net.oauth.server.OAuthServlet Java Examples

The following examples show how to use net.oauth.server.OAuthServlet. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: CallbackURLController.java    From cxf with Apache License 2.0 6 votes vote down vote up 
@RequestMapping("/callback")
protected ModelAndView handleRequest(@ModelAttribute("oAuthParams") OAuthParams oAuthParams,
                                     HttpServletRequest request) throws Exception {

    OAuthMessage message = OAuthServlet.getMessage(request, request.getRequestURL().toString());

    try {
        message.requireParameters(OAuth.OAUTH_TOKEN, OAuth.OAUTH_VERIFIER);
        oAuthParams.setOauthToken(message.getToken());
        oAuthParams.setOauthVerifier(message.getParameter(OAuth.OAUTH_VERIFIER));

        oAuthParams.setClientID(Common.findCookieValue(request, "clientID"));
        oAuthParams.setClientSecret(Common.findCookieValue(request, "clientSecret"));
    } catch (OAuthProblemException e) {
        oAuthParams.setErrorMessage("OAuth problem: " + e.getProblem() + e.getParameters().toString());
    }


    return new ModelAndView("tokenRequest");
}
Example #2
Source File: ProviderServlet.java    From sakai with Educational Community License v2.0 5 votes vote down vote up 
protected Map getPayloadAsMap(HttpServletRequest request) {
	Map payload = new HashMap();
	for (Enumeration e = request.getParameterNames(); e.hasMoreElements(); ) {
		String key = (String)e.nextElement();
		payload.put(key, request.getParameter(key));
	}

	String requestURL = SakaiBLTIUtil.getOurServletPath(request);
	payload.put("oauth_message", OAuthServlet.getMessage(request, requestURL));
	payload.put("tool_id", 	request.getPathInfo());
	return payload;
}
Example #3
Source File: OAuthHttpServiceImpl.java    From sakai with Educational Community License v2.0 5 votes vote down vote up 
private static void handleException(Exception e, HttpServletRequest request,
                                    HttpServletResponse response, boolean sendBody)
        throws IOException, ServletException {
    String realm = (request.isSecure()) ? "https://" : "http://";
    realm += request.getLocalName();
    OAuthServlet.handleException(response, e, realm, sendBody);
}
Example #4
Source File: ProviderServlet.java    From sakai with Educational Community License v2.0 5 votes vote down vote up 
protected Map getPayloadAsMap(HttpServletRequest request) {
	Map payload = new HashMap();
	for (Enumeration e = request.getParameterNames(); e.hasMoreElements(); ) {
		String key = (String)e.nextElement();
		payload.put(key, request.getParameter(key));
	}

	String requestURL = SakaiBLTIUtil.getOurServletPath(request);
	payload.put("oauth_message", OAuthServlet.getMessage(request, requestURL));
	payload.put("tool_id", 	request.getPathInfo());
	return payload;
}
Example #5
Source File: OAuthHttpServiceImpl.java    From sakai with Educational Community License v2.0 5 votes vote down vote up 
private static void handleException(Exception e, HttpServletRequest request,
                                    HttpServletResponse response, boolean sendBody)
        throws IOException, ServletException {
    String realm = (request.isSecure()) ? "https://" : "http://";
    realm += request.getLocalName();
    OAuthServlet.handleException(response, e, realm, sendBody);
}
Example #6
Source File: OAuthUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up 
public static OAuthMessage getOAuthMessage(MessageContext mc,
                                           HttpServletRequest request,
                                           String[] requiredParams) throws Exception {
    OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
    OAuthUtils.addParametersIfNeeded(mc, request, oAuthMessage);
    oAuthMessage.requireParameters(requiredParams);
    return oAuthMessage;
}
Example #7
Source File: OAuthServletFilter.java    From cxf with Apache License 2.0 5 votes vote down vote up 
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws
    IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest)request;
    HttpServletResponse resp = (HttpServletResponse)response;

    try {
        OAuthInfo info = handleOAuthRequest(req);
        req = setSecurityContext(req, info);
        chain.doFilter(req, resp);
    } catch (Exception e) {
        OAuthServlet.handleException(resp, e, "");
    }
}
Example #8
Source File: OAuthHttpServiceImpl.java    From sakai with Educational Community License v2.0 4 votes vote down vote up 
@Override
public String getOAuthAccessToken(HttpServletRequest request) throws IOException {
    OAuthMessage message = OAuthServlet.getMessage(request, null);
    return message.getToken();
}
Example #9
Source File: BasicLTIUtilTest.java    From basiclti-util-java with Apache License 2.0 4 votes vote down vote up 
@Test
public void testValidateMessageFailsWhenNoConsumerKey() throws IOException, Exception{
    
    HttpServletRequest requestMock = Mockito.mock(HttpServletRequest.class);
    String url = "https://example.com/lti-launch";
    
    PowerMockito.mockStatic(OAuthServlet.class);
    OAuthMessage messageMock = Mockito.mock(OAuthMessage.class);
    
    PowerMockito.when(OAuthServlet.getMessage(requestMock, url)).thenReturn(messageMock);

    Mockito.when(messageMock.getConsumerKey()).thenThrow(new IOException("io exception"));

    LtiVerificationResult result = BasicLTIUtil.validateMessage(requestMock, url, "secret");

    Assert.assertEquals(LtiError.BAD_REQUEST, result.getError());
    Assert.assertEquals(Boolean.FALSE, result.getSuccess());
    
}
Example #10
Source File: OAuthHttpServiceImpl.java    From sakai with Educational Community License v2.0 4 votes vote down vote up 
@Override
public String getOAuthAccessToken(HttpServletRequest request) throws IOException {
    OAuthMessage message = OAuthServlet.getMessage(request, null);
    return message.getToken();
}
Example #11
Source File: AbstractAuthFilter.java    From cxf with Apache License 2.0 4 votes vote down vote up 
/**
 * Authenticates the third-party consumer and returns
 * {@link OAuthInfo} bean capturing the information about the request.
 * @param req http request
 * @return OAuth info
 * @see OAuthInfo
 * @throws Exception
 * @throws OAuthProblemException
 */
protected OAuthInfo handleOAuthRequest(HttpServletRequest req) throws
    Exception, OAuthProblemException {
    if (LOG.isLoggable(Level.FINE)) {
        LOG.log(Level.FINE, "OAuth security filter for url: {0}", req.getRequestURL());
    }

    AccessToken accessToken = null;
    Client client = null;

    OAuthMessage oAuthMessage = OAuthServlet.getMessage(new CustomHttpServletWrapper(req),
                                                        OAuthServlet.getRequestURL(req));
    if (oAuthMessage.getParameter(OAuth.OAUTH_TOKEN) != null) {
        oAuthMessage.requireParameters(REQUIRED_PARAMETERS);

        accessToken = dataProvider.getAccessToken(oAuthMessage.getToken());

        //check if access token is not null
        if (accessToken == null) {
            LOG.warning("Access token is unavailable");
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
        client = accessToken.getClient();

        OAuthUtils.validateMessage(oAuthMessage, client, accessToken,
                                   dataProvider, validator);
    } else {
        String consumerKey = null;
        String consumerSecret = null;

        String authHeader = oAuthMessage.getHeader("Authorization");
        if (authHeader != null) {
            if (authHeader.startsWith("OAuth")) {
                consumerKey = oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY);
                consumerSecret = oAuthMessage.getParameter(OAuthConstants.OAUTH_CONSUMER_SECRET);
            } else if (authHeader.startsWith("Basic")) {
                AuthorizationPolicy policy = getAuthorizationPolicy(authHeader);
                if (policy != null) {
                    consumerKey = policy.getUserName();
                    consumerSecret = policy.getPassword();
                }
            }
        }

        if (consumerKey != null) {
            client = dataProvider.getClient(consumerKey);
        }
        if (client == null) {
            LOG.warning("Client is invalid");
            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
        }

        if (consumerSecret != null && !consumerSecret.equals(client.getSecretKey())) {
            LOG.warning("Client secret is invalid");
            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
        }
        OAuthUtils.validateMessage(oAuthMessage, client, null,
                                   dataProvider, validator);
        accessToken = client.getPreAuthorizedToken();
        if (accessToken == null || !accessToken.isPreAuthorized()) {
            LOG.warning("Preauthorized access token is unavailable");
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
    }

    List<OAuthPermission> permissions = accessToken.getScopes();
    List<OAuthPermission> matchingPermissions = new ArrayList<>();

    for (OAuthPermission perm : permissions) {
        boolean uriOK = checkRequestURI(req, perm.getUris());
        boolean verbOK = checkHttpVerb(req, perm.getHttpVerbs());
        if (uriOK && verbOK) {
            matchingPermissions.add(perm);
        }
    }

    if (!permissions.isEmpty() && matchingPermissions.isEmpty()) {
        String message = "Client has no valid permissions";
        LOG.warning(message);
        throw new OAuthProblemException(message);
    }
    return new OAuthInfo(accessToken, matchingPermissions);

}