List of usage examples for org.springframework.security.oauth.common OAuthConsumerParameter oauth_version
OAuthConsumerParameter oauth_version
To view the source code for org.springframework.security.oauth.common OAuthConsumerParameter oauth_version.
Click Source Link
From source file:ltistarter.oauth.OAuth1LibraryTests.java
@Test public void testParseParameters() throws Exception { CoreOAuthProviderSupport support = new CoreOAuthProviderSupport(); when(request.getHeaders("Authorization")) .thenReturn(Collections.enumeration(Arrays.asList("OAuth realm=\"http://sp.example.com/\",\n" + " oauth_consumer_key=\"0685bd9184jfhq22\",\n" + " oauth_token=\"ad180jjd733klru7\",\n" + " oauth_signature_method=\"HMAC-SHA1\",\n" + " oauth_signature=\"wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D\",\n" + " oauth_timestamp=\"137131200\",\n" + " oauth_nonce=\"4572616e48616d6d65724c61686176\",\n" + " oauth_version=\"1.0\""))); Map<String, String> params = support.parseParameters(request); assertEquals("http://sp.example.com/", params.get("realm")); assertEquals("0685bd9184jfhq22", params.get(OAuthConsumerParameter.oauth_consumer_key.toString())); assertEquals("ad180jjd733klru7", params.get(OAuthConsumerParameter.oauth_token.toString())); assertEquals("HMAC-SHA1", params.get(OAuthConsumerParameter.oauth_signature_method.toString())); assertEquals("wOJIO9A2W5mFwDgiDvZbTSMK/PY=", params.get(OAuthConsumerParameter.oauth_signature.toString())); assertEquals("137131200", params.get(OAuthConsumerParameter.oauth_timestamp.toString())); assertEquals("4572616e48616d6d65724c61686176", params.get(OAuthConsumerParameter.oauth_nonce.toString())); assertEquals("1.0", params.get(OAuthConsumerParameter.oauth_version.toString())); }
From source file:org.springframework.security.oauth.consumer.client.CoreOAuthConsumerSupport.java
/** * Loads the OAuth parameters for the given resource at the given URL and the given token. These parameters include * any query parameters on the URL since they are included in the signature. The oauth parameters are NOT encoded. * * @param details The resource details. * @param requestURL The request URL.//www . jav a 2 s . c o m * @param requestToken The request token. * @param httpMethod The http method. * @param additionalParameters Additional oauth parameters (outside of the core oauth spec). * @return The parameters. */ protected Map<String, Set<CharSequence>> loadOAuthParameters(ProtectedResourceDetails details, URL requestURL, OAuthConsumerToken requestToken, String httpMethod, Map<String, String> additionalParameters) { Map<String, Set<CharSequence>> oauthParams = new TreeMap<String, Set<CharSequence>>(); if (additionalParameters != null) { for (Map.Entry<String, String> additionalParam : additionalParameters.entrySet()) { Set<CharSequence> values = oauthParams.get(additionalParam.getKey()); if (values == null) { values = new HashSet<CharSequence>(); oauthParams.put(additionalParam.getKey(), values); } if (additionalParam.getValue() != null) { values.add(additionalParam.getValue()); } } } String query = requestURL.getQuery(); if (query != null) { StringTokenizer queryTokenizer = new StringTokenizer(query, "&"); while (queryTokenizer.hasMoreElements()) { String token = (String) queryTokenizer.nextElement(); CharSequence value = null; int equalsIndex = token.indexOf('='); if (equalsIndex < 0) { token = urlDecode(token); } else { value = new QueryParameterValue(urlDecode(token.substring(equalsIndex + 1))); token = urlDecode(token.substring(0, equalsIndex)); } Set<CharSequence> values = oauthParams.get(token); if (values == null) { values = new HashSet<CharSequence>(); oauthParams.put(token, values); } if (value != null) { values.add(value); } } } String tokenSecret = requestToken == null ? null : requestToken.getSecret(); String nonce = getNonceFactory().generateNonce(); oauthParams.put(OAuthConsumerParameter.oauth_consumer_key.toString(), Collections.singleton((CharSequence) details.getConsumerKey())); if ((requestToken != null) && (requestToken.getValue() != null)) { oauthParams.put(OAuthConsumerParameter.oauth_token.toString(), Collections.singleton((CharSequence) requestToken.getValue())); } oauthParams.put(OAuthConsumerParameter.oauth_nonce.toString(), Collections.singleton((CharSequence) nonce)); oauthParams.put(OAuthConsumerParameter.oauth_signature_method.toString(), Collections.singleton((CharSequence) details.getSignatureMethod())); oauthParams.put(OAuthConsumerParameter.oauth_timestamp.toString(), Collections.singleton((CharSequence) String.valueOf(System.currentTimeMillis() / 1000))); oauthParams.put(OAuthConsumerParameter.oauth_version.toString(), Collections.singleton((CharSequence) "1.0")); String signatureBaseString = getSignatureBaseString(oauthParams, requestURL, httpMethod); OAuthSignatureMethod signatureMethod; try { signatureMethod = getSignatureFactory().getSignatureMethod(details.getSignatureMethod(), details.getSharedSecret(), tokenSecret); } catch (UnsupportedSignatureMethodException e) { throw new OAuthRequestFailedException(e.getMessage(), e); } String signature = signatureMethod.sign(signatureBaseString); oauthParams.put(OAuthConsumerParameter.oauth_signature.toString(), Collections.singleton((CharSequence) signature)); return oauthParams; }
From source file:org.springframework.security.oauth.consumer.CoreOAuthConsumerSupport.java
/** * Loads the OAuth parameters for the given resource at the given URL and the given token. These parameters include * any query parameters on the URL since they are included in the signature. The oauth parameters are NOT encoded. * * @param details The resource details. * @param requestURL The request URL./*from ww w . j a va2s . com*/ * @param requestToken The request token. * @param httpMethod The http method. * @param additionalParameters Additional oauth parameters (outside of the core oauth spec). * @return The parameters. */ protected Map<String, Set<CharSequence>> loadOAuthParameters(ProtectedResourceDetails details, URL requestURL, OAuthConsumerToken requestToken, String httpMethod, Map<String, String> additionalParameters) { Map<String, Set<CharSequence>> oauthParams = new TreeMap<String, Set<CharSequence>>(); if (additionalParameters != null) { for (Map.Entry<String, String> additionalParam : additionalParameters.entrySet()) { Set<CharSequence> values = oauthParams.get(additionalParam.getKey()); if (values == null) { values = new HashSet<CharSequence>(); oauthParams.put(additionalParam.getKey(), values); } if (additionalParam.getValue() != null) { values.add(additionalParam.getValue()); } } } String query = requestURL.getQuery(); if (query != null) { StringTokenizer queryTokenizer = new StringTokenizer(query, "&"); while (queryTokenizer.hasMoreElements()) { String token = (String) queryTokenizer.nextElement(); CharSequence value = null; int equalsIndex = token.indexOf('='); if (equalsIndex < 0) { token = urlDecode(token); } else { value = new QueryParameterValue(urlDecode(token.substring(equalsIndex + 1))); token = urlDecode(token.substring(0, equalsIndex)); } Set<CharSequence> values = oauthParams.get(token); if (values == null) { values = new HashSet<CharSequence>(); oauthParams.put(token, values); } if (value != null) { values.add(value); } } } String tokenSecret = requestToken == null ? null : requestToken.getSecret(); String nonce = getNonceFactory().generateNonce(); oauthParams.put(OAuthConsumerParameter.oauth_consumer_key.toString(), Collections.singleton((CharSequence) details.getConsumerKey())); if ((requestToken != null) && (requestToken.getValue() != null)) { oauthParams.put(OAuthConsumerParameter.oauth_token.toString(), Collections.singleton((CharSequence) requestToken.getValue())); } oauthParams.put(OAuthConsumerParameter.oauth_nonce.toString(), Collections.singleton((CharSequence) nonce)); oauthParams.put(OAuthConsumerParameter.oauth_signature_method.toString(), Collections.singleton((CharSequence) details.getSignatureMethod())); oauthParams.put(OAuthConsumerParameter.oauth_timestamp.toString(), Collections.singleton((CharSequence) String.valueOf(System.currentTimeMillis() / 1000))); oauthParams.put(OAuthConsumerParameter.oauth_version.toString(), Collections.singleton((CharSequence) "1.0")); String signatureBaseString = getSignatureBaseString(oauthParams, requestURL, httpMethod); OAuthSignatureMethod signatureMethod = getSignatureFactory() .getSignatureMethod(details.getSignatureMethod(), details.getSharedSecret(), tokenSecret); String signature = signatureMethod.sign(signatureBaseString); oauthParams.put(OAuthConsumerParameter.oauth_signature.toString(), Collections.singleton((CharSequence) signature)); return oauthParams; }
From source file:org.springframework.security.oauth.provider.filter.OAuthProviderProcessingFilter.java
/** * Validates the OAuth parameters for the given consumer. Base implementation validates only those parameters * that are required for all OAuth requests. This includes the nonce and timestamp, but not the signature. * * @param consumerDetails The consumer details. * @param oauthParams The OAuth parameters to validate. * @throws InvalidOAuthParametersException If the OAuth parameters are invalid. *//*from ww w.j ava2s . c o m*/ protected void validateOAuthParams(ConsumerDetails consumerDetails, Map<String, String> oauthParams) throws InvalidOAuthParametersException { String version = oauthParams.get(OAuthConsumerParameter.oauth_version.toString()); if ((version != null) && (!"1.0".equals(version))) { throw new OAuthVersionUnsupportedException("Unsupported OAuth version: " + version); } String realm = oauthParams.get("realm"); realm = realm == null || "".equals(realm) ? null : realm; if ((realm != null) && (!realm.equals(this.authenticationEntryPoint.getRealmName()))) { throw new InvalidOAuthParametersException(messages.getMessage("OAuthProcessingFilter.incorrectRealm", new Object[] { realm, this.getAuthenticationEntryPoint().getRealmName() }, "Response realm name '{0}' does not match system realm name of '{1}'")); } String signatureMethod = oauthParams.get(OAuthConsumerParameter.oauth_signature_method.toString()); if (signatureMethod == null) { throw new InvalidOAuthParametersException(messages .getMessage("OAuthProcessingFilter.missingSignatureMethod", "Missing signature method.")); } String signature = oauthParams.get(OAuthConsumerParameter.oauth_signature.toString()); if (signature == null) { throw new InvalidOAuthParametersException( messages.getMessage("OAuthProcessingFilter.missingSignature", "Missing signature.")); } String timestamp = oauthParams.get(OAuthConsumerParameter.oauth_timestamp.toString()); if (timestamp == null) { throw new InvalidOAuthParametersException( messages.getMessage("OAuthProcessingFilter.missingTimestamp", "Missing timestamp.")); } String nonce = oauthParams.get(OAuthConsumerParameter.oauth_nonce.toString()); if (nonce == null) { throw new InvalidOAuthParametersException( messages.getMessage("OAuthProcessingFilter.missingNonce", "Missing nonce.")); } try { getNonceServices().validateNonce(consumerDetails, Long.parseLong(timestamp), nonce); } catch (NumberFormatException e) { throw new InvalidOAuthParametersException(messages.getMessage("OAuthProcessingFilter.invalidTimestamp", new Object[] { timestamp }, "Timestamp must be a positive integer. Invalid value: {0}")); } validateAdditionalParameters(consumerDetails, oauthParams); }