org.biomart.oauth.provider.core.SimpleOAuthProvider.java Source code

Java tutorial

Introduction

Here is the source code for org.biomart.oauth.provider.core.SimpleOAuthProvider.java

Source

/*
 * Copyright 2007 AOL, LLC.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.biomart.oauth.provider.core;

import java.io.IOException;
import java.io.OutputStream;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.codec.digest.DigestUtils;

import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthException;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.server.OAuthServlet;
import org.biomart.common.resources.Log;
import org.biomart.oauth.persist.Accessor;
import org.biomart.oauth.persist.Consumer;

/**
 * Utility methods for providers that store consumers, tokens and secrets in 
 * local cache (HashSet). Consumer key is used as the name, and its credentials are 
 * stored in HashSet.
 *
 * @author Praveen Alavilli
 */
public class SimpleOAuthProvider {

    public static final SimpleOAuthValidator VALIDATOR = new SimpleOAuthValidator();

    private static final Map<String, OAuthConsumer> ALL_CONSUMERS = Collections
            .synchronizedMap(new HashMap<String, OAuthConsumer>(10));

    private static final Collection<OAuthAccessor> ALL_TOKENS = new HashSet<OAuthAccessor>();

    public static void loadConsumers() throws IOException {
        synchronized (ALL_CONSUMERS) {
            ALL_CONSUMERS.clear();
            Set<Consumer> consumers = Consumer.all();
            for (Consumer c : consumers) {
                Log.info("Loading OAuth consumer: " + c.oauthConsumer.getProperty("name"));
                ALL_CONSUMERS.put(c.oauthConsumer.consumerKey, c.oauthConsumer);
            }
        }
    }

    public static void loadAccessors() throws IOException {
        synchronized (ALL_TOKENS) {
            ALL_TOKENS.clear();
            Set<Accessor> accessors = Accessor.all();
            for (Accessor a : accessors) {
                ALL_TOKENS.add(a.oauthAccessor);
            }
        }
    }

    public static OAuthConsumer getConsumer(OAuthMessage requestMessage) throws IOException, OAuthProblemException {

        OAuthConsumer consumer = null;
        // try to load from local cache if not throw exception
        String consumer_key = requestMessage.getConsumerKey();

        synchronized (ALL_CONSUMERS) {
            consumer = SimpleOAuthProvider.ALL_CONSUMERS.get(consumer_key);
        }

        if (consumer == null) {
            OAuthProblemException problem = new OAuthProblemException("token_rejected");
            throw problem;
        }

        return consumer;
    }

    /**
     * Get the access token and token secret for the given oauth_token. 
     */
    public static OAuthAccessor getAccessor(OAuthMessage requestMessage) throws IOException, OAuthProblemException {

        String oauth_token = requestMessage.getParameter("oauth_token");
        String consumer_key = requestMessage.getParameter("oauth_consumer_key");
        OAuthAccessor accessor = null;

        // Try from local cache first, then retry from data store
        for (int i = 0; i < 2; i++) {
            synchronized (ALL_TOKENS) {
                for (OAuthAccessor a : SimpleOAuthProvider.ALL_TOKENS) {
                    if (a.requestToken != null) {
                        if (a.requestToken.equals(oauth_token)) {
                            accessor = a;
                            break;
                        }
                    } else if (a.accessToken != null) {
                        if (a.accessToken.equals(oauth_token) && a.consumer.consumerKey.equals(consumer_key)) {
                            accessor = a;
                            break;
                        }
                    }
                }
            }

            if (accessor == null) {
                // Refresh from data store
                Log.debug("Could not find OAuthAccess from local cache. Retrying from data store.");
                loadAccessors();
            } else {
                break;
            }
        }

        if (accessor == null) {
            OAuthProblemException problem = new OAuthProblemException("token_expired");
            throw problem;
        }

        return accessor;
    }

    public static void removeAuthorization(OAuthAccessor accessor) {
        accessor.setProperty("user", null);
        accessor.setProperty("authorized", Boolean.FALSE);
        synchronized (ALL_TOKENS) {
            ALL_TOKENS.remove(accessor);
        }
    }

    /**
     * Set the access token 
     */
    public static void markAsAuthorized(OAuthAccessor accessor, String userId) throws OAuthException {

        synchronized (ALL_TOKENS) {
            // first remove the accessor from cache
            ALL_TOKENS.remove(accessor);

            accessor.setProperty("user", userId);
            accessor.setProperty("authorized", Boolean.TRUE);

            // update token in local cache
            ALL_TOKENS.add(accessor);
        }
    }

    /**
     * Generate a fresh request token and secret for a consumer.
     * 
     * @throws OAuthException
     */
    public static void generateRequestToken(OAuthAccessor accessor, String token, String secret)
            throws OAuthException {

        accessor.requestToken = token;
        accessor.tokenSecret = secret;
        accessor.accessToken = null;

        synchronized (ALL_TOKENS) {
            // add to the local cache
            ALL_TOKENS.add(accessor);
        }
    }

    public static void generateRequestToken(OAuthAccessor accessor) throws OAuthException {
        // generate oauth_token and oauth_secret
        String consumer_key = (String) accessor.consumer.getProperty("name");

        // generate token and secret based on consumer_key

        // for now use md5 of name + current time as token
        String token_data = consumer_key + System.nanoTime();
        String token = DigestUtils.md5Hex(token_data);

        // for now use md5 of name + current time + token as secret
        String secret_data = consumer_key + System.nanoTime() + token;
        String secret = DigestUtils.md5Hex(secret_data);

        generateRequestToken(accessor, token, secret);
    }

    /**
     * Generate a fresh request token and secret for a consumer.
     * 
     * @throws OAuthException
     */
    public static void generateAccessToken(OAuthAccessor accessor, String token) throws OAuthException {

        synchronized (ALL_TOKENS) {

            // first remove the accessor from cache
            ALL_TOKENS.remove(accessor);

            accessor.requestToken = null;
            accessor.accessToken = token;

            // update token in local cache
            ALL_TOKENS.add(accessor);
        }
    }

    public static void generateAccessToken(OAuthAccessor accessor) throws OAuthException {
        // generate oauth_token and oauth_secret
        String consumer_key = (String) accessor.consumer.getProperty("name");
        // generate token and secret based on consumer_key

        // for now use md5 of name + current time as token
        String token_data = consumer_key + System.nanoTime();

        String token = DigestUtils.md5Hex(token_data);

        generateAccessToken(accessor, token);
    }

    public static void handleException(Exception e, HttpServletRequest request, HttpServletResponse response,
            boolean sendBody) throws IOException, ServletException {
        String realm = (request.isSecure()) ? "https://" : "http://";
        OutputStream out = response.getOutputStream();
        realm += request.getLocalName();
        OAuthServlet.handleException(response, e, realm, sendBody);
        out.close();
    }

}