public AccessToken createAccessToken(AccessTokenRegistration reg) throws OAuthServiceException { RequestToken rt = reg.getRequestToken(); String tokenId = UUID.randomUUID().toString(); String tokenSecret = UUID.randomUUID().toString(); at = new AccessToken(rt.getClient(), tokenId, tokenSecret); at.setSubject(rt.getSubject()); at.setScopes(rt.getScopes()); rt = null; return at; }
public AccessToken getAccessToken(String tokenId) throws OAuthServiceException { return at == null || !at.getTokenKey().equals(tokenId) ? null : at; }
protected SecurityContext createSecurityContext(HttpServletRequest request, final OAuthInfo info) { // TODO: // This custom parameter is only needed by the "oauth" // demo shipped in the distribution; needs to be removed. request.setAttribute("oauth_authorities", info.getRoles()); UserSubject subject = info.getToken().getSubject(); final UserSubject theSubject = subject; return new SecurityContext() { public Principal getUserPrincipal() { String login = AbstractAuthFilter.this.useUserSubject ? (theSubject != null ? theSubject.getLogin() : null) : info.getToken().getClient().getLoginName(); return new SimplePrincipal(login); } public boolean isUserInRole(String role) { List<String> roles = null; if (AbstractAuthFilter.this.useUserSubject && theSubject != null) { roles = theSubject.getRoles(); } else { roles = info.getRoles(); } return roles.contains(role); } }; }
public AccessToken createAccessToken(AccessTokenRegistration reg) throws OAuthServiceException { RequestToken requestToken = reg.getRequestToken(); Client client = requestToken.getClient(); requestToken = getRequestToken(requestToken.getTokenKey()); String accessTokenString = generateToken(); String tokenSecretString = generateToken(); AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString, 3600, System.currentTimeMillis() / 1000); accessToken.setScopes(requestToken.getScopes()); synchronized (oauthTokens) { oauthTokens.remove(requestToken.getTokenKey()); oauthTokens.put(accessTokenString, accessToken); synchronized (userAuthorizedClients) { userAuthorizedClients.add(client.getConsumerKey(), client.getConsumerKey()); } } return accessToken; }
throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED); client = accessToken.getClient(); dataProvider, validator); accessToken = client.getPreAuthorizedToken(); if (accessToken == null || !accessToken.isPreAuthorized()) { LOG.warning("Preauthorized access token is unavailable"); throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED); List<OAuthPermission> permissions = accessToken.getScopes(); List<OAuthPermission> matchingPermissions = new ArrayList<>();
responseParams.put(OAuth.OAUTH_TOKEN, accessToken.getTokenKey()); responseParams.put(OAuth.OAUTH_TOKEN_SECRET, accessToken.getTokenSecret());
public Principal getUserPrincipal() { String login = AbstractAuthFilter.this.useUserSubject ? (theSubject != null ? theSubject.getLogin() : null) : info.getToken().getClient().getLoginName(); return new SimplePrincipal(login); }
protected OAuthContext createOAuthContext(OAuthInfo info) { UserSubject subject = null; if (info.getToken() != null) { subject = info.getToken().getSubject(); } return new OAuthContext(subject, info.getMatchedPermissions()); }