/** * POST: For an "update" action : update cart and show the cart page For a "checkout" action: * moves the cart items to a transaction and redirects to the products page with a success message */ @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { try { Customer customer = getOrCreateCustomer(req, resp); String action = req.getParameter("action"); if ("update".equals(action)) { Map<Long, Integer> productQuantityMap = new HashMap<Long, Integer>(); for (Map.Entry<String, String[]> param : req.getParameterMap().entrySet()) { if (param.getKey().startsWith("product-")) { long productId = Long.parseLong(param.getKey().substring(8)); int quantity = Integer.parseInt(param.getValue()[0]); productQuantityMap.put(productId, quantity); } } int cartItemCount = getStorefrontService(req).updateCart(customer.getId(), productQuantityMap); customer.setCartItemCount(cartItemCount); doGet(req, resp); } else if ("checkout".equals(action)) { // Move items from cart to transaction getStorefrontService(req).checkout(customer.getId()); // Report success String itemDesc = (customer.getCartItemCount() != 1) ? customer.getCartItemCount() + " items" : "item"; addMessage( req, MessageSeverity.SUCCESS, "Your transaction was successful. Your " + itemDesc + " will be shipped soon. Thank you for shopping with us!"); // Forward to products page customer.setCartItemCount(0); resp.sendRedirect( "store-products?tenant=" + UriComponent.encode( getTenant(req).getAppInstance().getTenantName(), Type.QUERY_PARAM)); } } catch (Exception e) { addErrorMessage(req, e); doGet(req, resp); } }
public void testRSASHA1() { DummyRequest request = new DummyRequest() .requestMethod("GET") .requestURL("http://photos.example.net/photos") .parameterValue("file", "vacaction.jpg") .parameterValue("size", "original"); OAuthParameters params = new OAuthParameters() .realm(REALM) .consumerKey(CONSUMER_KEY) .signatureMethod(RSA_SIGNATURE_METHOD) .timestamp(RSA_TIMESTAMP) .nonce(RSA_NONCE) .version(VERSION); OAuthSecrets secrets = new OAuthSecrets().consumerSecret(RSA_PRIVKEY); // generate digital signature; ensure it matches the OAuth spec String signature = null; try { signature = OAuthSignature.generate(request, params, secrets); } catch (OAuthSignatureException se) { fail(se.getMessage()); } assertEquals(signature, RSA_SIGNATURE); OAuthParameters saved = (OAuthParameters) params.clone(); try { // sign the request; clear params; parse params from request; ensure they match original OAuthSignature.sign(request, params, secrets); } catch (OAuthSignatureException se) { fail(se.getMessage()); } // signing the request should not have modified the original parameters assertTrue(params.equals(saved)); assertTrue(params.getSignature() == null); params = new OAuthParameters(); params.readRequest(request); assertEquals(params.getRealm(), REALM); assertEquals(params.getConsumerKey(), CONSUMER_KEY); // assertEquals(params.getToken(), ACCESS_TOKEN); assertEquals(params.getSignatureMethod(), RSA_SIGNATURE_METHOD); assertEquals(params.getTimestamp(), RSA_TIMESTAMP); assertEquals(params.getNonce(), RSA_NONCE); assertEquals(params.getVersion(), VERSION); assertEquals(params.getSignature(), RSA_SIGNATURE); // perform the same encoding as done by OAuthParameters.writeRequest // to see if the encoded signature will match assertEquals( UriComponent.encode(params.getSignature(), UriComponent.Type.UNRESERVED), RSA_SIGNATURE_ENCODED); secrets = new OAuthSecrets().consumerSecret(RSA_CERTIFICATE); try { // verify signature using request that was just signed assertTrue(OAuthSignature.verify(request, params, secrets)); } catch (OAuthSignatureException se) { fail(se.getMessage()); } }