    params.addAll(url.getParsedQuery());
> -    String aznHeader = request.getHeader("Authorization");
> -    if (aznHeader != null) {
> -      for (OAuth.Parameter p :
> OAuthMessage.decodeAuthorization(aznHeader)) {
> -        if (!p.getKey().equalsIgnoreCase("realm")) {
> -          params.add(p);
> +    params.addAll(parsed.getParsedQuery());
> +
> +    if (!validParamLocations.contains(OAuthParamLocation.URI_QUERY)) {
> +      // Make sure nothing OAuth related ended up in the query string
> +      for (OAuth.Parameter p : params) {
> +        if (p.getKey().contains("oauth_")) {
> +          throw new RuntimeException("Found unexpected query param " +
> p.getKey());
> +        }
> +      }
> +    }
> +
> +    // Parse authorization header
> +    if (validParamLocations.contains(OAuthParamLocation.AUTH_HEADER)) {
> +      String aznHeader = request.getHeader("Authorization");
> +      if (aznHeader != null) {
> +        info.aznHeader = aznHeader;
> +        for (OAuth.Parameter p :
> OAuthMessage.decodeAuthorization(aznHeader)) {
> +          if (!p.getKey().equalsIgnoreCase("realm")) {
> +            params.add(p);
> +          }
>         }
>       }
>     }
> -    return new OAuthMessage(method, url.getLocation(), params);
> +
> +    // Parse body
> +    if (validParamLocations.contains(OAuthParamLocation.POST_BODY)) {
> +      String body = request.getPostBodyAsString();
> +      if (request.getMethod().equals("POST")) {
> +        String type = request.getHeader("Content-Type");
> +        if (!"application/x-www-form-urlencoded".equals(type)) {
> +          throw new RuntimeException("Wrong content-type header: " +
> type);
> +        }
> +        info.body = body;
> +        params.addAll(OAuth.decodeForm(request.getPostBodyAsString()));
> +      }
> +    }
> +
> +    // Return the lot
> +    info.message = new OAuthMessage(method, parsed.getLocation(), params);
> +    return info;
> +  }
> +
> +  /**
> +   * Bundles information about a received OAuthMessage.
> +   */
> +  private static class MessageInfo {
> +    public OAuthMessage message;
> +    public String aznHeader;
> +    public String body;
>   }
>
>   /**
> @@ -316,7 +379,7 @@
>
>   private HttpResponse handleAccessTokenUrl(HttpRequest request)
>       throws Exception {
> -    OAuthMessage message = parseMessage(request);
> +    OAuthMessage message = parseMessage(request).message;
>     String requestToken = message.getParameter("oauth_token");
>     TokenState state = tokenState.get(requestToken);
>     if (throttled) {
> @@ -345,8 +408,8 @@
>
>   private HttpResponse handleResourceUrl(HttpRequest request)
>       throws Exception {
> -    OAuthMessage message = parseMessage(request);
> -    String accessToken = message.getParameter("oauth_token");
> +    MessageInfo info = parseMessage(request);
> +    String accessToken = info.message.getParameter("oauth_token");
>     TokenState state = tokenState.get(accessToken);
>     if (throttled) {
>       return makeOAuthProblemReport(
> @@ -363,8 +426,17 @@
>     OAuthAccessor accessor = new OAuthAccessor(consumer);
>     accessor.accessToken = accessToken;
>     accessor.tokenSecret = state.getSecret();
> -    message.validateMessage(accessor, validator);
> -    return new HttpResponse("User data is " + state.getUserData());
> +    info.message.validateMessage(accessor, validator);
> +    HttpResponseBuilder resp = new HttpResponseBuilder()
> +        .setHttpStatusCode(HttpResponse.SC_OK)
> +        .setResponseString("User data is " + state.getUserData());
> +    if (info.aznHeader != null) {
> +      resp.setHeader(AUTHZ_ECHO_HEADER, info.aznHeader);
> +    }
> +    if (info.body != null) {
> +      resp.setHeader(BODY_ECHO_HEADER, info.body);
> +    }
> +    return resp.create();
>   }
>
>   public void setConsumersThrottled(boolean throttled) {
>
> Modified:
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java?rev=690827&r1=690826&r2=690827&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
> (original)
> +++
> incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java
> Sun Aug 31 17:03:09 2008
> @@ -20,12 +20,14 @@
>  import static org.junit.Assert.assertEquals;
>  import static org.junit.Assert.assertNotNull;
>  import static org.junit.Assert.assertNull;
> +import static org.junit.Assert.assertTrue;
>
>  import org.apache.shindig.auth.BasicSecurityToken;
>  import org.apache.shindig.auth.SecurityToken;
>  import org.apache.shindig.common.cache.DefaultCacheProvider;
>  import org.apache.shindig.common.crypto.BasicBlobCrypter;
>  import org.apache.shindig.common.uri.Uri;
> +import org.apache.shindig.common.util.CharsetUtil;
>  import org.apache.shindig.gadgets.FakeGadgetSpecFactory;
>  import org.apache.shindig.gadgets.GadgetException;
>  import org.apache.shindig.gadgets.http.BasicHttpCache;
> @@ -33,6 +35,7 @@
>  import org.apache.shindig.gadgets.http.HttpRequest;
>  import org.apache.shindig.gadgets.http.HttpResponse;
>  import
> org.apache.shindig.gadgets.oauth.FakeOAuthServiceProvider.TokenPair;
> +import org.apache.shindig.gadgets.oauth.OAuthStore.OAuthParamLocation;
>
>  import org.junit.After;
>  import org.junit.Before;
> @@ -53,6 +56,8 @@
>
>   public static final String GADGET_URL = "
> http://www.example.com/gadget.xml";
>   public static final String GADGET_URL_NO_KEY = "
> http://www.example.com/nokey.xml";
> +  public static final String GADGET_URL_HEADER = "
> http://www.example.com/header.xml";
> +  public static final String GADGET_URL_BODY = "
> http://www.example.com/body.xml";
>
>   @Before
>   public void setUp() throws Exception {
> @@ -70,6 +75,8 @@
>     BasicOAuthStore base = new BasicOAuthStore();
>     addValidConsumer(base);
>     addInvalidConsumer(base);
> +    addAuthHeaderConsumer(base);
> +    addBodyConsumer(base);
>     BasicGadgetOAuthTokenStore store = new BasicGadgetOAuthTokenStore(base,
>         new FakeGadgetSpecFactory());
>     store.initFromConfigString("{}");
> @@ -92,6 +99,24 @@
>         FakeGadgetSpecFactory.SERVICE_NAME_NO_KEY,
>         "garbage_key", "garbage_secret");
>   }
> +
> +  private static void addAuthHeaderConsumer(BasicOAuthStore base) {
> +    addConsumer(
> +        base,
> +        GADGET_URL_HEADER,
> +        FakeGadgetSpecFactory.SERVICE_NAME,
> +        FakeOAuthServiceProvider.CONSUMER_KEY,
> +        FakeOAuthServiceProvider.CONSUMER_SECRET);
> +  }
> +
> +  private static void addBodyConsumer(BasicOAuthStore base) {
> +    addConsumer(
> +        base,
> +        GADGET_URL_BODY,
> +        FakeGadgetSpecFactory.SERVICE_NAME,
> +        FakeOAuthServiceProvider.CONSUMER_KEY,
> +        FakeOAuthServiceProvider.CONSUMER_SECRET);
> +  }
>
>   private static void addConsumer(
>       BasicOAuthStore base,
> @@ -110,19 +135,36 @@
>   }
>
>   /**
> -   * Builds a nicely populated gadget token.
> +   * Builds gadget token for testing a service with parameters in the
> query.
>    */
> -  public static SecurityToken getSecurityToken(String owner, String
> viewer) throws Exception {
> -    return new BasicSecurityToken(owner, viewer, "app", "container.com",
> -        GADGET_URL, "0");
> +  public static SecurityToken getNormalSecurityToken(String owner, String
> viewer) throws Exception {
> +    return getSecurityToken(owner, viewer, GADGET_URL);
>   }
>
>   /**
> -   * Builds a nicely populated gadget token.
> +   * Builds gadget token for testing services without a key.
>    */
>   public static SecurityToken getNokeySecurityToken(String owner, String
> viewer) throws Exception {
> -    return new BasicSecurityToken(owner, viewer, "app", "container.com",
> -        GADGET_URL_NO_KEY, "0");
> +    return getSecurityToken(owner, viewer, GADGET_URL_NO_KEY);
> +  }
> +
> +  /**
> +   * Builds gadget token for testing a service that wants parameters in a
> header.
> +   */
> +  public static SecurityToken getHeaderSecurityToken(String owner, String
> viewer) throws Exception {
> +    return getSecurityToken(owner, viewer, GADGET_URL_HEADER);
> +  }
> +
> +  /**
> +   * Builds gadget token for testing a service that wants parameters in
> the request body.
> +   */
> +  public static SecurityToken getBodySecurityToken(String owner, String
> viewer) throws Exception {
> +    return getSecurityToken(owner, viewer, GADGET_URL_BODY);
> +  }
> +
> +  public static SecurityToken getSecurityToken(String owner, String
> viewer, String gadget)
> +      throws Exception {
> +    return new BasicSecurityToken(owner, viewer, "app", "container.com",
> gadget, "0");
>   }
>
>   @After
> @@ -143,7 +185,7 @@
>     HttpResponse response;
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
> @@ -155,21 +197,22 @@
>     serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
>     assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> +
>  assertNull(response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER));
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "somebody else"),
> +        getNormalSecurityToken("owner", "somebody else"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
>     assertEquals("User data is hello-oauth",
> response.getResponseAsString());
>
>     fetcher = getFetcher(
> -        getSecurityToken("somebody else", "somebody else"),
> +        getNormalSecurityToken("somebody else", "somebody else"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
> @@ -181,12 +224,213 @@
>     serviceProvider.browserVisit(approvalUrl +
> "&user_data=somebody%20else");
>
>     fetcher = getFetcher(
> -        getSecurityToken("somebody else", "somebody else"),
> +        getNormalSecurityToken("somebody else", "somebody else"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
>     assertEquals("User data is somebody else",
> response.getResponseAsString());
>   }
> +
> +  @Test
> +  public void testParamsInHeader() throws Exception {
> +    HttpFetcher fetcher;
> +    HttpRequest request;
> +    HttpResponse response;
> +
> +    serviceProvider.setParamLocation(OAuthParamLocation.AUTH_HEADER);
> +
> +    fetcher = getFetcher(
> +        getHeaderSecurityToken("owner", "owner"),
> +        new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> +    request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +    response = fetcher.fetch(request);
> +    String clientState = response.getMetadata().get("oauthState");
> +    assertNotNull(clientState);
> +    String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> +    assertNotNull(approvalUrl);
> +
> +    serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
> +
> +    fetcher = getFetcher(
> +        getHeaderSecurityToken("owner", "owner"),
> +        new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> +    request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +    response = fetcher.fetch(request);
> +    assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> +
> +    String aznHeader =
> response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER);
> +    assertNotNull(aznHeader);
> +    assertTrue("azn header: " + aznHeader, aznHeader.indexOf("OAuth") !=
> -1);
> +  }
> +
> +  @Test
> +  public void testParamsInBody() throws Exception {
> +    HttpFetcher fetcher;
> +    HttpRequest request;
> +    HttpResponse response;
> +
> +    serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY);
> +
> +    fetcher = getFetcher(
> +        getBodySecurityToken("owner", "owner"),
> +        new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> +    request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +    response = fetcher.fetch(request);
> +    String clientState = response.getMetadata().get("oauthState");
> +    assertNotNull(clientState);
> +    String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> +    assertNotNull(approvalUrl);
> +
> +    serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
> +
> +    fetcher = getFetcher(
> +        getBodySecurityToken("owner", "owner"),
> +        new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> +    request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +    request.setHeader("content-type",
> "application/x-www-form-urlencoded");
> +    request.setMethod("POST");
> +    response = fetcher.fetch(request);
> +    assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> +
> +    String echoedBody =
> response.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER);
> +    assertNotNull(echoedBody);
> +    assertTrue("body: " + echoedBody,
> echoedBody.indexOf("oauth_consumer_key=") != -1);
> +  }
> +
> +  @Test
> +  public void testParamsInBody_withExtraParams() throws Exception {
> +    HttpFetcher fetcher;
> +    HttpRequest request;
> +    HttpResponse response;
> +
> +    serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY);
> +
> +    fetcher = getFetcher(
> +        getBodySecurityToken("owner", "owner"),
> +        new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> +    request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +    response = fetcher.fetch(request);
> +    String clientState = response.getMetadata().get("oauthState");
> +    assertNotNull(clientState);
> +    String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> +    assertNotNull(approvalUrl);
> +
> +    serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
> +
> +    fetcher = getFetcher(
> +        getBodySecurityToken("owner", "owner"),
> +        new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> +    request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +    request.setHeader("content-type",
> "application/x-www-form-urlencoded");
> +    request.setMethod("POST");
> +    request.setPostBody(CharsetUtil.getUtf8Bytes("foo=bar&foo=baz"));
> +    response = fetcher.fetch(request);
> +    assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> +
> +    String echoedBody =
> response.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER);
> +    assertNotNull(echoedBody);
> +    assertTrue("body: " + echoedBody,
> echoedBody.indexOf("oauth_consumer_key=") != -1);
> +    assertTrue("body: " + echoedBody,
> echoedBody.indexOf("foo=bar&foo=baz") != -1);
> +  }
> +
> +  @Test
> +  public void testParamsInBody_forGetRequest() throws Exception {
> +    HttpFetcher fetcher;
> +    HttpRequest request;
> +    HttpResponse response;
> +
> +    // We're sending a GET request with an auth-header, let the SP look in
> the header for the authz
> +    // params.
> +    serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY);
> +    serviceProvider.addParamLocation(OAuthParamLocation.AUTH_HEADER);
> +
> +    fetcher = getFetcher(
> +        getBodySecurityToken("owner", "owner"),
> +        new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> +    request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +    response = fetcher.fetch(request);
> +    String clientState = response.getMetadata().get("oauthState");
> +    assertNotNull(clientState);
> +    String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> +    assertNotNull(approvalUrl);
> +
> +    serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
> +
> +    fetcher = getFetcher(
> +        getBodySecurityToken("owner", "owner"),
> +        new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> +    request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +
> +    response = fetcher.fetch(request);
> +    assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> +
> +    String aznHeader =
> response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER);
> +    assertNotNull(aznHeader);
> +    assertTrue("azn header: " + aznHeader, aznHeader.indexOf("OAuth") !=
> -1);
> +  }
> +
> +  @Test
> +  public void testParamsInBody_forGetRequestStrictSp() throws Exception {
> +    HttpFetcher fetcher;
> +    HttpRequest request;
> +    HttpResponse response;
> +
> +    serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY);
> +
> +    fetcher = getFetcher(
> +        getBodySecurityToken("owner", "owner"),
> +        new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> +    request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +    response = fetcher.fetch(request);
> +    String clientState = response.getMetadata().get("oauthState");
> +    assertNotNull(clientState);
> +    String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> +    assertNotNull(approvalUrl);
> +
> +    serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
> +
> +    fetcher = getFetcher(
> +        getBodySecurityToken("owner", "owner"),
> +        new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> +    request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +
> +    // Failed because the SP doesn't accept authz headers
> +    response = fetcher.fetch(request);
> +    approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> +    assertNotNull(approvalUrl);
> +  }
> +
> +  @Test
> +  public void testPlainTextParams() throws Exception {
> +    HttpFetcher fetcher;
> +    HttpRequest request;
> +    HttpResponse response;
> +
> +    serviceProvider.setParamLocation(OAuthParamLocation.AUTH_HEADER);
> +
> +    fetcher = getFetcher(
> +        getHeaderSecurityToken("owner", "owner"),
> +        new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
> +    request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +    response = fetcher.fetch(request);
> +    String clientState = response.getMetadata().get("oauthState");
> +    assertNotNull(clientState);
> +    String approvalUrl = response.getMetadata().get("oauthApprovalUrl");
> +    assertNotNull(approvalUrl);
> +
> +    serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
> +
> +    fetcher = getFetcher(
> +        getHeaderSecurityToken("owner", "owner"),
> +        new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
> +    request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> +    response = fetcher.fetch(request);
> +    assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> +
> +    String aznHeader =
> response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER);
> +    assertNotNull(aznHeader);
> +    assertTrue("azn header: " + aznHeader, aznHeader.indexOf("OAuth") !=
> -1);
> +  }
>
>   @Test
>   public void testRevokedAccessToken() throws Exception {
> @@ -195,7 +439,7 @@
>     HttpResponse response;
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
> @@ -207,7 +451,7 @@
>     serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
> @@ -216,7 +460,7 @@
>     serviceProvider.revokeAllAccessTokens();
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     request.setIgnoreCache(true);
> @@ -229,7 +473,7 @@
>
>     serviceProvider.browserVisit(approvalUrl + "&user_data=reapproved");
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     request.setIgnoreCache(true);
> @@ -247,7 +491,7 @@
>     serviceProvider.setVagueErrors(true);
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
> @@ -259,7 +503,7 @@
>     serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
> @@ -268,7 +512,7 @@
>     serviceProvider.revokeAllAccessTokens();
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     request.setIgnoreCache(true);
> @@ -281,7 +525,7 @@
>
>     serviceProvider.browserVisit(approvalUrl + "&user_data=reapproved");
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     request.setIgnoreCache(true);
> @@ -339,7 +583,7 @@
>     assertEquals(0, serviceProvider.getResourceAccessCount());
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     request.setIgnoreCache(true);
> @@ -356,7 +600,7 @@
>     serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     request.setIgnoreCache(true);
> @@ -369,7 +613,7 @@
>     assertEquals(1, serviceProvider.getResourceAccessCount());
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     request.setIgnoreCache(true);
> @@ -384,7 +628,7 @@
>     serviceProvider.setConsumersThrottled(true);
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
>             false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> @@ -405,7 +649,7 @@
>     serviceProvider.setConsumersThrottled(false);
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
>             clientState, false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> @@ -427,7 +671,7 @@
>     HttpResponse response;
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments("nosuchservice", null, null, false));
>     request = new HttpRequest(
>         Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
> @@ -459,7 +703,7 @@
>         FakeGadgetSpecFactory.SERVICE_NAME, null, null, false,
> reqToken.token,
>             reqToken.secret);
>
> -    fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> +    fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
>
> @@ -472,7 +716,7 @@
>     assertEquals(1, serviceProvider.getAccessTokenCount());
>     assertEquals(1, serviceProvider.getResourceAccessCount());
>
> -    fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> +    fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     request.setIgnoreCache(true);
>     response = fetcher.fetch(request);
> @@ -482,7 +726,7 @@
>     assertEquals(1, serviceProvider.getAccessTokenCount());
>     assertEquals(2, serviceProvider.getResourceAccessCount());
>
> -    fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> +    fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     request.setIgnoreCache(true);
>     response = fetcher.fetch(request);
> @@ -502,7 +746,7 @@
>     OAuthArguments params = new OAuthArguments(
>         FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, "garbage",
> "garbage");
>
> -    fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> +    fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
>     String clientState = response.getMetadata().get("oauthState");
> @@ -515,7 +759,7 @@
>     params = new OAuthArguments(
>         FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false,
> "garbage", "garbage");
>
> -    fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> +    fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
>     assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> @@ -523,7 +767,7 @@
>
>     params = new OAuthArguments(
>         FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false,
> "garbage", "garbage");
> -    fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> +    fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
>     assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> @@ -539,7 +783,7 @@
>     OAuthArguments params = new OAuthArguments(
>         FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, "garbage",
> "garbage");
>
> -    fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> +    fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
>     String clientState = response.getMetadata().get("oauthState");
> @@ -552,7 +796,7 @@
>     params = new OAuthArguments(
>         FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false,
> "garbage", "garbage");
>
> -    fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> +    fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
>     assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> @@ -562,7 +806,7 @@
>     params = new OAuthArguments(
>         FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, "garbage",
>         "garbage");
> -    fetcher = getFetcher(getSecurityToken("owner", "owner"), params);
> +    fetcher = getFetcher(getNormalSecurityToken("owner", "owner"),
> params);
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
>     assertEquals("User data is hello-oauth",
> response.getResponseAsString());
> @@ -579,7 +823,7 @@
>     assertEquals(0, serviceProvider.getResourceAccessCount());
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
> @@ -591,7 +835,7 @@
>     serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth");
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "owner"),
> +        getNormalSecurityToken("owner", "owner"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null,
> clientState, false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
> @@ -602,7 +846,7 @@
>     assertEquals(1, serviceProvider.getResourceAccessCount());
>
>     fetcher = getFetcher(
> -        getSecurityToken("owner", "somebody else"),
> +        getNormalSecurityToken("owner", "somebody else"),
>         new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null,
> false));
>     request = new
> HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL));
>     response = fetcher.fetch(request);
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message