Java tutorial
/* * JBoss, Home of Professional Open Source * * Copyright 2013 Red Hat, Inc. and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.picketlink.social.auth; import java.security.Principal; import javax.servlet.ServletContext; import javax.servlet.http.HttpSession; import org.picketlink.authentication.AuthenticationException; import org.picketlink.idm.model.basic.User; import org.picketlink.social.auth.conf.TwitterConfiguration; import twitter4j.Twitter; import twitter4j.TwitterException; import twitter4j.TwitterFactory; import twitter4j.auth.AccessToken; import twitter4j.auth.RequestToken; /** * Implementation of {@link org.picketlink.authentication.Authenticator} for Twitter login * @author Anil Saldhana * @since June 03, 2013 */ public class TwitterAuthenticator extends AbstractSocialAuthenticator { protected static final String TWIT_REQUEST_TOKEN_SESSION_ATTRIBUTE = "TWIT_REQUEST_TOKEN_SESSION_ATTRIBUTE"; protected TwitterConfiguration configuration; public void setConfiguration(TwitterConfiguration configuration) { this.configuration = configuration; } @Override public void authenticate() { if (httpServletRequest == null) { throw new IllegalStateException("http request not available"); } if (httpServletResponse == null) { throw new IllegalStateException("http response not available"); } if (configuration == null) { throw new IllegalStateException("configuration not available"); } HttpSession session = httpServletRequest.getSession(); ServletContext servletContext = httpServletRequest.getServletContext(); String clientID = configuration.getClientID(); String clientSecret = configuration.getClientSecret(); String returnURL = configuration.getReturnURL(); Principal principal = null; Twitter twitter = new TwitterFactory().getInstance(); twitter.setOAuthConsumer(clientID, clientSecret); //See if we are a callback String verifier = httpServletRequest.getParameter("oauth_verifier"); RequestToken requestToken = (RequestToken) session.getAttribute(TWIT_REQUEST_TOKEN_SESSION_ATTRIBUTE); if (verifier != null && requestToken == null) { //Let us fall back String twitterSentRequestToken = httpServletRequest.getParameter("oauth_token"); if (twitterSentRequestToken != null) { requestToken = (RequestToken) servletContext.getAttribute(twitterSentRequestToken); } if (requestToken == null) { throw new IllegalStateException("Verifier present but request token null"); } //Discard the stored request tokens servletContext.removeAttribute(twitterSentRequestToken); session.removeAttribute(TWIT_REQUEST_TOKEN_SESSION_ATTRIBUTE); } if (requestToken != null && verifier != null) { try { AccessToken accessToken = twitter.getOAuthAccessToken(requestToken, verifier); session.setAttribute("accessToken", accessToken); session.removeAttribute("requestToken"); } catch (TwitterException e) { throw new AuthenticationException("Twitter Login:", e); } try { principal = new TwitterPrincipal(twitter.verifyCredentials()); setStatus(AuthenticationStatus.SUCCESS); setAccount(new User(principal.getName())); return; } catch (TwitterException e) { throw new AuthenticationException("Twitter Login:", e); } } try { requestToken = twitter.getOAuthRequestToken(returnURL); session.setAttribute(TWIT_REQUEST_TOKEN_SESSION_ATTRIBUTE, requestToken); //back up in the case the browser provides a new session to the user on twitter callback servletContext.setAttribute(requestToken.getToken(), requestToken); httpServletResponse.sendRedirect(requestToken.getAuthenticationURL()); } catch (Exception e) { throw new AuthenticationException("Twitter Login:", e); } if (principal != null) { setStatus(AuthenticationStatus.SUCCESS); setAccount(new User(principal.getName())); } } }