/*
************************************************************************************
* Copyright (C) 2001-2011 encuestame: system online surveys Copyright (C) 2011
* encuestame Development Team.
* Licensed under the Apache Software License version 2.0
* You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software distributed
* under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
************************************************************************************
*/
package org.encuestame.oauth.security;
import java.util.WeakHashMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.encuestame.persistence.dao.IApplicationDao;
import org.encuestame.persistence.dao.imp.ApplicationDao;
import org.encuestame.persistence.domain.application.ApplicationConnection;
import org.encuestame.persistence.exception.EnMeNotValidKeyOAuthSecurityException;
import org.encuestame.persistence.utils.SecureRandomStringKeyGenerator;
import org.encuestame.utils.oauth.OAuthSession;
import org.encuestame.utils.oauth.StandardOAuthSession;
import org.springframework.beans.factory.annotation.Autowired;
/**
* Implementation to OAuth Session Manager.
* @author Picado, Juan juanATencuestame.org
* @since Dec 23, 2010 7:23:16 PM
*/
public class ConcurrentMapOAuthSessionManager implements OAuthSessionManager {
/**
* Log.
*/
protected Log log = LogFactory.getLog(this.getClass());
/**
* Map of Sessions.
*/
private final WeakHashMap<String, StandardOAuthSession> sessions;
/**
* Dao Application.
* **/
@Autowired
private IApplicationDao applicationDao;
/**
* Key Generator.
* **/
private SecureRandomStringKeyGenerator keyGenerator = new SecureRandomStringKeyGenerator();
/**
* Constructor.
*/
public ConcurrentMapOAuthSessionManager() {
sessions = new WeakHashMap<String, StandardOAuthSession>();
}
/**
* New OAuth Session.
*/
public OAuthSession newOAuthSession(String apiKey, String callbackUrl) {
final StandardOAuthSession session = new StandardOAuthSession(apiKey, callbackUrl, keyGenerator.generateKey(), keyGenerator.generateKey());
log.debug("New OAuth StandardOAuthSession"+session.getApiKey());
log.debug("New OAuth StandardOAuthSession"+session.getSecret());
log.debug("New OAuth StandardOAuthSession"+session.getVerifier());
log.debug("New OAuth StandardOAuthSession"+session.getCallbackUrl());
sessions.put(session.getRequestToken(), session);
return session;
}
/**
* Grant Access to App.
* @param requestToken
* @return
* @throws EnMeNotValidKeyOAuthSecurityException
*/
public ApplicationConnection grantAccess(String requestToken) throws EnMeNotValidKeyOAuthSecurityException {
log.debug("Grant Access");
StandardOAuthSession session = getStandardSession(requestToken);
if (!session.authorized()) {
throw new IllegalStateException("OAuthSession is not yet authorized");
}
log.debug("Grant Access is authorized "+session.authorized());
try {
ApplicationConnection connection = this.applicationDao.connectApplication(
session.getAuthorizingAccountId(), session.getApiKey());
log.debug("Grant Access new connection "+connection.getConnectionId());
sessions.remove(requestToken);
return connection;
} catch (Exception e) {
throw new IllegalStateException("Unable to grant access due to session - have the App's key changed?", e);
}
}
/**
* Get Session.
*/
public OAuthSession getSession(String requestToken) throws EnMeNotValidKeyOAuthSecurityException {
OAuthSession session = sessions.get(requestToken);
log.trace("OAuth Session SE "+session.getSecret());
log.trace("OAuth Session AP "+session.getApiKey());
log.trace("OAuth Session RT "+session.getRequestToken());
if (session == null) {
log.error("OAuth Session is null");
throw new EnMeNotValidKeyOAuthSecurityException(requestToken);
}
return session;
}
/**
* Authorize application.
*/
public OAuthSession authorize(String requestToken,
Long authorizingAccountId, String verifier)
throws EnMeNotValidKeyOAuthSecurityException {
final StandardOAuthSession session = getStandardSession(requestToken);
log.debug("Authorize session");
if (session.authorized()) {
throw new IllegalStateException("OAuthSession is already authorized");
}
log.debug("Authorize session RT "+session.getRequestToken());
session.authorize(authorizingAccountId, verifier);
return session;
}
/**
* Get Standard Session.
* @param requestToken
* @return
* @throws EnMeNotValidKeyOAuthSecurityException
*/
private StandardOAuthSession getStandardSession(String requestToken)
throws EnMeNotValidKeyOAuthSecurityException {
return (StandardOAuthSession) this.getSession(requestToken);
}
/**
* @return the applicationDao
*/
public IApplicationDao getApplicationDao() {
return applicationDao;
}
/**
* @param applicationDao the applicationDao to set
*/
public void setApplicationDao(ApplicationDao applicationDao) {
this.applicationDao = applicationDao;
}
}