List of usage examples for org.springframework.security.oauth.consumer ProtectedResourceDetails isUse10a
boolean isUse10a();
From source file:org.springframework.security.oauth.consumer.client.CoreOAuthConsumerSupport.java
public OAuthConsumerToken getUnauthorizedRequestToken(ProtectedResourceDetails details, String callback) throws OAuthRequestFailedException { URL requestTokenURL;/*from w w w . j av a 2 s . c o m*/ try { requestTokenURL = new URL(details.getRequestTokenURL()); } catch (MalformedURLException e) { throw new IllegalStateException("Malformed URL for obtaining a request token.", e); } String httpMethod = details.getRequestTokenHttpMethod(); Map<String, String> additionalParameters = new TreeMap<String, String>(); if (details.isUse10a()) { additionalParameters.put(OAuthConsumerParameter.oauth_callback.toString(), callback); } Map<String, String> specifiedParams = details.getAdditionalParameters(); if (specifiedParams != null) { additionalParameters.putAll(specifiedParams); } return getTokenFromProvider(details, requestTokenURL, httpMethod, null, additionalParameters); }
From source file:org.springframework.security.oauth.consumer.client.CoreOAuthConsumerSupport.java
public OAuthConsumerToken getAccessToken(ProtectedResourceDetails details, OAuthConsumerToken requestToken, String verifier) {// w ww.ja v a 2s .c o m URL accessTokenURL; try { accessTokenURL = new URL(details.getAccessTokenURL()); } catch (MalformedURLException e) { throw new IllegalStateException("Malformed URL for obtaining an access token.", e); } String httpMethod = details.getAccessTokenHttpMethod(); Map<String, String> additionalParameters = new TreeMap<String, String>(); if (details.isUse10a()) { if (verifier == null) { throw new UnverifiedRequestTokenException("Unverified request token: " + requestToken); } additionalParameters.put(OAuthConsumerParameter.oauth_verifier.toString(), verifier); } Map<String, String> specifiedParams = details.getAdditionalParameters(); if (specifiedParams != null) { additionalParameters.putAll(specifiedParams); } return getTokenFromProvider(details, accessTokenURL, httpMethod, requestToken, additionalParameters); }
From source file:org.springframework.security.oauth.consumer.CoreOAuthConsumerSupport.java
public OAuthConsumerToken getUnauthorizedRequestToken(String resourceId, String callback) throws OAuthRequestFailedException { ProtectedResourceDetails details = getProtectedResourceDetailsService() .loadProtectedResourceDetailsById(resourceId); URL requestTokenURL;// ww w . j a v a 2s .c o m try { requestTokenURL = new URL(details.getRequestTokenURL()); } catch (MalformedURLException e) { throw new IllegalStateException("Malformed URL for obtaining a request token.", e); } String httpMethod = details.getRequestTokenHttpMethod(); Map<String, String> additionalParameters = new TreeMap<String, String>(); if (details.isUse10a()) { additionalParameters.put(OAuthConsumerParameter.oauth_callback.toString(), callback); } Map<String, String> specifiedParams = details.getAdditionalParameters(); if (specifiedParams != null) { additionalParameters.putAll(specifiedParams); } return getTokenFromProvider(details, requestTokenURL, httpMethod, null, additionalParameters); }
From source file:org.springframework.security.oauth.consumer.CoreOAuthConsumerSupport.java
public OAuthConsumerToken getAccessToken(OAuthConsumerToken requestToken, String verifier) throws OAuthRequestFailedException { ProtectedResourceDetails details = getProtectedResourceDetailsService() .loadProtectedResourceDetailsById(requestToken.getResourceId()); URL accessTokenURL;/*from w w w . j a v a2 s . c o m*/ try { accessTokenURL = new URL(details.getAccessTokenURL()); } catch (MalformedURLException e) { throw new IllegalStateException("Malformed URL for obtaining an access token.", e); } String httpMethod = details.getAccessTokenHttpMethod(); Map<String, String> additionalParameters = new TreeMap<String, String>(); if (details.isUse10a()) { if (verifier == null) { throw new UnverifiedRequestTokenException("Unverified request token: " + requestToken.getValue()); } additionalParameters.put(OAuthConsumerParameter.oauth_verifier.toString(), verifier); } Map<String, String> specifiedParams = details.getAdditionalParameters(); if (specifiedParams != null) { additionalParameters.putAll(specifiedParams); } return getTokenFromProvider(details, accessTokenURL, httpMethod, requestToken, additionalParameters); }
From source file:org.springframework.security.oauth.consumer.filter.OAuthConsumerContextFilter.java
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; OAuthSecurityContextImpl context = new OAuthSecurityContextImpl(); context.setDetails(request);/* w w w . j a v a 2s. co m*/ Map<String, OAuthConsumerToken> rememberedTokens = getRememberMeServices().loadRememberedTokens(request, response); Map<String, OAuthConsumerToken> accessTokens = new TreeMap<String, OAuthConsumerToken>(); Map<String, OAuthConsumerToken> requestTokens = new TreeMap<String, OAuthConsumerToken>(); if (rememberedTokens != null) { for (Map.Entry<String, OAuthConsumerToken> tokenEntry : rememberedTokens.entrySet()) { OAuthConsumerToken token = tokenEntry.getValue(); if (token != null) { if (token.isAccessToken()) { accessTokens.put(tokenEntry.getKey(), token); } else { requestTokens.put(tokenEntry.getKey(), token); } } } } context.setAccessTokens(accessTokens); OAuthSecurityContextHolder.setContext(context); if (LOG.isDebugEnabled()) { LOG.debug("Storing access tokens in request attribute '" + getAccessTokensRequestAttribute() + "'."); } try { try { request.setAttribute(getAccessTokensRequestAttribute(), new ArrayList<OAuthConsumerToken>(accessTokens.values())); chain.doFilter(request, response); } catch (Exception e) { try { ProtectedResourceDetails resourceThatNeedsAuthorization = checkForResourceThatNeedsAuthorization( e); String neededResourceId = resourceThatNeedsAuthorization.getId(); while (!accessTokens.containsKey(neededResourceId)) { OAuthConsumerToken token = requestTokens.remove(neededResourceId); if (token == null) { token = getTokenServices().getToken(neededResourceId); } String verifier = request.getParameter(OAuthProviderParameter.oauth_verifier.toString()); // if the token is null OR // if there is NO access token and (we're not using 1.0a or the verifier is not null) if (token == null || (!token.isAccessToken() && (!resourceThatNeedsAuthorization.isUse10a() || verifier == null))) { //no token associated with the resource, start the oauth flow. //if there's a request token, but no verifier, we'll assume that a previous oauth request failed and we need to get a new request token. if (LOG.isDebugEnabled()) { LOG.debug("Obtaining request token for resource: " + neededResourceId); } //obtain authorization. String callbackURL = response.encodeRedirectURL(getCallbackURL(request)); token = getConsumerSupport().getUnauthorizedRequestToken(neededResourceId, callbackURL); if (LOG.isDebugEnabled()) { LOG.debug("Request token obtained for resource " + neededResourceId + ": " + token); } //okay, we've got a request token, now we need to authorize it. requestTokens.put(neededResourceId, token); getTokenServices().storeToken(neededResourceId, token); String redirect = getUserAuthorizationRedirectURL(resourceThatNeedsAuthorization, token, callbackURL); if (LOG.isDebugEnabled()) { LOG.debug("Redirecting request to " + redirect + " for user authorization of the request token for resource " + neededResourceId + "."); } request.setAttribute( "org.springframework.security.oauth.consumer.AccessTokenRequiredException", e); this.redirectStrategy.sendRedirect(request, response, redirect); return; } else if (!token.isAccessToken()) { //we have a presumably authorized request token, let's try to get an access token with it. if (LOG.isDebugEnabled()) { LOG.debug("Obtaining access token for resource: " + neededResourceId); } //authorize the request token and store it. try { token = getConsumerSupport().getAccessToken(token, verifier); } finally { getTokenServices().removeToken(neededResourceId); } if (LOG.isDebugEnabled()) { LOG.debug("Access token " + token + " obtained for resource " + neededResourceId + ". Now storing and using."); } getTokenServices().storeToken(neededResourceId, token); } accessTokens.put(neededResourceId, token); try { //try again if (!response.isCommitted()) { request.setAttribute(getAccessTokensRequestAttribute(), new ArrayList<OAuthConsumerToken>(accessTokens.values())); chain.doFilter(request, response); } else { //dang. what do we do now? throw new IllegalStateException( "Unable to reprocess filter chain with needed OAuth2 resources because the response is already committed."); } } catch (Exception e1) { resourceThatNeedsAuthorization = checkForResourceThatNeedsAuthorization(e1); neededResourceId = resourceThatNeedsAuthorization.getId(); } } } catch (OAuthRequestFailedException eo) { fail(request, response, eo); } catch (Exception ex) { Throwable[] causeChain = getThrowableAnalyzer().determineCauseChain(ex); OAuthRequestFailedException rfe = (OAuthRequestFailedException) getThrowableAnalyzer() .getFirstThrowableOfType(OAuthRequestFailedException.class, causeChain); if (rfe != null) { fail(request, response, rfe); } else { // Rethrow ServletExceptions and RuntimeExceptions as-is if (ex instanceof ServletException) { throw (ServletException) ex; } else if (ex instanceof RuntimeException) { throw (RuntimeException) ex; } // Wrap other Exceptions. These are not expected to happen throw new RuntimeException(ex); } } } } finally { OAuthSecurityContextHolder.setContext(null); HashMap<String, OAuthConsumerToken> tokensToRemember = new HashMap<String, OAuthConsumerToken>(); tokensToRemember.putAll(requestTokens); tokensToRemember.putAll(accessTokens); getRememberMeServices().rememberTokens(tokensToRemember, request, response); } }
From source file:org.springframework.security.oauth.consumer.filter.OAuthConsumerContextFilter.java
/** * Get the URL to which to redirect the user for authorization of protected resources. * * @param details The resource for which to get the authorization url. * @param requestToken The request token. * @param callbackURL The callback URL. * @return The URL.// w ww .ja va2 s .c om */ protected String getUserAuthorizationRedirectURL(ProtectedResourceDetails details, OAuthConsumerToken requestToken, String callbackURL) { try { String baseURL = details.getUserAuthorizationURL(); StringBuilder builder = new StringBuilder(baseURL); char appendChar = baseURL.indexOf('?') < 0 ? '?' : '&'; builder.append(appendChar).append("oauth_token="); builder.append(URLEncoder.encode(requestToken.getValue(), "UTF-8")); if (!details.isUse10a()) { builder.append('&').append("oauth_callback="); builder.append(URLEncoder.encode(callbackURL, "UTF-8")); } return builder.toString(); } catch (UnsupportedEncodingException e) { throw new IllegalStateException(e); } }
From source file:org.springframework.security.oauth.consumer.OAuthConsumerProcessingFilter.java
/** * Get the URL to which to redirect the user for authorization of protected resources. * * @param requestToken The request token. * @param callbackURL The callback URL. * @return The URL./* ww w .ja va 2s.co m*/ */ protected String getUserAuthorizationRedirectURL(OAuthConsumerToken requestToken, String callbackURL) { ProtectedResourceDetails details = getProtectedResourceDetailsService() .loadProtectedResourceDetailsById(requestToken.getResourceId()); try { String baseURL = details.getUserAuthorizationURL(); StringBuilder builder = new StringBuilder(baseURL); char appendChar = baseURL.indexOf('?') < 0 ? '?' : '&'; builder.append(appendChar).append("oauth_token="); builder.append(URLEncoder.encode(requestToken.getValue(), "UTF-8")); if (!details.isUse10a()) { builder.append('&').append("oauth_callback="); builder.append(URLEncoder.encode(callbackURL, "UTF-8")); } return builder.toString(); } catch (UnsupportedEncodingException e) { throw new IllegalStateException(e); } }