org.eclipse.lyo.server.oauth.core.token
Class SimpleTokenStrategy

java.lang.Object
  extended by org.eclipse.lyo.server.oauth.core.token.SimpleTokenStrategy
All Implemented Interfaces:
TokenStrategy

public class SimpleTokenStrategy
extends Object
implements TokenStrategy

A simple strategy for generating and validating tokens. Generates random tokens and stores them in memory. Tokens are only good for the life of the process. Least recently used tokens are invalidated when cached limits are reached.

Author:
Samuel Padgett

Nested Class Summary
protected  class SimpleTokenStrategy.RequestTokenData
          Holds information associated with a request token such as the callback URL and OAuth verification code.
 
Constructor Summary
SimpleTokenStrategy()
          Constructs a SimpleTokenStrategy using the defaults for cache limits on request and access tokens.
SimpleTokenStrategy(int requestTokenMaxCount, int accessTokenMaxCount)
          Constructs a SimpleTokenStrategy with cache limits on the number of request and access tokens.
 
Method Summary
 void generateAccessToken(OAuthRequest oAuthRequest)
          Generates an access token and token secret and sets it in the accessor in the OAuthRequest.
 void generateRequestToken(OAuthRequest oAuthRequest)
          Generates a request token and token secret and sets it in the accessor in the OAuthRequest.
protected  String generateTokenString()
          Creates a unique, random string to use for tokens.
 String generateVerificationCode(javax.servlet.http.HttpServletRequest httpRequest, String requestToken)
          Generates an "unguessable" OAuth verification code.
 String getCallback(javax.servlet.http.HttpServletRequest httpRequest, String requestToken)
          Gets the OAuth callback associated with this consumer for OAuth 1.0a authentication flows.
protected  SimpleTokenStrategy.RequestTokenData getRequestTokenData(OAuthRequest oAuthRequest)
          Gets the request token data from this OAuth request.
protected  SimpleTokenStrategy.RequestTokenData getRequestTokenData(String requestToken)
          Gets the request token data for this request token.
 String getTokenSecret(javax.servlet.http.HttpServletRequest httpRequest, String token)
          Gets the token secret for token to validate signatures.
 boolean isRequestTokenAuthorized(javax.servlet.http.HttpServletRequest httpRequest, String requestToken)
          Checks with the request token has been authorized by the end user.
 void markRequestTokenAuthorized(javax.servlet.http.HttpServletRequest httpRequest, String requestToken)
          Indicates that a user has typed in a valid ID and password, and that the request token can now be exchanged for an access token.
 void validateAccessToken(OAuthRequest oAuthRequest)
          Validates that the access token is valid, throwing an exception if not.
 String validateRequestToken(javax.servlet.http.HttpServletRequest httpRequest, net.oauth.OAuthMessage message)
          Validates that the request token is valid, throwing an exception if not.
 void validateVerificationCode(OAuthRequest oAuthRequest)
          Validates that the verification code is recognized and associated with the request token.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SimpleTokenStrategy

public SimpleTokenStrategy()
Constructs a SimpleTokenStrategy using the defaults for cache limits on request and access tokens.

See Also:
SimpleTokenStrategy(int, int)

SimpleTokenStrategy

public SimpleTokenStrategy(int requestTokenMaxCount,
                           int accessTokenMaxCount)
Constructs a SimpleTokenStrategy with cache limits on the number of request and access tokens. Least recently used tokens are invalidated when cache limits are reached.

Parameters:
requestTokenMaxCount - the maximum number of request tokens to track
accessTokenMaxCount - the maximum number of access tokens to track
Method Detail

generateRequestToken

public void generateRequestToken(OAuthRequest oAuthRequest)
                          throws IOException
Description copied from interface: TokenStrategy
Generates a request token and token secret and sets it in the accessor in the OAuthRequest.

Specified by:
generateRequestToken in interface TokenStrategy
Parameters:
oAuthRequest - the OAuth request
Throws:
IOException - on errors reading from the request message
See Also:
OAuthRequest.getAccessor()

validateRequestToken

public String validateRequestToken(javax.servlet.http.HttpServletRequest httpRequest,
                                   net.oauth.OAuthMessage message)
                            throws net.oauth.OAuthException,
                                   IOException
Description copied from interface: TokenStrategy
Validates that the request token is valid, throwing an exception if not. Returns the consumer key so that the authorization page can display information about the consumer. The token strategy must track what request tokens belong to what consumers since the consumer key is not guaranteed to be in the request.

Specified by:
validateRequestToken in interface TokenStrategy
Parameters:
httpRequest - the HTTP request
message - the OAuth message
Returns:
the consumer key associated with the request
Throws:
net.oauth.OAuthException - if the tokens are not valid
IOException - on I/O errors

getCallback

public String getCallback(javax.servlet.http.HttpServletRequest httpRequest,
                          String requestToken)
                   throws net.oauth.OAuthProblemException
Description copied from interface: TokenStrategy
Gets the OAuth callback associated with this consumer for OAuth 1.0a authentication flows. Returns null if the consumer did not specify a callback when asking for a request token.

Specified by:
getCallback in interface TokenStrategy
Parameters:
httpRequest - the HTTP request
requestToken - the request token
Returns:
the callback URL
Throws:
net.oauth.OAuthProblemException

markRequestTokenAuthorized

public void markRequestTokenAuthorized(javax.servlet.http.HttpServletRequest httpRequest,
                                       String requestToken)
                                throws net.oauth.OAuthProblemException
Description copied from interface: TokenStrategy
Indicates that a user has typed in a valid ID and password, and that the request token can now be exchanged for an access token.

Specified by:
markRequestTokenAuthorized in interface TokenStrategy
Parameters:
httpRequest - the servlet request
requestToken - the request token string
Throws:
net.oauth.OAuthProblemException
See Also:
TokenStrategy.isRequestTokenAuthorized(HttpServletRequest, String)

isRequestTokenAuthorized

public boolean isRequestTokenAuthorized(javax.servlet.http.HttpServletRequest httpRequest,
                                        String requestToken)
                                 throws net.oauth.OAuthProblemException
Description copied from interface: TokenStrategy
Checks with the request token has been authorized by the end user.

Specified by:
isRequestTokenAuthorized in interface TokenStrategy
Parameters:
httpRequest - the servlet request
requestToken - the request token
Returns:
answers if the request token is authorized and can be exchanged for an access token
Throws:
net.oauth.OAuthProblemException
See Also:
#markRequestTokenAuthorized(HttpServletRequest, OAuthAccessor)

generateVerificationCode

public String generateVerificationCode(javax.servlet.http.HttpServletRequest httpRequest,
                                       String requestToken)
                                throws net.oauth.OAuthProblemException
Description copied from interface: TokenStrategy
Generates an "unguessable" OAuth verification code. The consumer must supply the verification code when exchanging the request token for an access token. This is specific to OAuth 1.0a.

Specified by:
generateVerificationCode in interface TokenStrategy
Parameters:
httpRequest - the HTTP request
requestToken - the request token
Returns:
a verification code
Throws:
net.oauth.OAuthProblemException

validateVerificationCode

public void validateVerificationCode(OAuthRequest oAuthRequest)
                              throws net.oauth.OAuthException,
                                     IOException
Description copied from interface: TokenStrategy
Validates that the verification code is recognized and associated with the request token. This must be called before the request token is exchanged for the access token in an OAuth 1.0a authentication flow.

Specified by:
validateVerificationCode in interface TokenStrategy
Parameters:
oAuthRequest - the OAuth request
Throws:
net.oauth.OAuthException - on OAuth problems (e.g., the request token is invalid)
IOException - on I/O errors

generateAccessToken

public void generateAccessToken(OAuthRequest oAuthRequest)
                         throws net.oauth.OAuthProblemException,
                                IOException
Description copied from interface: TokenStrategy
Generates an access token and token secret and sets it in the accessor in the OAuthRequest. Clears any request tokens set.

Specified by:
generateAccessToken in interface TokenStrategy
Parameters:
oAuthRequest - the OAuth request
Throws:
IOException - on I/O errors
net.oauth.OAuthProblemException
See Also:
OAuthRequest.getAccessor()

validateAccessToken

public void validateAccessToken(OAuthRequest oAuthRequest)
                         throws net.oauth.OAuthException,
                                IOException
Description copied from interface: TokenStrategy
Validates that the access token is valid, throwing an exception if not.

Specified by:
validateAccessToken in interface TokenStrategy
Parameters:
oAuthRequest - the OAuth request
Throws:
net.oauth.OAuthException - if the token is invalid
IOException - on I/O errors

getTokenSecret

public String getTokenSecret(javax.servlet.http.HttpServletRequest httpRequest,
                             String token)
                      throws net.oauth.OAuthProblemException
Description copied from interface: TokenStrategy
Gets the token secret for token to validate signatures.

Specified by:
getTokenSecret in interface TokenStrategy
Parameters:
httpRequest - the HTTP request
token - the token string, either a request token or access token
Returns:
the token secret
Throws:
net.oauth.OAuthProblemException

generateTokenString

protected String generateTokenString()
Creates a unique, random string to use for tokens.

Returns:
the random string

getRequestTokenData

protected SimpleTokenStrategy.RequestTokenData getRequestTokenData(OAuthRequest oAuthRequest)
                                                            throws net.oauth.OAuthProblemException,
                                                                   IOException
Gets the request token data from this OAuth request.

Parameters:
oAuthRequest - the OAuth request
Returns:
the request token data
Throws:
net.oauth.OAuthProblemException - if the request token is invalid
IOException - on reading OAuth parameters

getRequestTokenData

protected SimpleTokenStrategy.RequestTokenData getRequestTokenData(String requestToken)
                                                            throws net.oauth.OAuthProblemException
Gets the request token data for this request token.

Parameters:
requestToken - the request token string
Returns:
the request token data
Throws:
net.oauth.OAuthProblemException - if the request token is invalid


Copyright © 2014. All Rights Reserved.