List of usage examples for org.springframework.security.oauth.provider InvalidOAuthParametersException InvalidOAuthParametersException
public InvalidOAuthParametersException(String msg)
From source file:org.springframework.security.oauth.provider.filter.OAuthProviderProcessingFilter.java
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; if (!skipProcessing(request)) { if (requiresAuthentication(request, response, chain)) { if (!allowMethod(request.getMethod().toUpperCase())) { if (log.isDebugEnabled()) { log.debug("Method " + request.getMethod() + " not supported."); }/* w ww.ja v a 2s. co m*/ response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); return; } try { Map<String, String> oauthParams = getProviderSupport().parseParameters(request); if (parametersAreAdequate(oauthParams)) { if (log.isDebugEnabled()) { StringBuilder builder = new StringBuilder("OAuth parameters parsed: "); for (String param : oauthParams.keySet()) { builder.append(param).append('=').append(oauthParams.get(param)).append(' '); } log.debug(builder.toString()); } String consumerKey = oauthParams.get(OAuthConsumerParameter.oauth_consumer_key.toString()); if (consumerKey == null) { throw new InvalidOAuthParametersException(messages.getMessage( "OAuthProcessingFilter.missingConsumerKey", "Missing consumer key.")); } //load the consumer details. ConsumerDetails consumerDetails = getConsumerDetailsService() .loadConsumerByConsumerKey(consumerKey); if (log.isDebugEnabled()) { log.debug("Consumer details loaded for " + consumerKey + ": " + consumerDetails); } //validate the parameters for the consumer. validateOAuthParams(consumerDetails, oauthParams); if (log.isDebugEnabled()) { log.debug("Parameters validated."); } //extract the credentials. String token = oauthParams.get(OAuthConsumerParameter.oauth_token.toString()); String signatureMethod = oauthParams .get(OAuthConsumerParameter.oauth_signature_method.toString()); String signature = oauthParams.get(OAuthConsumerParameter.oauth_signature.toString()); String signatureBaseString = getProviderSupport().getSignatureBaseString(request); ConsumerCredentials credentials = new ConsumerCredentials(consumerKey, signature, signatureMethod, signatureBaseString, token); //create an authentication request. ConsumerAuthentication authentication = new ConsumerAuthentication(consumerDetails, credentials, oauthParams); authentication.setDetails(createDetails(request, consumerDetails)); Authentication previousAuthentication = SecurityContextHolder.getContext() .getAuthentication(); try { //set the authentication request (unauthenticated) into the context. SecurityContextHolder.getContext().setAuthentication(authentication); //validate the signature. validateSignature(authentication); //mark the authentication request as validated. authentication.setSignatureValidated(true); //mark that processing has been handled. request.setAttribute(OAUTH_PROCESSING_HANDLED, Boolean.TRUE); if (log.isDebugEnabled()) { log.debug("Signature validated."); } //go. onValidSignature(request, response, chain); } finally { //clear out the consumer authentication to make sure it doesn't get cached. resetPreviousAuthentication(previousAuthentication); } } else if (!isIgnoreInadequateCredentials()) { throw new InvalidOAuthParametersException( messages.getMessage("OAuthProcessingFilter.missingCredentials", "Inadequate OAuth consumer credentials.")); } else { if (log.isDebugEnabled()) { log.debug("Supplied OAuth parameters are inadequate. Ignoring."); } chain.doFilter(request, response); } } catch (AuthenticationException ae) { fail(request, response, ae); } catch (ServletException e) { if (e.getRootCause() instanceof AuthenticationException) { fail(request, response, (AuthenticationException) e.getRootCause()); } else { throw e; } } } else { if (log.isDebugEnabled()) { log.debug("Request does not require authentication. OAuth processing skipped."); } chain.doFilter(servletRequest, servletResponse); } } else { if (log.isDebugEnabled()) { log.debug("Processing explicitly skipped."); } chain.doFilter(servletRequest, servletResponse); } }
From source file:org.springframework.security.oauth.provider.filter.OAuthProviderProcessingFilter.java
/** * Validates the OAuth parameters for the given consumer. Base implementation validates only those parameters * that are required for all OAuth requests. This includes the nonce and timestamp, but not the signature. * * @param consumerDetails The consumer details. * @param oauthParams The OAuth parameters to validate. * @throws InvalidOAuthParametersException If the OAuth parameters are invalid. */// w ww.j a v a 2 s.com protected void validateOAuthParams(ConsumerDetails consumerDetails, Map<String, String> oauthParams) throws InvalidOAuthParametersException { String version = oauthParams.get(OAuthConsumerParameter.oauth_version.toString()); if ((version != null) && (!"1.0".equals(version))) { throw new OAuthVersionUnsupportedException("Unsupported OAuth version: " + version); } String realm = oauthParams.get("realm"); realm = realm == null || "".equals(realm) ? null : realm; if ((realm != null) && (!realm.equals(this.authenticationEntryPoint.getRealmName()))) { throw new InvalidOAuthParametersException(messages.getMessage("OAuthProcessingFilter.incorrectRealm", new Object[] { realm, this.getAuthenticationEntryPoint().getRealmName() }, "Response realm name '{0}' does not match system realm name of '{1}'")); } String signatureMethod = oauthParams.get(OAuthConsumerParameter.oauth_signature_method.toString()); if (signatureMethod == null) { throw new InvalidOAuthParametersException(messages .getMessage("OAuthProcessingFilter.missingSignatureMethod", "Missing signature method.")); } String signature = oauthParams.get(OAuthConsumerParameter.oauth_signature.toString()); if (signature == null) { throw new InvalidOAuthParametersException( messages.getMessage("OAuthProcessingFilter.missingSignature", "Missing signature.")); } String timestamp = oauthParams.get(OAuthConsumerParameter.oauth_timestamp.toString()); if (timestamp == null) { throw new InvalidOAuthParametersException( messages.getMessage("OAuthProcessingFilter.missingTimestamp", "Missing timestamp.")); } String nonce = oauthParams.get(OAuthConsumerParameter.oauth_nonce.toString()); if (nonce == null) { throw new InvalidOAuthParametersException( messages.getMessage("OAuthProcessingFilter.missingNonce", "Missing nonce.")); } try { getNonceServices().validateNonce(consumerDetails, Long.parseLong(timestamp), nonce); } catch (NumberFormatException e) { throw new InvalidOAuthParametersException(messages.getMessage("OAuthProcessingFilter.invalidTimestamp", new Object[] { timestamp }, "Timestamp must be a positive integer. Invalid value: {0}")); } validateAdditionalParameters(consumerDetails, oauthParams); }
From source file:org.springframework.security.oauth.provider.filter.OAuthProviderProcessingFilter.java
/** * Logic to be performed on a new timestamp. The default behavior expects that the timestamp should not be new. * * @throws org.springframework.security.core.AuthenticationException * If the timestamp shouldn't be new. */// w ww. ja v a2s . com protected void onNewTimestamp() throws AuthenticationException { throw new InvalidOAuthParametersException(messages.getMessage("OAuthProcessingFilter.timestampNotNew", "A new timestamp should not be used in a request for an access token.")); }