Package org.apache.shindig.social.core.oauth2

Examples of org.apache.shindig.social.core.oauth2.OAuth2Client

62
63
64
65
66
67
68
69
70
71
72
       
      OAuth2Message requestMessage = null;
        try{
            requestMessage = OAuth2Servlet.getMessage(request, null);
           
            OAuth2Client client = SampleOAuth2Provider.getClient(requestMessage);
           
            SampleOAuth2Provider.VALIDATOR.validateRequestMessageForAuthorization(requestMessage,client);
           
            sendToAuthorizePage(request, response, client);
View Full Code Here
96
97
98
99
100
101
102
103
104
105
106
            throws IOException, ServletException{
       
        try{
            OAuth2Message requestMessage = OAuth2Servlet.getMessage(request, null);
           
            OAuth2Client client = SampleOAuth2Provider.getClient(requestMessage);
           
            String userId = request.getParameter("userId");
            if(userId == null){
              SampleOAuth2Provider.VALIDATOR.validateRequestMessageForAuthorization(requestMessage,client);
                sendToAuthorizePage(request, response, client);
View Full Code Here
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
                String consumer_secret = (String) prop.getValue();
                if(consumer_secret != null){
                    String consumer_description = (String) p.getProperty(consumer_key + ".description");
                    String consumer_callback_url =  (String) p.getProperty(consumer_key + ".callbackURL");
                    // Create OAuthConsumer w/ key and secret
                    OAuth2Client client = new OAuth2Client(
                            consumer_callback_url,
                            consumer_key,
                            consumer_secret);
                    client.setProperty("name", consumer_key);
                    client.setProperty("description", consumer_description);
                    ALL_CLIENTS.put(consumer_key, client);
                }
            }
        }
       
View Full Code Here
111
112
113
114
115
116
117
118
119
120
121
     */
    public static synchronized OAuth2Client getClient(
            OAuth2Message requestMessage)
            throws IOException, OAuth2ProblemException {
       
        OAuth2Client client = null;
        // try to load from local cache if not throw exception
        String client_id = requestMessage.getClientId();
       
        client = SampleOAuth2Provider.ALL_CLIENTS.get(client_id);
       
View Full Code Here
135
136
137
138
139
140
141
142
143
144
145
     */
    public static synchronized OAuth2Client getClientFromAuthHeader(
            OAuth2Message requestMessage)
            throws IOException, OAuth2ProblemException {

        OAuth2Client client = null;
        // try to load from local cache if not throw exception
        String authz = requestMessage.getHeader("Authorization");
        if (authz != null) {
            if(authz.substring(0,5).equals("Basic")){
                String userPass = new String(Base64.decodeBase64(authz.substring(6).getBytes()), "UTF-8");
View Full Code Here
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
    System.out.println("Retrieved access token: " + accessToken);

    reset();

    // ensure access token can get security token for accessing resources
    OAuth2AuthenticationHandler handler = injector.getInstance(OAuth2AuthenticationHandler.class);
    req = new FakeHttpServletRequest("http://localhost:8080","/social/rest/activitystreams/john.doe/@self/1/object1", "access_token=" + accessToken);
    req.setMethod("GET");
    SecurityToken token = handler.getSecurityTokenFromRequest(req);
    assertNotNull(token);

    reset();

    // attempt to re-use authorization code to get new access token
    req = new FakeHttpServletRequest("http://localhost:8080","/oauth2", "client_id=" + CONF_CLIENT_ID + "&grant_type=authorization_code&redirect_uri=" + URLEncoder.encode(REDIRECT_URI,"UTF-8") + "&code=" + code + "&client_secret=" + CONF_CLIENT_SECRET);
    req.setMethod("GET");
    req.setServletPath("/oauth2");
    req.setPathInfo("/access_token");
    resp = mock(HttpServletResponse.class);
    resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
    outputStream = new MockServletOutputStream();
    EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
    writer = new PrintWriter(outputStream);
    EasyMock.expect(resp.getWriter()).andReturn(writer).anyTimes();
    replay();
    servlet.service(req, resp);
    writer.flush();
    tokenResponse = new JSONObject(new String(outputStream.getBuffer(),"UTF-8"));
    System.out.println("Rejection response: " + tokenResponse.toString());
    assertEquals("invalid_grant",tokenResponse.getString("error"));
    verify();

    // use (revoked) access token to get a resource
    req = new FakeHttpServletRequest("http://localhost:8080","/social/rest/activitystreams/john.doe/@self/1/object1", "access_token=" + accessToken);
    req.setMethod("GET");
    try {
      handler.getSecurityTokenFromRequest(req);
    } catch (InvalidAuthenticationException ist) {
      return; // test passed
    }
    fail("Should have thrown InvalidAuthenticationException");
  }
View Full Code Here
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
    System.out.println("Retrieved access token: " + accessToken);

    reset();

    // ensure access token can get security token for accessing resources
    OAuth2AuthenticationHandler handler = injector.getInstance(OAuth2AuthenticationHandler.class);
    req = new FakeHttpServletRequest("http://localhost:8080","/social/rest/activitystreams/john.doe/@self/1/object1", "access_token=" + accessToken);
    req.setMethod("GET");
    SecurityToken token = handler.getSecurityTokenFromRequest(req);
    assertNotNull(token);

    reset();

    // attempt to re-use authorization code to get new access token
    req = new FakeHttpServletRequest("http://localhost:8080","/oauth2", "client_id=" + CONF_CLIENT_ID + "&grant_type=authorization_code&redirect_uri=" + URLEncoder.encode(REDIRECT_URI,"UTF-8") + "&code=" + code + "&client_secret=" + CONF_CLIENT_SECRET);
    req.setMethod("GET");
    req.setServletPath("/oauth2");
    req.setPathInfo("/access_token");
    resp = mock(HttpServletResponse.class);
    resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
    outputStream = new MockServletOutputStream();
    EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
    writer = new PrintWriter(outputStream);
    EasyMock.expect(resp.getWriter()).andReturn(writer).anyTimes();
    replay();
    servlet.service(req, resp);
    writer.flush();
    tokenResponse = new JSONObject(new String(outputStream.getBuffer(),"UTF-8"));
    System.out.println("Rejection response: " + tokenResponse.toString());
    assertEquals("invalid_grant",tokenResponse.getString("error"));
    verify();

    // use (revoked) access token to get a resource
    req = new FakeHttpServletRequest("http://localhost:8080","/social/rest/activitystreams/john.doe/@self/1/object1", "access_token=" + accessToken);
    req.setMethod("GET");
    try {
      handler.getSecurityTokenFromRequest(req);
    } catch (InvalidAuthenticationException ist) {
      return; // test passed
    }
    fail("Should have thrown InvalidAuthenticationException");
  }
View Full Code Here
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
    System.out.println("Retrieved access token: " + accessToken);

    reset();

    // ensure access token can get security token for accessing resources
    OAuth2AuthenticationHandler handler = injector.getInstance(OAuth2AuthenticationHandler.class);
    req = new FakeHttpServletRequest("http://localhost:8080","/social/rest/activitystreams/john.doe/@self/1/object1", "access_token=" + accessToken);
    req.setMethod("GET");
    SecurityToken token = handler.getSecurityTokenFromRequest(req);
    assertNotNull(token);

    reset();

    // attempt to re-use authorization code to get new access token
    req = new FakeHttpServletRequest("http://localhost:8080","/oauth2", "client_id=" + CONF_CLIENT_ID + "&grant_type=authorization_code&redirect_uri=" + URLEncoder.encode(REDIRECT_URI,"UTF-8") + "&code=" + code + "&client_secret=" + CONF_CLIENT_SECRET);
    req.setMethod("GET");
    req.setServletPath("/oauth2");
    req.setPathInfo("/access_token");
    resp = mock(HttpServletResponse.class);
    resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
    outputStream = new MockServletOutputStream();
    EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
    writer = new PrintWriter(outputStream);
    EasyMock.expect(resp.getWriter()).andReturn(writer).anyTimes();
    replay();
    servlet.service(req, resp);
    writer.flush();
    tokenResponse = new JSONObject(new String(outputStream.getBuffer(),"UTF-8"));
    System.out.println("Rejection response: " + tokenResponse.toString());
    assertEquals("invalid_grant",tokenResponse.getString("error"));
    verify();

    // use (revoked) access token to get a resource
    req = new FakeHttpServletRequest("http://localhost:8080","/social/rest/activitystreams/john.doe/@self/1/object1", "access_token=" + accessToken);
    req.setMethod("GET");
    try {
      handler.getSecurityTokenFromRequest(req);
    } catch (InvalidAuthenticationException ist) {
      return; // test passed
    }
    fail("Should have thrown InvalidAuthenticationException");
  }
View Full Code Here
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
    System.out.println("Retrieved access token: " + accessToken);

    reset();

    // ensure access token can get security token for accessing resources
    OAuth2AuthenticationHandler handler = injector.getInstance(OAuth2AuthenticationHandler.class);
    req = new FakeHttpServletRequest("http://localhost:8080","/social/rest/activitystreams/john.doe/@self/1/object1", "access_token=" + accessToken);
    req.setMethod("GET");
    SecurityToken token = handler.getSecurityTokenFromRequest(req);
    assertNotNull(token);

    reset();

    // attempt to re-use authorization code to get new access token
    req = new FakeHttpServletRequest("http://localhost:8080","/oauth2", "client_id=" + CONF_CLIENT_ID + "&grant_type=authorization_code&redirect_uri=" + URLEncoder.encode(REDIRECT_URI,"UTF-8") + "&code=" + code + "&client_secret=" + CONF_CLIENT_SECRET);
    req.setMethod("POST");
    req.setServletPath("/oauth2");
    req.setPathInfo("/access_token");
    resp = mock(HttpServletResponse.class);
    resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
    outputStream = new MockServletOutputStream();
    EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
    writer = new PrintWriter(outputStream);
    EasyMock.expect(resp.getWriter()).andReturn(writer).anyTimes();
    replay();
    servlet.service(req, resp);
    writer.flush();
    tokenResponse = new JSONObject(new String(outputStream.getBuffer(),"UTF-8"));
    System.out.println("Rejection response: " + tokenResponse.toString());
    assertEquals("invalid_grant",tokenResponse.getString("error"));
    verify();

    // use (revoked) access token to get a resource
    req = new FakeHttpServletRequest("http://localhost:8080","/social/rest/activitystreams/john.doe/@self/1/object1", "access_token=" + accessToken);
    req.setMethod("GET");
    try {
      handler.getSecurityTokenFromRequest(req);
    } catch (InvalidAuthenticationException ist) {
      return; // test passed
    }
    fail("Should have thrown InvalidAuthenticationException");
  }
View Full Code Here
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
    return "authorization_code";
  }

  public void validateRequest(OAuth2NormalizedRequest servletRequest)
      throws OAuth2Exception {
    OAuth2Client client = service.getClient(servletRequest.getClientId());
    if (client == null || client.getFlow() != Flow.AUTHORIZATION_CODE) {
      OAuth2NormalizedResponse resp = new OAuth2NormalizedResponse();
      resp.setError(ErrorType.INVALID_CLIENT.toString());
      resp.setErrorDescription("Invalid client");
      resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
      throw new OAuth2Exception(resp);
    }
    OAuth2Code authCode = service.getAuthorizationCode(
        servletRequest.getClientId(), servletRequest.getAuthorizationCode());
    if (authCode == null) {
      OAuth2NormalizedResponse response = new OAuth2NormalizedResponse();
      response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
      response.setError(ErrorType.INVALID_GRANT.toString());
      response.setErrorDescription("Bad authorization code");
      response.setBodyReturned(true);
      throw new OAuth2Exception(response);
    }
    if (servletRequest.getRedirectURI() != null
        && !servletRequest.getRedirectURI().equals(authCode.getRedirectURI())) {
      OAuth2NormalizedResponse response = new OAuth2NormalizedResponse();
      response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
      response.setError(ErrorType.INVALID_GRANT.toString());
      response
          .setErrorDescription("The redirect URI does not match the one used in the authorization request");
      response.setBodyReturned(true);
      throw new OAuth2Exception(response);
    }

    // ensure authorization code has not already been used
    if (authCode.getRelatedAccessToken() != null) {
      service.unregisterAccessToken(client.getId(), authCode
          .getRelatedAccessToken().getValue());
      OAuth2NormalizedResponse response = new OAuth2NormalizedResponse();
      response.setStatus(HttpServletResponse.SC_FORBIDDEN);
      response.setError(ErrorType.INVALID_GRANT.toString());
      response
View Full Code Here
TOP

Related Classes of org.apache.shindig.social.core.oauth2.OAuth2Client

  • com.google.inject.spi.Message
  • net.oauth.v2.example.provider.core.SampleOAuth2Provider
  • net.oauth.v2.example.provider.servlets.AuthorizationServlet2
  • org.apache.shindig.auth.AnonymousSecurityToken
  • org.apache.shindig.common.uri.UriBuilder
  • org.apache.shindig.social.core.oauth.OAuth2AuthCodeFlowTest
  • org.apache.shindig.social.core.oauth.OAuth2ClientCredentialFlowTest
  • org.apache.shindig.social.core.oauth.OAuth2ImplicitFlowTest
  • org.apache.shindig.social.core.oauth2.OAuth2Client
  • org.apache.shindig.social.core.oauth2.OAuth2Code
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.