Examples of org.apache.shindig.auth.SecurityToken

• org.apache.shindig.auth.SecurityToken
  An abstract representation of a signing token. Use in conjunction with @code SecurityTokenDecoder.

                                      ApplicationData applicationData) {

        UserId userId = new UserId(UserId.Type.userId, VALID_USER_ID);
        Set<UserId> userIds = new HashSet<UserId>(Arrays.asList(userId));

        SecurityToken securityToken = getMockSecurityToken(VALID_OWNER_ID, VALID_VIEWER_ID, VALID_APPLICATION_ID, VALID_MODULE_ID);

        List<Person> users = Arrays.asList(validPerson);
        GroupId groupId = new GroupId(GroupId.Type.self, "@self");
        expect(personService.getPeople(userIds, groupId, null, securityToken)).andReturn(users);
        replay(personService);

        assertEquals(expectedApplicationData.getAppUrl(), actualApplicationData.getAppUrl());
        assertEquals(expectedApplicationData.getData(), actualApplicationData.getData());
    }

    private SecurityToken getMockSecurityToken(String ownerId, String viewerId, String applicationId, Long moduleID) {
        SecurityToken securityToken;
        securityToken = createNiceMock(SecurityToken.class);
        expect(securityToken.getOwnerId()).andReturn(ownerId);
        expect(securityToken.getViewerId()).andReturn(viewerId);
        expect(securityToken.getAppId()).andReturn(applicationId);
        expect(securityToken.getModuleId()).andReturn(moduleID);
        replay(securityToken);
        return securityToken;
    }

  private OAuthCallbackGenerator createRealCallbackGenerator() {
    return new OAuthCallbackGenerator() {
      public String generateCallback(OAuthFetcherConfig fetcherConfig, String baseCallback,
          HttpRequest request, OAuthResponseParams responseParams) {
        SecurityToken st = request.getSecurityToken();
        Uri activeUrl = Uri.parse(st.getActiveUrl());
        assertEquals(GADGET_MAKE_REQUEST_URL, activeUrl.toString());
        assertEquals(GadgetTokenStoreTest.DEFAULT_CALLBACK, baseCallback);
        return new UriBuilder()
            .setScheme("http")
            .setAuthority(activeUrl.getAuthority())

  }

  /** Client that does OAuth and sends opensocial_* params */
  private MakeRequestClient makeNonSocialClient(String owner, String viewer, String gadget)
      throws Exception {
    SecurityToken securityToken = getSecurityToken(owner, viewer, gadget);
    MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider,
        FakeGadgetSpecFactory.SERVICE_NAME);
    client.getBaseArgs().setSignOwner(true);
    client.getBaseArgs().setSignViewer(true);
    return client;

  }

  /** Client that does OAuth and does not send opensocial_* params */
  private MakeRequestClient makeStrictNonSocialClient(String owner, String viewer, String gadget)
      throws Exception {
    SecurityToken securityToken = getSecurityToken(owner, viewer, gadget);
    return new MakeRequestClient(securityToken, fetcherConfig, serviceProvider,
        FakeGadgetSpecFactory.SERVICE_NAME);
  }

        FakeGadgetSpecFactory.SERVICE_NAME);
  }

  private MakeRequestClient makeSocialOAuthClient(String owner, String viewer, String gadget)
      throws Exception {
    SecurityToken securityToken = getSecurityToken(owner, viewer, gadget);
    MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider,
        FakeGadgetSpecFactory.SERVICE_NAME);
    client.getBaseArgs().setUseToken(UseToken.IF_AVAILABLE);
    return client;
  }

    return client;
  }

  private MakeRequestClient makeSignedFetchClient(String owner, String viewer, String gadget)
      throws Exception {
    SecurityToken securityToken = getSecurityToken(owner, viewer, gadget);
    MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider,
        null);
    client.setBaseArgs(client.makeSignedFetchArguments());
    return client;
  }

    assertEquals("User data is reapproved", response.getResponseAsString());
  }

  @Test
  public void testUnknownConsumerKey() throws Exception {
    SecurityToken securityToken = getSecurityToken("owner", "owner", GADGET_URL_NO_KEY);
    MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider,
        FakeGadgetSpecFactory.SERVICE_NAME_NO_KEY);

    HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
    assertEquals("", response.getResponseAsString());

        "GET /request?param=foo&");
  }

  @Test
  public void testBrokenRequestTokenResponse() throws Exception {
    SecurityToken securityToken = getSecurityToken("owner", "owner", GADGET_URL_BAD_OAUTH_URL);
    MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider,
        FakeGadgetSpecFactory.SERVICE_NAME);

    HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL);
    assertEquals(403, response.getHttpStatusCode());

        "GET /echo?mary_had_a_little_lamb");
  }

  @Test
  public void testBrokenAccessTokenResponse() throws Exception {
    SecurityToken securityToken = getSecurityToken("owner", "owner", GADGET_URL_BAD_OAUTH_URL);
    MakeRequestClient client = new MakeRequestClient(securityToken, fetcherConfig, serviceProvider,
        FakeGadgetSpecFactory.SERVICE_NAME);
    // This lets us skip the access token step
    client.getBaseArgs().setRequestToken("reqtoken");
    client.getBaseArgs().setRequestTokenSecret("reqtokensecret");