private HttpResponse makeOAuthProblemReport(String code, String text, int rc) throws IOException {
   if (vagueErrors) {
     return new HttpResponseBuilder()
         .setHttpStatusCode(rc)
         .setResponseString("some vague error")
         .create();
   }
   OAuthMessage msg = new OAuthMessage(null, null, null);
   msg.addParameter("oauth_problem", code);
   msg.addParameter("oauth_problem_advice", text);
   return new HttpResponseBuilder()
       .setHttpStatusCode(rc)
       .addHeader("WWW-Authenticate", msg.getAuthorizationHeader("realm"))
       .create();
 }
Esempio n. 2
0
 /**
  * Add some of the parameters needed to request access to a protected resource, if they aren't
  * already in the message.
  *
  * @throws IOException
  * @throws URISyntaxException
  */
 public void addRequiredParameters(OAuthAccessor accessor)
     throws OAuthException, IOException, URISyntaxException {
   final Map<String, String> pMap = OAuth.newMap(parameters);
   if (pMap.get(OAuth.OAUTH_TOKEN) == null && accessor.accessToken != null) {
     addParameter(OAuth.OAUTH_TOKEN, accessor.accessToken);
   }
   final OAuthConsumer consumer = accessor.consumer;
   if (pMap.get(OAuth.OAUTH_CONSUMER_KEY) == null) {
     addParameter(OAuth.OAUTH_CONSUMER_KEY, consumer.consumerKey);
   }
   String signatureMethod = pMap.get(OAuth.OAUTH_SIGNATURE_METHOD);
   if (signatureMethod == null) {
     signatureMethod = (String) consumer.getProperty(OAuth.OAUTH_SIGNATURE_METHOD);
     if (signatureMethod == null) {
       signatureMethod = OAuth.HMAC_SHA1;
     }
     addParameter(OAuth.OAUTH_SIGNATURE_METHOD, signatureMethod);
   }
   if (pMap.get(OAuth.OAUTH_TIMESTAMP) == null) {
     addParameter(OAuth.OAUTH_TIMESTAMP, (System.currentTimeMillis() / 1000) + "");
   }
   if (pMap.get(OAuth.OAUTH_NONCE) == null) {
     addParameter(OAuth.OAUTH_NONCE, System.nanoTime() + "");
   }
   if (pMap.get(OAuth.OAUTH_VERSION) == null) {
     addParameter(OAuth.OAUTH_VERSION, OAuth.VERSION_1_0);
   }
   if (pMap.get(OAuth.OAUTH_BODY_HASH) == null && bodyAsStream != null) {
     addParameter(OAuth.OAUTH_BODY_HASH, getBodyHash());
   }
   this.sign(accessor);
 }
 public SecurityToken getSecurityTokenFromRequest(HttpServletRequest request)
     throws InvalidAuthenticationException {
   OAuthMessage message = OAuthServlet.getMessage(request, null);
   if (StringUtils.isEmpty(getParameter(message, OAuth.OAUTH_SIGNATURE))) {
     // Is not an oauth request
     return null;
   }
   String bodyHash = getParameter(message, OAuthConstants.OAUTH_BODY_HASH);
   if (!StringUtils.isEmpty(bodyHash)) {
     verifyBodyHash(request, bodyHash);
   }
   try {
     return verifyMessage(message);
   } catch (OAuthProblemException oauthException) {
     // Legacy body signing is intended for backwards compatability with opensocial clients
     // that assumed they could use the raw request body as a pseudo query param to get
     // body signing. This assumption was born out of the limitations of the OAuth 1.0 spec which
     // states that request bodies are only signed if they are form-encoded. This lead many clients
     // to force a content type of application/x-www-form-urlencoded for xml/json bodies and then
     // hope that receiver decoding of the body didnt have encoding issues. This didn't work out
     // to well so now these clients are required to specify the correct content type. This code
     // lets clients which sign using the old technique to work if they specify the correct content
     // type. This support is deprecated and should be removed later.
     if (allowLegacyBodySigning
         && (StringUtils.isEmpty(request.getContentType())
             || !request.getContentType().contains(OAuth.FORM_ENCODED))) {
       try {
         message.addParameter(readBodyString(request), "");
         return verifyMessage(message);
       } catch (OAuthProblemException ioe) {
         // ignore, let original exception be thrown
       } catch (IOException e) {
         // also ignore;
       }
     }
     throw new InvalidAuthenticationException("OAuth Authentication Failure", oauthException);
   }
 }
Esempio n. 4
0
 public void addParameter(String key, String value) {
   addParameter(new OAuth.Parameter(key, value));
 }