Java tutorial
/* ************************************************************************************ * Copyright (C) 2001-2011 encuestame: system online surveys Copyright (C) 2011 * encuestame Development Team. * Licensed under the Apache Software License version 2.0 * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 * Unless required by applicable law or agreed to in writing, software distributed * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR * CONDITIONS OF ANY KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. ************************************************************************************ */ package org.encuestame.oauth.security; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.encuestame.persistence.dao.IApplicationDao; import org.encuestame.persistence.dao.imp.ApplicationDao; import org.encuestame.persistence.domain.application.ApplicationConnection; import org.encuestame.persistence.utils.SecureRandomStringKeyGenerator; import org.encuestame.util.exception.EnMeNotValidKeyOAuthSecurityException; import org.encuestame.utils.oauth.OAuthSession; import org.encuestame.utils.oauth.StandardOAuthSession; import org.springframework.beans.factory.annotation.Autowired; import java.util.WeakHashMap; /** * Implementation to OAuth Session Manager. * @author Picado, Juan juanATencuestame.org * @since Dec 23, 2010 7:23:16 PM */ public class ConcurrentMapOAuthSessionManager implements OAuthSessionManager { /** * Log. */ protected Log log = LogFactory.getLog(this.getClass()); /** * Map of Sessions. */ private final WeakHashMap<String, StandardOAuthSession> sessions; /** * Dao Application. * **/ @Autowired private IApplicationDao applicationDao; /** * Key Generator. * **/ private SecureRandomStringKeyGenerator keyGenerator = new SecureRandomStringKeyGenerator(); /** * Constructor. */ public ConcurrentMapOAuthSessionManager() { sessions = new WeakHashMap<String, StandardOAuthSession>(); } /** * New OAuth Session. */ public OAuthSession newOAuthSession(String apiKey, String callbackUrl) { final StandardOAuthSession session = new StandardOAuthSession(apiKey, callbackUrl, keyGenerator.generateKey(), keyGenerator.generateKey()); log.debug("New OAuth StandardOAuthSession" + session.getApiKey()); log.debug("New OAuth StandardOAuthSession" + session.getSecret()); log.debug("New OAuth StandardOAuthSession" + session.getVerifier()); log.debug("New OAuth StandardOAuthSession" + session.getCallbackUrl()); sessions.put(session.getRequestToken(), session); return session; } /** * Grant Access to App. * @param requestToken * @return * @throws EnMeNotValidKeyOAuthSecurityException */ public ApplicationConnection grantAccess(String requestToken) throws EnMeNotValidKeyOAuthSecurityException { log.debug("Grant Access"); StandardOAuthSession session = getStandardSession(requestToken); if (!session.authorized()) { throw new IllegalStateException("OAuthSession is not yet authorized"); } log.debug("Grant Access is authorized " + session.authorized()); try { //FIXME: inject UserAccount ApplicationConnection connection = this.applicationDao .connectApplication(session.getAuthorizingAccountId(), session.getApiKey(), null); log.debug("Grant Access new connection " + connection.getConnectionId()); sessions.remove(requestToken); return connection; } catch (Exception e) { throw new IllegalStateException("Unable to grant access due to session - have the App's key changed?", e); } } /** * Get Session. */ public OAuthSession getSession(String requestToken) throws EnMeNotValidKeyOAuthSecurityException { OAuthSession session = sessions.get(requestToken); log.trace("OAuth Session SE " + session.getSecret()); log.trace("OAuth Session AP " + session.getApiKey()); log.trace("OAuth Session RT " + session.getRequestToken()); if (session == null) { log.error("OAuth Session is null"); throw new EnMeNotValidKeyOAuthSecurityException(requestToken); } return session; } /** * Authorize application. */ public OAuthSession authorize(String requestToken, Long authorizingAccountId, String verifier) throws EnMeNotValidKeyOAuthSecurityException { final StandardOAuthSession session = getStandardSession(requestToken); log.debug("Authorize session"); if (session.authorized()) { throw new IllegalStateException("OAuthSession is already authorized"); } log.debug("Authorize session RT " + session.getRequestToken()); session.authorize(authorizingAccountId, verifier); return session; } /** * Get Standard Session. * @param requestToken * @return * @throws EnMeNotValidKeyOAuthSecurityException */ private StandardOAuthSession getStandardSession(String requestToken) throws EnMeNotValidKeyOAuthSecurityException { return (StandardOAuthSession) this.getSession(requestToken); } /** * @return the applicationDao */ public IApplicationDao getApplicationDao() { return applicationDao; } /** * @param applicationDao the applicationDao to set */ public void setApplicationDao(ApplicationDao applicationDao) { this.applicationDao = applicationDao; } }