Package org.eclipse.lyo.server.oauth.core.token

Class SimpleTokenStrategy

java.lang.Object
org.eclipse.lyo.server.oauth.core.token.SimpleTokenStrategy
All Implemented Interfaces:
TokenStrategy
public class SimpleTokenStrategy extends Object implements TokenStrategy
A simple strategy for generating and validating tokens. Generates random tokens and stores them in memory. Tokens are only good for the life of the process. Least recently used tokens are invalidated when cached limits are reached.
Author:
Samuel Padgett

  • Constructor Details

    • SimpleTokenStrategy

      public SimpleTokenStrategy()
      Constructs a SimpleTokenStrategy using the defaults for cache limits on request and access tokens.
      See Also:

    • SimpleTokenStrategy

      public SimpleTokenStrategy(int requestTokenMaxCount, int accessTokenMaxCount)
      Constructs a SimpleTokenStrategy with cache limits on the number of request and access tokens. Least recently used tokens are invalidated when cache limits are reached.
      Parameters:
      requestTokenMaxCount - the maximum number of request tokens to track
      accessTokenMaxCount - the maximum number of access tokens to track

  • Method Details

    • generateRequestToken

      public void generateRequestToken(OAuthRequest oAuthRequest) throws IOException
      Description copied from interface: TokenStrategy
      Generates a request token and token secret and sets it in the accessor in the OAuthRequest.
      Specified by:
      generateRequestToken in interface TokenStrategy
      Parameters:
      oAuthRequest - the OAuth request
      Throws:
      IOException - on errors reading from the request message
      See Also:

    • validateRequestToken

      public String validateRequestToken(jakarta.servlet.http.HttpServletRequest httpRequest, net.oauth.OAuthMessage message) throws net.oauth.OAuthException, IOException
      Description copied from interface: TokenStrategy
      Validates that the request token is valid, throwing an exception if not. Returns the consumer key so that the authorization page can display information about the consumer. The token strategy must track what request tokens belong to what consumers since the consumer key is not guaranteed to be in the request.
      Specified by:
      validateRequestToken in interface TokenStrategy
      Parameters:
      httpRequest - the HTTP request
      message - the OAuth message
      Returns:
      the consumer key associated with the request
      Throws:
      net.oauth.OAuthException - if the tokens are not valid
      IOException - on I/O errors

    • getCallback

      public String getCallback(jakarta.servlet.http.HttpServletRequest httpRequest, String requestToken) throws net.oauth.OAuthProblemException
      Description copied from interface: TokenStrategy
      Gets the OAuth callback associated with this consumer for OAuth 1.0a authentication flows. Returns null if the consumer did not specify a callback when asking for a request token.
      Specified by:
      getCallback in interface TokenStrategy
      Parameters:
      httpRequest - the HTTP request
      requestToken - the request token
      Returns:
      the callback URL
      Throws:
      net.oauth.OAuthProblemException

    • markRequestTokenAuthorized

      public void markRequestTokenAuthorized(jakarta.servlet.http.HttpServletRequest httpRequest, String requestToken) throws net.oauth.OAuthProblemException
      Description copied from interface: TokenStrategy
      Indicates that a user has typed in a valid ID and password, and that the request token can now be exchanged for an access token.
      Specified by:
      markRequestTokenAuthorized in interface TokenStrategy
      Parameters:
      httpRequest - the servlet request
      requestToken - the request token string
      Throws:
      net.oauth.OAuthProblemException
      See Also:

    • isRequestTokenAuthorized

      public boolean isRequestTokenAuthorized(jakarta.servlet.http.HttpServletRequest httpRequest, String requestToken) throws net.oauth.OAuthProblemException
      Description copied from interface: TokenStrategy
      Checks with the request token has been authorized by the end user.
      Specified by:
      isRequestTokenAuthorized in interface TokenStrategy
      Parameters:
      httpRequest - the servlet request
      requestToken - the request token
      Returns:
      answers if the request token is authorized and can be exchanged for an access token
      Throws:
      net.oauth.OAuthProblemException
      See Also:

    • generateVerificationCode

      public String generateVerificationCode(jakarta.servlet.http.HttpServletRequest httpRequest, String requestToken) throws net.oauth.OAuthProblemException
      Description copied from interface: TokenStrategy
      Generates an "unguessable" OAuth verification code. The consumer must supply the verification code when exchanging the request token for an access token. This is specific to OAuth 1.0a.
      Specified by:
      generateVerificationCode in interface TokenStrategy
      Parameters:
      httpRequest - the HTTP request
      requestToken - the request token
      Returns:
      a verification code
      Throws:
      net.oauth.OAuthProblemException

    • validateVerificationCode

      public void validateVerificationCode(OAuthRequest oAuthRequest) throws net.oauth.OAuthException, IOException
      Description copied from interface: TokenStrategy
      Validates that the verification code is recognized and associated with the request token. This must be called before the request token is exchanged for the access token in an OAuth 1.0a authentication flow.
      Specified by:
      validateVerificationCode in interface TokenStrategy
      Parameters:
      oAuthRequest - the OAuth request
      Throws:
      net.oauth.OAuthException - on OAuth problems (e.g., the request token is invalid)
      IOException - on I/O errors

    • generateAccessToken

      public void generateAccessToken(OAuthRequest oAuthRequest) throws net.oauth.OAuthProblemException, IOException
      Description copied from interface: TokenStrategy
      Generates an access token and token secret and sets it in the accessor in the OAuthRequest. Clears any request tokens set.
      Specified by:
      generateAccessToken in interface TokenStrategy
      Parameters:
      oAuthRequest - the OAuth request
      Throws:
      IOException - on I/O errors
      net.oauth.OAuthProblemException
      See Also:

    • validateAccessToken

      public void validateAccessToken(OAuthRequest oAuthRequest) throws net.oauth.OAuthException, IOException
      Description copied from interface: TokenStrategy
      Validates that the access token is valid, throwing an exception if not.
      Specified by:
      validateAccessToken in interface TokenStrategy
      Parameters:
      oAuthRequest - the OAuth request
      Throws:
      net.oauth.OAuthException - if the token is invalid
      IOException - on I/O errors

    • getTokenSecret

      public String getTokenSecret(jakarta.servlet.http.HttpServletRequest httpRequest, String token) throws net.oauth.OAuthProblemException
      Description copied from interface: TokenStrategy
      Gets the token secret for token to validate signatures.
      Specified by:
      getTokenSecret in interface TokenStrategy
      Parameters:
      httpRequest - the HTTP request
      token - the token string, either a request token or access token
      Returns:
      the token secret
      Throws:
      net.oauth.OAuthProblemException

    • generateTokenString

      protected String generateTokenString()
      Creates a unique, random string to use for tokens.
      Returns:
      the random string

    • getRequestTokenData

      protected SimpleTokenStrategy.RequestTokenData getRequestTokenData(OAuthRequest oAuthRequest) throws net.oauth.OAuthProblemException, IOException
      Gets the request token data from this OAuth request.
      Parameters:
      oAuthRequest - the OAuth request
      Returns:
      the request token data
      Throws:
      net.oauth.OAuthProblemException - if the request token is invalid
      IOException - on reading OAuth parameters

    • getRequestTokenData

      protected SimpleTokenStrategy.RequestTokenData getRequestTokenData(String requestToken) throws net.oauth.OAuthProblemException
      Gets the request token data for this request token.
      Parameters:
      requestToken - the request token string
      Returns:
      the request token data
      Throws:
      net.oauth.OAuthProblemException - if the request token is invalid