Return-Path: Delivered-To: apmail-incubator-shindig-dev-archive@locus.apache.org Received: (qmail 21822 invoked from network); 1 Sep 2008 00:36:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 1 Sep 2008 00:36:00 -0000 Received: (qmail 19999 invoked by uid 500); 1 Sep 2008 00:35:58 -0000 Delivered-To: apmail-incubator-shindig-dev-archive@incubator.apache.org Received: (qmail 19976 invoked by uid 500); 1 Sep 2008 00:35:58 -0000 Mailing-List: contact shindig-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: shindig-dev@incubator.apache.org Delivered-To: mailing list shindig-dev@incubator.apache.org Received: (qmail 19965 invoked by uid 99); 1 Sep 2008 00:35:58 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 31 Aug 2008 17:35:58 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of etnu@google.com designates 216.239.33.17 as permitted sender) Received: from [216.239.33.17] (HELO smtp-out.google.com) (216.239.33.17) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Sep 2008 00:34:57 +0000 Received: from zps76.corp.google.com (zps76.corp.google.com [172.25.146.76]) by smtp-out.google.com with ESMTP id m810Xn1C016508 for ; Mon, 1 Sep 2008 01:33:50 +0100 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1220229231; bh=ptYahewowVm0GHBqALzAUJD9zz8=; h=DomainKey-Signature:Message-ID:Date:From:To:Subject:Cc: MIME-Version:Content-Type; b=rnmZDyFomMl8+4IJgVpuOfKmaCQCsmh3tHWbl ZYZR6Ofy37KQntJ9qkvVRZFoH/q+u4hQf9bttLrzkJF0MDeSg== DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=message-id:date:from:to:subject:cc:mime-version:content-type; b=yeyZuIlOxANr/VFxhGdRzz+Y/9XsE1FkplL+6V7rXzbptfWNnrHcAKv0hkBGqrJa/ Zhxm/3m7R/Tvpjovihqww== Received: from wr-out-0506.google.com (wra69.prod.google.com [10.54.1.69]) by zps76.corp.google.com with ESMTP id m810XGL8030304 for ; Sun, 31 Aug 2008 17:33:46 -0700 Received: by wr-out-0506.google.com with SMTP id 69so1344542wra.16 for ; Sun, 31 Aug 2008 17:33:46 -0700 (PDT) Received: by 10.90.66.14 with SMTP id o14mr7012645aga.15.1220229225186; Sun, 31 Aug 2008 17:33:45 -0700 (PDT) Received: by 10.90.53.15 with HTTP; Sun, 31 Aug 2008 17:33:45 -0700 (PDT) Message-ID: Date: Sun, 31 Aug 2008 17:33:45 -0700 From: "Kevin Brown" To: shindig-dev@incubator.apache.org Subject: Re: svn commit: r690827 - in /incubator/shindig/trunk/java: common/src/main/java/org/apache/shindig/common/util/ common/src/test/java/org/apache/shindig/common/util/ gadgets/src/main/java/org/apache/shindig/gadgets/http/ gadgets/src/main/java/org/apa Cc: shindig-commits@incubator.apache.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_49328_9873339.1220229225162" X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_49328_9873339.1220229225162 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On Sun, Aug 31, 2008 at 5:03 PM, wrote: > Author: beaton > Date: Sun Aug 31 17:03:09 2008 > New Revision: 690827 > > URL: http://svn.apache.org/viewvc?rev=690827&view=rev > Log: > Add test coverage for OAuth data in post bodies and authz headers. This > turned up an interesting corner case in the OAuth spec: what are we > supposed to do with service providers who ask for OAuth data in POST > bodies when the request we're sending is a GET? I decided to deal with > this by sticking the data in the authorization header, since that stands > some chance of working. > > > Added: > > incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java > > incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java > Modified: > > incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java > > incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java > > incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java > > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java > > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java > > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java > > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java > > Added: > incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java?rev=690827&view=auto > > ============================================================================== > --- > incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java > (added) > +++ > incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/CharsetUtil.java > Sun Aug 31 17:03:09 2008 > @@ -0,0 +1,52 @@ > +/* > + * Licensed to the Apache Software Foundation (ASF) under one > + * or more contributor license agreements. See the NOTICE file > + * distributed with this work for additional information > + * regarding copyright ownership. The ASF licenses this file > + * to you under the Apache License, Version 2.0 (the > + * "License"); you may not use this file except in compliance > + * with the License. You may obtain a copy of the License at > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, > + * software distributed under the License is distributed on an > + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > + * KIND, either express or implied. See the License for the > + * specific language governing permissions and limitations > + * under the License. > + */ > + > +package org.apache.shindig.common.util; > + > +import org.apache.commons.lang.ArrayUtils; > + > +import java.nio.ByteBuffer; > +import java.nio.charset.Charset; > +import java.util.Arrays; > + > +/** > + * Utilities for dealing with character set encoding. > + */ > +public class CharsetUtil { > + > + /** > + * UTF-8 Charset. > + */ > + public static final Charset UTF8; > + > + static { > + UTF8 = Charset.forName("UTF-8"); > + } This won't run on a 1.5 JRE. > > + > + /** > + * @return UTF-8 byte array for the input string. > + */ > + public static byte[] getUtf8Bytes(String s) { > + if (s == null) { > + return ArrayUtils.EMPTY_BYTE_ARRAY; > + } > + ByteBuffer bb = UTF8.encode(s); > + return Arrays.copyOf(bb.array(), bb.limit()); > + } > +} > > Added: > incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java?rev=690827&view=auto > > ============================================================================== > --- > incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java > (added) > +++ > incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/util/CharsetUtilTest.java > Sun Aug 31 17:03:09 2008 > @@ -0,0 +1,69 @@ > +/* > + * Licensed to the Apache Software Foundation (ASF) under one > + * or more contributor license agreements. See the NOTICE file > + * distributed with this work for additional information > + * regarding copyright ownership. The ASF licenses this file > + * to you under the Apache License, Version 2.0 (the > + * "License"); you may not use this file except in compliance > + * with the License. You may obtain a copy of the License at > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, > + * software distributed under the License is distributed on an > + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > + * KIND, either express or implied. See the License for the > + * specific language governing permissions and limitations > + * under the License. > + */ > + > +package org.apache.shindig.common.util; > + > +import static org.junit.Assert.assertEquals; > + > +import org.junit.Test; > + > +import junitx.framework.ArrayAssert; > + > +/** > + * Tests for CharsetUtil. > + */ > +public class CharsetUtilTest { > + > + @Test > + public void testGetUtf8String() { > + ArrayAssert.assertEquals(new byte[] { 0x69, 0x6e }, > CharsetUtil.getUtf8Bytes("in")); > + ArrayAssert.assertEquals(new byte[] {}, > CharsetUtil.getUtf8Bytes(null)); > + testStringOfLength(0); > + testStringOfLength(10); > + testStringOfLength(100); > + testStringOfLength(1000); > + } > + > + private void testStringOfLength(int len) { > + StringBuilder sb = new StringBuilder(); > + for (int i=0; i < len; ++i) { > + sb.append('a'); > + } > + byte[] out = CharsetUtil.getUtf8Bytes(sb.toString()); > + assertEquals(len, out.length); > + for (int i=0; i < len; ++i) { > + assertEquals('a', out[i]); > + } > + } > + > + > + private static final byte[] LATIN1_UTF8_DATA = new byte[] { > + 'G', 'a', 'm', 'e', 's', ',', ' ', 'H', 'Q', ',', ' ', 'M', 'a', 'n', > 'g', (byte)0xC3, > + (byte) 0xA1, ',', ' ', 'A', 'n', 'i', 'm', 'e', ' ', 'e', ' ', 't', > 'u', 'd', 'o', ' ', > + 'q', 'u', 'e', ' ', 'u', 'm', ' ', 'b', 'o', 'm', ' ', 'n', 'e', 'r', > 'd', ' ', 'a', 'm', 'a' > + }; > + > + private static final String LATIN1_STRING > + = "Games, HQ, Mang\u00E1, Anime e tudo que um bom nerd ama"; > + > + @Test > + public void testLatin1() { > + ArrayAssert.assertEquals(LATIN1_UTF8_DATA, > CharsetUtil.getUtf8Bytes(LATIN1_STRING)); > + } > +} > > Modified: > incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java?rev=690827&r1=690826&r2=690827&view=diff > > ============================================================================== > --- > incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java > (original) > +++ > incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponse.java > Sun Aug 31 17:03:09 2008 > @@ -25,12 +25,10 @@\ import com.ibm.icu.text.CharsetDetector; > import com.ibm.icu.text.CharsetMatch; > > -import org.apache.commons.lang.ArrayUtils; > import org.apache.shindig.common.util.DateUtil; > > import java.io.ByteArrayInputStream; > import java.io.InputStream; > -import java.io.UnsupportedEncodingException; > import java.nio.ByteBuffer; > import java.nio.charset.Charset; > import java.util.Arrays; > @@ -124,18 +122,7 @@ > private HttpResponse(int httpStatusCode, String body) { > this(new HttpResponseBuilder() > .setHttpStatusCode(httpStatusCode) > - .setResponse(getUtf8Bytes(body))); > - } > - > - private static byte[] getUtf8Bytes(String body) { > - try { > - if (body == null) { > - return ArrayUtils.EMPTY_BYTE_ARRAY; > - } > - return body.getBytes(DEFAULT_ENCODING); > - } catch (UnsupportedEncodingException e) { > - throw new RuntimeException(e); > - } > + .setResponseString(body)); > } > > public HttpResponse(String body) { > > Modified: > incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java?rev=690827&r1=690826&r2=690827&view=diff > > ============================================================================== > --- > incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java > (original) > +++ > incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/http/HttpResponseBuilder.java > Sun Aug 31 17:03:09 2008 > @@ -19,6 +19,7 @@ > > import com.google.common.collect.*; > import org.apache.commons.lang.ArrayUtils; > +import org.apache.shindig.common.util.CharsetUtil; > import org.apache.shindig.common.util.DateUtil; > > import java.util.*; > @@ -59,6 +60,14 @@ > return new HttpResponse(this); > } > > + /** > + * @param responseString The response string. Converted to UTF-8 bytes > and copied when set. > + */ > + public HttpResponseBuilder setResponseString(String body) { > + responseBytes = CharsetUtil.getUtf8Bytes(body); > + return this; > + } > + > /** > * @param responseBytes The response body. Copied when set. > */ > > Modified: > incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java?rev=690827&r1=690826&r2=690827&view=diff > > ============================================================================== > --- > incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java > (original) > +++ > incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthFetcher.java > Sun Aug 31 17:03:09 2008 > @@ -25,6 +25,7 @@ > import org.apache.shindig.gadgets.http.HttpRequest; > import org.apache.shindig.gadgets.http.HttpResponse; > import org.apache.shindig.gadgets.http.HttpResponseBuilder; > +import org.apache.shindig.gadgets.oauth.OAuthStore.OAuthParamLocation; > > import net.oauth.OAuth; > import net.oauth.OAuthAccessor; > @@ -376,6 +377,16 @@ > // paramLocation could be overriden by a run-time parameter to > fetchRequest > > HttpRequest result = new HttpRequest(base); > + > + // If someone specifies that OAuth parameters go in the body, but then > sends a request for > + // data using GET, we've got a choice. We can throw some type of > error, since a GET request > + // can't have a body, or we can stick the parameters somewhere else, > like, say, the header. > + // We opt to put them in the header, since that stands some chance of > working with some > + // OAuth service providers. > + if (paramLocation == OAuthStore.OAuthParamLocation.POST_BODY && > + !result.getMethod().equals("POST")) { > + paramLocation = OAuthStore.OAuthParamLocation.AUTH_HEADER; > + } > > switch (paramLocation) { > case AUTH_HEADER: > @@ -413,6 +424,11 @@ > HttpRequest req = new HttpRequest(Uri.parse(request.URL)) > .setMethod(request.method) > .setIgnoreCache(true); > + > + // Per section 5.2 of OAuth spec > + if (accessorInfo.paramLocation == OAuthParamLocation.POST_BODY) { > + req.setHeader("Content-Type", "application/x-www-form-urlencoded"); > + } > > HttpRequest oauthRequest = createHttpRequest(req, > filterOAuthParams(request)); > > > Modified: > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java?rev=690827&r1=690826&r2=690827&view=diff > > ============================================================================== > --- > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java > (original) > +++ > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/FakeGadgetSpecFactory.java > Sun Aug 31 17:03:09 2008 > @@ -37,12 +37,23 @@ > > public GadgetSpec getGadgetSpec(URI gadgetUri, boolean ignoreCache) > throws GadgetException { > - if (gadgetUri.toString().contains("nokey")) { > - String nokeySpec = GadgetTokenStoreTest.GADGET_SPEC.replace( > - SERVICE_NAME, SERVICE_NAME_NO_KEY); > + String gadget = gadgetUri.toString(); > + String baseSpec = GadgetTokenStoreTest.GADGET_SPEC; > + if (gadget.contains("nokey")) { > + // For testing key lookup failures > + String nokeySpec = baseSpec.replace(SERVICE_NAME, > SERVICE_NAME_NO_KEY); > return new GadgetSpec(gadgetUri, nokeySpec); > + } else if (gadget.contains("header")) { > + // For testing oauth data in header > + String headerSpec = baseSpec.replace("uri-query", "auth-header"); > + return new GadgetSpec(gadgetUri, headerSpec); > + } else if (gadget.contains("body")) { > + // For testing oauth data in body > + String bodySpec = baseSpec.replace("uri-query", "post-body"); > + bodySpec = bodySpec.replace("'GET'", "'POST'"); > + return new GadgetSpec(gadgetUri, bodySpec); > } else { > - return new GadgetSpec(gadgetUri, GadgetTokenStoreTest.GADGET_SPEC); > + return new GadgetSpec(gadgetUri, baseSpec); > } > } > } > > Modified: > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java?rev=690827&r1=690826&r2=690827&view=diff > > ============================================================================== > --- > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java > (original) > +++ > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/http/HttpResponseBuilderTest.java > Sun Aug 31 17:03:09 2008 > @@ -123,4 +123,11 @@ > } > > > + @Test > + public void setResponseString() { > + HttpResponse resp = new HttpResponseBuilder() > + .setResponseString("foo") > + .create(); > + assertEquals("foo", resp.getResponseAsString()); > + } > } > > Modified: > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java?rev=690827&r1=690826&r2=690827&view=diff > > ============================================================================== > --- > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java > (original) > +++ > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/FakeOAuthServiceProvider.java > Sun Aug 31 17:03:09 2008 > @@ -24,20 +24,28 @@ > import net.oauth.OAuthServiceProvider; > import net.oauth.OAuthValidator; > import net.oauth.SimpleOAuthValidator; > + > import org.apache.shindig.common.crypto.Crypto; > import org.apache.shindig.gadgets.GadgetException; > import org.apache.shindig.gadgets.http.HttpFetcher; > import org.apache.shindig.gadgets.http.HttpRequest; > import org.apache.shindig.gadgets.http.HttpResponse; > import org.apache.shindig.gadgets.http.HttpResponseBuilder; > +import org.apache.shindig.gadgets.oauth.OAuthStore.OAuthParamLocation; > > import java.io.IOException; > import java.util.ArrayList; > import java.util.HashMap; > +import java.util.HashSet; > import java.util.List; > +import java.util.Set; > > public class FakeOAuthServiceProvider implements HttpFetcher { > > + public static final String BODY_ECHO_HEADER = "X-Echoed-Body"; > + > + public static final String AUTHZ_ECHO_HEADER = "X-Echoed-Authz"; > + > public final static String SP_HOST = "http://www.example.com"; > > public final static String REQUEST_TOKEN_URL = > @@ -115,6 +123,8 @@ > > private int resourceAccessCount = 0; > > + private Set validParamLocations; > + > public FakeOAuthServiceProvider() { > OAuthServiceProvider provider = new OAuthServiceProvider( > REQUEST_TOKEN_URL, APPROVAL_URL, ACCESS_TOKEN_URL); > @@ -123,11 +133,26 @@ > tokenState = new HashMap(); > validator = new SimpleOAuthValidator(); > vagueErrors = false; > + validParamLocations = new HashSet(); > + validParamLocations.add(OAuthParamLocation.URI_QUERY); > } > > public void setVagueErrors(boolean vagueErrors) { > this.vagueErrors = vagueErrors; > } > + > + public void addParamLocation(OAuthParamLocation paramLocation) { > + validParamLocations.add(paramLocation); > + } > + > + public void removeParamLocation(OAuthParamLocation paramLocation) { > + validParamLocations.remove(paramLocation); > + } > + > + public void setParamLocation(OAuthParamLocation paramLocation) { > + validParamLocations.clear(); > + validParamLocations.add(paramLocation); > + } > > @SuppressWarnings("unused") > public HttpResponse fetch(HttpRequest request) > @@ -156,7 +181,7 @@ > > private HttpResponse handleRequestTokenUrl(HttpRequest request) > throws Exception { > - OAuthMessage message = parseMessage(request); > + OAuthMessage message = parseMessage(request).message; > String requestConsumer = > message.getParameter(OAuth.OAUTH_CONSUMER_KEY); > if (!CONSUMER_KEY.equals(requestConsumer)) { > return makeOAuthProblemReport( > @@ -197,23 +222,61 @@ > > // Loosely based off net.oauth.OAuthServlet, and even more loosely > related > // to the OAuth specification > - private OAuthMessage parseMessage(HttpRequest request) { > + private MessageInfo parseMessage(HttpRequest request) { > + MessageInfo info = new MessageInfo(); > String method = request.getMethod(); > - if (!method.equals("GET")) { > - throw new RuntimeException("Only GET supported for now"); > - } > - ParsedUrl url = new ParsedUrl(request.getUri().toString()); > + ParsedUrl parsed = new ParsedUrl(request.getUri().toString()); > + > List params = new ArrayList(); > - params.addAll(url.getParsedQuery()); > - String aznHeader = request.getHeader("Authorization"); > - if (aznHeader != null) { > - for (OAuth.Parameter p : > OAuthMessage.decodeAuthorization(aznHeader)) { > - if (!p.getKey().equalsIgnoreCase("realm")) { > - params.add(p); > + params.addAll(parsed.getParsedQuery()); > + > + if (!validParamLocations.contains(OAuthParamLocation.URI_QUERY)) { > + // Make sure nothing OAuth related ended up in the query string > + for (OAuth.Parameter p : params) { > + if (p.getKey().contains("oauth_")) { > + throw new RuntimeException("Found unexpected query param " + > p.getKey()); > + } > + } > + } > + > + // Parse authorization header > + if (validParamLocations.contains(OAuthParamLocation.AUTH_HEADER)) { > + String aznHeader = request.getHeader("Authorization"); > + if (aznHeader != null) { > + info.aznHeader = aznHeader; > + for (OAuth.Parameter p : > OAuthMessage.decodeAuthorization(aznHeader)) { > + if (!p.getKey().equalsIgnoreCase("realm")) { > + params.add(p); > + } > } > } > } > - return new OAuthMessage(method, url.getLocation(), params); > + > + // Parse body > + if (validParamLocations.contains(OAuthParamLocation.POST_BODY)) { > + String body = request.getPostBodyAsString(); > + if (request.getMethod().equals("POST")) { > + String type = request.getHeader("Content-Type"); > + if (!"application/x-www-form-urlencoded".equals(type)) { > + throw new RuntimeException("Wrong content-type header: " + > type); > + } > + info.body = body; > + params.addAll(OAuth.decodeForm(request.getPostBodyAsString())); > + } > + } > + > + // Return the lot > + info.message = new OAuthMessage(method, parsed.getLocation(), params); > + return info; > + } > + > + /** > + * Bundles information about a received OAuthMessage. > + */ > + private static class MessageInfo { > + public OAuthMessage message; > + public String aznHeader; > + public String body; > } > > /** > @@ -316,7 +379,7 @@ > > private HttpResponse handleAccessTokenUrl(HttpRequest request) > throws Exception { > - OAuthMessage message = parseMessage(request); > + OAuthMessage message = parseMessage(request).message; > String requestToken = message.getParameter("oauth_token"); > TokenState state = tokenState.get(requestToken); > if (throttled) { > @@ -345,8 +408,8 @@ > > private HttpResponse handleResourceUrl(HttpRequest request) > throws Exception { > - OAuthMessage message = parseMessage(request); > - String accessToken = message.getParameter("oauth_token"); > + MessageInfo info = parseMessage(request); > + String accessToken = info.message.getParameter("oauth_token"); > TokenState state = tokenState.get(accessToken); > if (throttled) { > return makeOAuthProblemReport( > @@ -363,8 +426,17 @@ > OAuthAccessor accessor = new OAuthAccessor(consumer); > accessor.accessToken = accessToken; > accessor.tokenSecret = state.getSecret(); > - message.validateMessage(accessor, validator); > - return new HttpResponse("User data is " + state.getUserData()); > + info.message.validateMessage(accessor, validator); > + HttpResponseBuilder resp = new HttpResponseBuilder() > + .setHttpStatusCode(HttpResponse.SC_OK) > + .setResponseString("User data is " + state.getUserData()); > + if (info.aznHeader != null) { > + resp.setHeader(AUTHZ_ECHO_HEADER, info.aznHeader); > + } > + if (info.body != null) { > + resp.setHeader(BODY_ECHO_HEADER, info.body); > + } > + return resp.create(); > } > > public void setConsumersThrottled(boolean throttled) { > > Modified: > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java > URL: > http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java?rev=690827&r1=690826&r2=690827&view=diff > > ============================================================================== > --- > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java > (original) > +++ > incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthFetcherTest.java > Sun Aug 31 17:03:09 2008 > @@ -20,12 +20,14 @@ > import static org.junit.Assert.assertEquals; > import static org.junit.Assert.assertNotNull; > import static org.junit.Assert.assertNull; > +import static org.junit.Assert.assertTrue; > > import org.apache.shindig.auth.BasicSecurityToken; > import org.apache.shindig.auth.SecurityToken; > import org.apache.shindig.common.cache.DefaultCacheProvider; > import org.apache.shindig.common.crypto.BasicBlobCrypter; > import org.apache.shindig.common.uri.Uri; > +import org.apache.shindig.common.util.CharsetUtil; > import org.apache.shindig.gadgets.FakeGadgetSpecFactory; > import org.apache.shindig.gadgets.GadgetException; > import org.apache.shindig.gadgets.http.BasicHttpCache; > @@ -33,6 +35,7 @@ > import org.apache.shindig.gadgets.http.HttpRequest; > import org.apache.shindig.gadgets.http.HttpResponse; > import > org.apache.shindig.gadgets.oauth.FakeOAuthServiceProvider.TokenPair; > +import org.apache.shindig.gadgets.oauth.OAuthStore.OAuthParamLocation; > > import org.junit.After; > import org.junit.Before; > @@ -53,6 +56,8 @@ > > public static final String GADGET_URL = " > http://www.example.com/gadget.xml"; > public static final String GADGET_URL_NO_KEY = " > http://www.example.com/nokey.xml"; > + public static final String GADGET_URL_HEADER = " > http://www.example.com/header.xml"; > + public static final String GADGET_URL_BODY = " > http://www.example.com/body.xml"; > > @Before > public void setUp() throws Exception { > @@ -70,6 +75,8 @@ > BasicOAuthStore base = new BasicOAuthStore(); > addValidConsumer(base); > addInvalidConsumer(base); > + addAuthHeaderConsumer(base); > + addBodyConsumer(base); > BasicGadgetOAuthTokenStore store = new BasicGadgetOAuthTokenStore(base, > new FakeGadgetSpecFactory()); > store.initFromConfigString("{}"); > @@ -92,6 +99,24 @@ > FakeGadgetSpecFactory.SERVICE_NAME_NO_KEY, > "garbage_key", "garbage_secret"); > } > + > + private static void addAuthHeaderConsumer(BasicOAuthStore base) { > + addConsumer( > + base, > + GADGET_URL_HEADER, > + FakeGadgetSpecFactory.SERVICE_NAME, > + FakeOAuthServiceProvider.CONSUMER_KEY, > + FakeOAuthServiceProvider.CONSUMER_SECRET); > + } > + > + private static void addBodyConsumer(BasicOAuthStore base) { > + addConsumer( > + base, > + GADGET_URL_BODY, > + FakeGadgetSpecFactory.SERVICE_NAME, > + FakeOAuthServiceProvider.CONSUMER_KEY, > + FakeOAuthServiceProvider.CONSUMER_SECRET); > + } > > private static void addConsumer( > BasicOAuthStore base, > @@ -110,19 +135,36 @@ > } > > /** > - * Builds a nicely populated gadget token. > + * Builds gadget token for testing a service with parameters in the > query. > */ > - public static SecurityToken getSecurityToken(String owner, String > viewer) throws Exception { > - return new BasicSecurityToken(owner, viewer, "app", "container.com", > - GADGET_URL, "0"); > + public static SecurityToken getNormalSecurityToken(String owner, String > viewer) throws Exception { > + return getSecurityToken(owner, viewer, GADGET_URL); > } > > /** > - * Builds a nicely populated gadget token. > + * Builds gadget token for testing services without a key. > */ > public static SecurityToken getNokeySecurityToken(String owner, String > viewer) throws Exception { > - return new BasicSecurityToken(owner, viewer, "app", "container.com", > - GADGET_URL_NO_KEY, "0"); > + return getSecurityToken(owner, viewer, GADGET_URL_NO_KEY); > + } > + > + /** > + * Builds gadget token for testing a service that wants parameters in a > header. > + */ > + public static SecurityToken getHeaderSecurityToken(String owner, String > viewer) throws Exception { > + return getSecurityToken(owner, viewer, GADGET_URL_HEADER); > + } > + > + /** > + * Builds gadget token for testing a service that wants parameters in > the request body. > + */ > + public static SecurityToken getBodySecurityToken(String owner, String > viewer) throws Exception { > + return getSecurityToken(owner, viewer, GADGET_URL_BODY); > + } > + > + public static SecurityToken getSecurityToken(String owner, String > viewer, String gadget) > + throws Exception { > + return new BasicSecurityToken(owner, viewer, "app", "container.com", > gadget, "0"); > } > > @After > @@ -143,7 +185,7 @@ > HttpResponse response; > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > @@ -155,21 +197,22 @@ > serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth"); > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > assertEquals("User data is hello-oauth", > response.getResponseAsString()); > + > assertNull(response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER)); > > fetcher = getFetcher( > - getSecurityToken("owner", "somebody else"), > + getNormalSecurityToken("owner", "somebody else"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > assertEquals("User data is hello-oauth", > response.getResponseAsString()); > > fetcher = getFetcher( > - getSecurityToken("somebody else", "somebody else"), > + getNormalSecurityToken("somebody else", "somebody else"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > @@ -181,12 +224,213 @@ > serviceProvider.browserVisit(approvalUrl + > "&user_data=somebody%20else"); > > fetcher = getFetcher( > - getSecurityToken("somebody else", "somebody else"), > + getNormalSecurityToken("somebody else", "somebody else"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > assertEquals("User data is somebody else", > response.getResponseAsString()); > } > + > + @Test > + public void testParamsInHeader() throws Exception { > + HttpFetcher fetcher; > + HttpRequest request; > + HttpResponse response; > + > + serviceProvider.setParamLocation(OAuthParamLocation.AUTH_HEADER); > + > + fetcher = getFetcher( > + getHeaderSecurityToken("owner", "owner"), > + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > + request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > + response = fetcher.fetch(request); > + String clientState = response.getMetadata().get("oauthState"); > + assertNotNull(clientState); > + String approvalUrl = response.getMetadata().get("oauthApprovalUrl"); > + assertNotNull(approvalUrl); > + > + serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth"); > + > + fetcher = getFetcher( > + getHeaderSecurityToken("owner", "owner"), > + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > + request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > + response = fetcher.fetch(request); > + assertEquals("User data is hello-oauth", > response.getResponseAsString()); > + > + String aznHeader = > response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER); > + assertNotNull(aznHeader); > + assertTrue("azn header: " + aznHeader, aznHeader.indexOf("OAuth") != > -1); > + } > + > + @Test > + public void testParamsInBody() throws Exception { > + HttpFetcher fetcher; > + HttpRequest request; > + HttpResponse response; > + > + serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY); > + > + fetcher = getFetcher( > + getBodySecurityToken("owner", "owner"), > + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > + request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > + response = fetcher.fetch(request); > + String clientState = response.getMetadata().get("oauthState"); > + assertNotNull(clientState); > + String approvalUrl = response.getMetadata().get("oauthApprovalUrl"); > + assertNotNull(approvalUrl); > + > + serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth"); > + > + fetcher = getFetcher( > + getBodySecurityToken("owner", "owner"), > + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > + request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > + request.setHeader("content-type", > "application/x-www-form-urlencoded"); > + request.setMethod("POST"); > + response = fetcher.fetch(request); > + assertEquals("User data is hello-oauth", > response.getResponseAsString()); > + > + String echoedBody = > response.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER); > + assertNotNull(echoedBody); > + assertTrue("body: " + echoedBody, > echoedBody.indexOf("oauth_consumer_key=") != -1); > + } > + > + @Test > + public void testParamsInBody_withExtraParams() throws Exception { > + HttpFetcher fetcher; > + HttpRequest request; > + HttpResponse response; > + > + serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY); > + > + fetcher = getFetcher( > + getBodySecurityToken("owner", "owner"), > + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > + request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > + response = fetcher.fetch(request); > + String clientState = response.getMetadata().get("oauthState"); > + assertNotNull(clientState); > + String approvalUrl = response.getMetadata().get("oauthApprovalUrl"); > + assertNotNull(approvalUrl); > + > + serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth"); > + > + fetcher = getFetcher( > + getBodySecurityToken("owner", "owner"), > + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > + request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > + request.setHeader("content-type", > "application/x-www-form-urlencoded"); > + request.setMethod("POST"); > + request.setPostBody(CharsetUtil.getUtf8Bytes("foo=bar&foo=baz")); > + response = fetcher.fetch(request); > + assertEquals("User data is hello-oauth", > response.getResponseAsString()); > + > + String echoedBody = > response.getHeader(FakeOAuthServiceProvider.BODY_ECHO_HEADER); > + assertNotNull(echoedBody); > + assertTrue("body: " + echoedBody, > echoedBody.indexOf("oauth_consumer_key=") != -1); > + assertTrue("body: " + echoedBody, > echoedBody.indexOf("foo=bar&foo=baz") != -1); > + } > + > + @Test > + public void testParamsInBody_forGetRequest() throws Exception { > + HttpFetcher fetcher; > + HttpRequest request; > + HttpResponse response; > + > + // We're sending a GET request with an auth-header, let the SP look in > the header for the authz > + // params. > + serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY); > + serviceProvider.addParamLocation(OAuthParamLocation.AUTH_HEADER); > + > + fetcher = getFetcher( > + getBodySecurityToken("owner", "owner"), > + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > + request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > + response = fetcher.fetch(request); > + String clientState = response.getMetadata().get("oauthState"); > + assertNotNull(clientState); > + String approvalUrl = response.getMetadata().get("oauthApprovalUrl"); > + assertNotNull(approvalUrl); > + > + serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth"); > + > + fetcher = getFetcher( > + getBodySecurityToken("owner", "owner"), > + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > + request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > + > + response = fetcher.fetch(request); > + assertEquals("User data is hello-oauth", > response.getResponseAsString()); > + > + String aznHeader = > response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER); > + assertNotNull(aznHeader); > + assertTrue("azn header: " + aznHeader, aznHeader.indexOf("OAuth") != > -1); > + } > + > + @Test > + public void testParamsInBody_forGetRequestStrictSp() throws Exception { > + HttpFetcher fetcher; > + HttpRequest request; > + HttpResponse response; > + > + serviceProvider.setParamLocation(OAuthParamLocation.POST_BODY); > + > + fetcher = getFetcher( > + getBodySecurityToken("owner", "owner"), > + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > + request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > + response = fetcher.fetch(request); > + String clientState = response.getMetadata().get("oauthState"); > + assertNotNull(clientState); > + String approvalUrl = response.getMetadata().get("oauthApprovalUrl"); > + assertNotNull(approvalUrl); > + > + serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth"); > + > + fetcher = getFetcher( > + getBodySecurityToken("owner", "owner"), > + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > + request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > + > + // Failed because the SP doesn't accept authz headers > + response = fetcher.fetch(request); > + approvalUrl = response.getMetadata().get("oauthApprovalUrl"); > + assertNotNull(approvalUrl); > + } > + > + @Test > + public void testPlainTextParams() throws Exception { > + HttpFetcher fetcher; > + HttpRequest request; > + HttpResponse response; > + > + serviceProvider.setParamLocation(OAuthParamLocation.AUTH_HEADER); > + > + fetcher = getFetcher( > + getHeaderSecurityToken("owner", "owner"), > + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > + request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > + response = fetcher.fetch(request); > + String clientState = response.getMetadata().get("oauthState"); > + assertNotNull(clientState); > + String approvalUrl = response.getMetadata().get("oauthApprovalUrl"); > + assertNotNull(approvalUrl); > + > + serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth"); > + > + fetcher = getFetcher( > + getHeaderSecurityToken("owner", "owner"), > + new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > + request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > + response = fetcher.fetch(request); > + assertEquals("User data is hello-oauth", > response.getResponseAsString()); > + > + String aznHeader = > response.getHeader(FakeOAuthServiceProvider.AUTHZ_ECHO_HEADER); > + assertNotNull(aznHeader); > + assertTrue("azn header: " + aznHeader, aznHeader.indexOf("OAuth") != > -1); > + } > > @Test > public void testRevokedAccessToken() throws Exception { > @@ -195,7 +439,7 @@ > HttpResponse response; > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > @@ -207,7 +451,7 @@ > serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth"); > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > @@ -216,7 +460,7 @@ > serviceProvider.revokeAllAccessTokens(); > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > request.setIgnoreCache(true); > @@ -229,7 +473,7 @@ > > serviceProvider.browserVisit(approvalUrl + "&user_data=reapproved"); > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > request.setIgnoreCache(true); > @@ -247,7 +491,7 @@ > serviceProvider.setVagueErrors(true); > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > @@ -259,7 +503,7 @@ > serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth"); > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > @@ -268,7 +512,7 @@ > serviceProvider.revokeAllAccessTokens(); > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > request.setIgnoreCache(true); > @@ -281,7 +525,7 @@ > > serviceProvider.browserVisit(approvalUrl + "&user_data=reapproved"); > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > request.setIgnoreCache(true); > @@ -339,7 +583,7 @@ > assertEquals(0, serviceProvider.getResourceAccessCount()); > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > request.setIgnoreCache(true); > @@ -356,7 +600,7 @@ > serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth"); > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > request.setIgnoreCache(true); > @@ -369,7 +613,7 @@ > assertEquals(1, serviceProvider.getResourceAccessCount()); > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > request.setIgnoreCache(true); > @@ -384,7 +628,7 @@ > serviceProvider.setConsumersThrottled(true); > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > @@ -405,7 +649,7 @@ > serviceProvider.setConsumersThrottled(false); > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > @@ -427,7 +671,7 @@ > HttpResponse response; > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments("nosuchservice", null, null, false)); > request = new HttpRequest( > Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > @@ -459,7 +703,7 @@ > FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, > reqToken.token, > reqToken.secret); > > - fetcher = getFetcher(getSecurityToken("owner", "owner"), params); > + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), > params); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > > @@ -472,7 +716,7 @@ > assertEquals(1, serviceProvider.getAccessTokenCount()); > assertEquals(1, serviceProvider.getResourceAccessCount()); > > - fetcher = getFetcher(getSecurityToken("owner", "owner"), params); > + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), > params); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > request.setIgnoreCache(true); > response = fetcher.fetch(request); > @@ -482,7 +726,7 @@ > assertEquals(1, serviceProvider.getAccessTokenCount()); > assertEquals(2, serviceProvider.getResourceAccessCount()); > > - fetcher = getFetcher(getSecurityToken("owner", "owner"), params); > + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), > params); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > request.setIgnoreCache(true); > response = fetcher.fetch(request); > @@ -502,7 +746,7 @@ > OAuthArguments params = new OAuthArguments( > FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, "garbage", > "garbage"); > > - fetcher = getFetcher(getSecurityToken("owner", "owner"), params); > + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), > params); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > String clientState = response.getMetadata().get("oauthState"); > @@ -515,7 +759,7 @@ > params = new OAuthArguments( > FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false, > "garbage", "garbage"); > > - fetcher = getFetcher(getSecurityToken("owner", "owner"), params); > + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), > params); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > assertEquals("User data is hello-oauth", > response.getResponseAsString()); > @@ -523,7 +767,7 @@ > > params = new OAuthArguments( > FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false, > "garbage", "garbage"); > - fetcher = getFetcher(getSecurityToken("owner", "owner"), params); > + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), > params); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > assertEquals("User data is hello-oauth", > response.getResponseAsString()); > @@ -539,7 +783,7 @@ > OAuthArguments params = new OAuthArguments( > FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, "garbage", > "garbage"); > > - fetcher = getFetcher(getSecurityToken("owner", "owner"), params); > + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), > params); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > String clientState = response.getMetadata().get("oauthState"); > @@ -552,7 +796,7 @@ > params = new OAuthArguments( > FakeGadgetSpecFactory.SERVICE_NAME, null, clientState, false, > "garbage", "garbage"); > > - fetcher = getFetcher(getSecurityToken("owner", "owner"), params); > + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), > params); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > assertEquals("User data is hello-oauth", > response.getResponseAsString()); > @@ -562,7 +806,7 @@ > params = new OAuthArguments( > FakeGadgetSpecFactory.SERVICE_NAME, null, null, false, "garbage", > "garbage"); > - fetcher = getFetcher(getSecurityToken("owner", "owner"), params); > + fetcher = getFetcher(getNormalSecurityToken("owner", "owner"), > params); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > assertEquals("User data is hello-oauth", > response.getResponseAsString()); > @@ -579,7 +823,7 @@ > assertEquals(0, serviceProvider.getResourceAccessCount()); > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > @@ -591,7 +835,7 @@ > serviceProvider.browserVisit(approvalUrl + "&user_data=hello-oauth"); > > fetcher = getFetcher( > - getSecurityToken("owner", "owner"), > + getNormalSecurityToken("owner", "owner"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, > clientState, false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > @@ -602,7 +846,7 @@ > assertEquals(1, serviceProvider.getResourceAccessCount()); > > fetcher = getFetcher( > - getSecurityToken("owner", "somebody else"), > + getNormalSecurityToken("owner", "somebody else"), > new OAuthArguments(FakeGadgetSpecFactory.SERVICE_NAME, null, null, > false)); > request = new > HttpRequest(Uri.parse(FakeOAuthServiceProvider.RESOURCE_URL)); > response = fetcher.fetch(request); > > > ------=_Part_49328_9873339.1220229225162--