private HttpResponse handleResourceUrl(HttpRequest request) throws Exception { MessageInfo info = parseMessage(request); String consumerId = info.message.getParameter("oauth_consumer_key"); OAuthConsumer consumer; if (CONSUMER_KEY.equals(consumerId)) { consumer = oauthConsumer; } else if ("signedfetch".equals(consumerId)) { consumer = signedFetchConsumer; } else if ("container.com".equals(consumerId)) { consumer = signedFetchConsumer; } else { return makeOAuthProblemReport( OAuthConstants.PROBLEM_PARAMETER_MISSING, "oauth_consumer_key not found", HttpResponse.SC_BAD_REQUEST); } OAuthAccessor accessor = new OAuthAccessor(consumer); String responseBody = null; if (throttled) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_CONSUMER_KEY_REFUSED, "exceeded quota", HttpResponse.SC_FORBIDDEN); } if (unauthorized) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_PERMISSION_DENIED, "user refused access", HttpResponse.SC_UNAUTHORIZED); } if (consumer == oauthConsumer) { // for OAuth, check the access token. We skip this for signed fetch String accessToken = info.message.getParameter("oauth_token"); TokenState state = tokenState.get(accessToken); if (state == null) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_TOKEN_REJECTED, "Access token unknown", HttpResponse.SC_UNAUTHORIZED); } // Check the signature accessor.accessToken = accessToken; accessor.tokenSecret = state.getSecret(); validateMessage(accessor, info, false); if (state.getState() != State.APPROVED) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_TOKEN_REVOKED, "User revoked permissions", HttpResponse.SC_UNAUTHORIZED); } if (sessionExtension) { long expiration = state.issued + TOKEN_EXPIRATION_SECONDS * 1000; if (expiration < clock.currentTimeMillis()) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_ACCESS_TOKEN_EXPIRED, "token needs to be refreshed", HttpResponse.SC_UNAUTHORIZED); } } responseBody = "User data is " + state.getUserData(); } else { // Check the signature validateMessage(accessor, info, false); // For signed fetch, just echo back the query parameters in the body responseBody = request.getUri().getQuery(); } // Send back a response HttpResponseBuilder resp = new HttpResponseBuilder() .setHttpStatusCode(HttpResponse.SC_OK) .setResponseString(responseBody); if (info.aznHeader != null) { resp.setHeader(AUTHZ_ECHO_HEADER, info.aznHeader); } if (info.body != null) { resp.setHeader(BODY_ECHO_HEADER, info.body); } if (info.rawBody != null) { resp.setHeader(RAW_BODY_ECHO_HEADER, new String(Base64.encodeBase64(info.rawBody))); } return resp.create(); }