Class SimpleTokenStrategy
java.lang.Object
org.eclipse.lyo.server.oauth.core.token.SimpleTokenStrategy
- All Implemented Interfaces:
TokenStrategy
A simple strategy for generating and validating tokens. Generates random
tokens and stores them in memory. Tokens are only good for the life of the
process. Least recently used tokens are invalidated when cached limits are
reached.
- Author:
- Samuel Padgett
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprotected class
Holds information associated with a request token such as the callback URL and OAuth verification code. -
Constructor Summary
ConstructorsConstructorDescriptionConstructs a SimpleTokenStrategy using the defaults for cache limits on request and access tokens.SimpleTokenStrategy
(int requestTokenMaxCount, int accessTokenMaxCount) Constructs a SimpleTokenStrategy with cache limits on the number of request and access tokens. -
Method Summary
Modifier and TypeMethodDescriptionvoid
generateAccessToken
(OAuthRequest oAuthRequest) Generates an access token and token secret and sets it in the accessor in theOAuthRequest
.void
generateRequestToken
(OAuthRequest oAuthRequest) Generates a request token and token secret and sets it in the accessor in theOAuthRequest
.protected String
Creates a unique, random string to use for tokens.generateVerificationCode
(HttpServletRequest httpRequest, String requestToken) Generates an "unguessable" OAuth verification code.getCallback
(HttpServletRequest httpRequest, String requestToken) Gets the OAuth callback associated with this consumer for OAuth 1.0a authentication flows.protected SimpleTokenStrategy.RequestTokenData
getRequestTokenData
(String requestToken) Gets the request token data for this request token.protected SimpleTokenStrategy.RequestTokenData
getRequestTokenData
(OAuthRequest oAuthRequest) Gets the request token data from this OAuth request.getTokenSecret
(HttpServletRequest httpRequest, String token) Gets the token secret for token to validate signatures.boolean
isRequestTokenAuthorized
(HttpServletRequest httpRequest, String requestToken) Checks with the request token has been authorized by the end user.void
markRequestTokenAuthorized
(HttpServletRequest httpRequest, String requestToken) Indicates that a user has typed in a valid ID and password, and that the request token can now be exchanged for an access token.void
validateAccessToken
(OAuthRequest oAuthRequest) Validates that the access token is valid, throwing an exception if not.validateRequestToken
(HttpServletRequest httpRequest, net.oauth.OAuthMessage message) Validates that the request token is valid, throwing an exception if not.void
validateVerificationCode
(OAuthRequest oAuthRequest) Validates that the verification code is recognized and associated with the request token.
-
Constructor Details
-
SimpleTokenStrategy
public SimpleTokenStrategy()Constructs a SimpleTokenStrategy using the defaults for cache limits on request and access tokens.- See Also:
-
SimpleTokenStrategy
public SimpleTokenStrategy(int requestTokenMaxCount, int accessTokenMaxCount) Constructs a SimpleTokenStrategy with cache limits on the number of request and access tokens. Least recently used tokens are invalidated when cache limits are reached.- Parameters:
requestTokenMaxCount
- the maximum number of request tokens to trackaccessTokenMaxCount
- the maximum number of access tokens to track
-
-
Method Details
-
generateRequestToken
Description copied from interface:TokenStrategy
Generates a request token and token secret and sets it in the accessor in theOAuthRequest
.- Specified by:
generateRequestToken
in interfaceTokenStrategy
- Parameters:
oAuthRequest
- the OAuth request- Throws:
IOException
- on errors reading from the request message- See Also:
-
validateRequestToken
public String validateRequestToken(HttpServletRequest httpRequest, net.oauth.OAuthMessage message) throws net.oauth.OAuthException, IOException Description copied from interface:TokenStrategy
Validates that the request token is valid, throwing an exception if not. Returns the consumer key so that the authorization page can display information about the consumer. The token strategy must track what request tokens belong to what consumers since the consumer key is not guaranteed to be in the request.- Specified by:
validateRequestToken
in interfaceTokenStrategy
- Parameters:
httpRequest
- the HTTP requestmessage
- the OAuth message- Returns:
- the consumer key associated with the request
- Throws:
net.oauth.OAuthException
- if the tokens are not validIOException
- on I/O errors
-
getCallback
public String getCallback(HttpServletRequest httpRequest, String requestToken) throws net.oauth.OAuthProblemException Description copied from interface:TokenStrategy
Gets the OAuth callback associated with this consumer for OAuth 1.0a authentication flows. Returns null if the consumer did not specify a callback when asking for a request token.- Specified by:
getCallback
in interfaceTokenStrategy
- Parameters:
httpRequest
- the HTTP requestrequestToken
- the request token- Returns:
- the callback URL
- Throws:
net.oauth.OAuthProblemException
-
markRequestTokenAuthorized
public void markRequestTokenAuthorized(HttpServletRequest httpRequest, String requestToken) throws net.oauth.OAuthProblemException Description copied from interface:TokenStrategy
Indicates that a user has typed in a valid ID and password, and that the request token can now be exchanged for an access token.- Specified by:
markRequestTokenAuthorized
in interfaceTokenStrategy
- Parameters:
httpRequest
- the servlet requestrequestToken
- the request token string- Throws:
net.oauth.OAuthProblemException
- See Also:
-
isRequestTokenAuthorized
public boolean isRequestTokenAuthorized(HttpServletRequest httpRequest, String requestToken) throws net.oauth.OAuthProblemException Description copied from interface:TokenStrategy
Checks with the request token has been authorized by the end user.- Specified by:
isRequestTokenAuthorized
in interfaceTokenStrategy
- Parameters:
httpRequest
- the servlet requestrequestToken
- the request token- Returns:
- answers if the request token is authorized and can be exchanged for an access token
- Throws:
net.oauth.OAuthProblemException
- See Also:
-
generateVerificationCode
public String generateVerificationCode(HttpServletRequest httpRequest, String requestToken) throws net.oauth.OAuthProblemException Description copied from interface:TokenStrategy
Generates an "unguessable" OAuth verification code. The consumer must supply the verification code when exchanging the request token for an access token. This is specific to OAuth 1.0a.- Specified by:
generateVerificationCode
in interfaceTokenStrategy
- Parameters:
httpRequest
- the HTTP requestrequestToken
- the request token- Returns:
- a verification code
- Throws:
net.oauth.OAuthProblemException
-
validateVerificationCode
public void validateVerificationCode(OAuthRequest oAuthRequest) throws net.oauth.OAuthException, IOException Description copied from interface:TokenStrategy
Validates that the verification code is recognized and associated with the request token. This must be called before the request token is exchanged for the access token in an OAuth 1.0a authentication flow.- Specified by:
validateVerificationCode
in interfaceTokenStrategy
- Parameters:
oAuthRequest
- the OAuth request- Throws:
net.oauth.OAuthException
- on OAuth problems (e.g., the request token is invalid)IOException
- on I/O errors
-
generateAccessToken
public void generateAccessToken(OAuthRequest oAuthRequest) throws net.oauth.OAuthProblemException, IOException Description copied from interface:TokenStrategy
Generates an access token and token secret and sets it in the accessor in theOAuthRequest
. Clears any request tokens set.- Specified by:
generateAccessToken
in interfaceTokenStrategy
- Parameters:
oAuthRequest
- the OAuth request- Throws:
IOException
- on I/O errorsnet.oauth.OAuthProblemException
- See Also:
-
validateAccessToken
public void validateAccessToken(OAuthRequest oAuthRequest) throws net.oauth.OAuthException, IOException Description copied from interface:TokenStrategy
Validates that the access token is valid, throwing an exception if not.- Specified by:
validateAccessToken
in interfaceTokenStrategy
- Parameters:
oAuthRequest
- the OAuth request- Throws:
net.oauth.OAuthException
- if the token is invalidIOException
- on I/O errors
-
getTokenSecret
public String getTokenSecret(HttpServletRequest httpRequest, String token) throws net.oauth.OAuthProblemException Description copied from interface:TokenStrategy
Gets the token secret for token to validate signatures.- Specified by:
getTokenSecret
in interfaceTokenStrategy
- Parameters:
httpRequest
- the HTTP requesttoken
- the token string, either a request token or access token- Returns:
- the token secret
- Throws:
net.oauth.OAuthProblemException
-
generateTokenString
Creates a unique, random string to use for tokens.- Returns:
- the random string
-
getRequestTokenData
protected SimpleTokenStrategy.RequestTokenData getRequestTokenData(OAuthRequest oAuthRequest) throws net.oauth.OAuthProblemException, IOException Gets the request token data from this OAuth request.- Parameters:
oAuthRequest
- the OAuth request- Returns:
- the request token data
- Throws:
net.oauth.OAuthProblemException
- if the request token is invalidIOException
- on reading OAuth parameters
-
getRequestTokenData
protected SimpleTokenStrategy.RequestTokenData getRequestTokenData(String requestToken) throws net.oauth.OAuthProblemException Gets the request token data for this request token.- Parameters:
requestToken
- the request token string- Returns:
- the request token data
- Throws:
net.oauth.OAuthProblemException
- if the request token is invalid
-