1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.security.oauth.provider.filter;
18
19 import org.springframework.beans.factory.annotation.Autowired;
20 import org.springframework.security.authentication.InsufficientAuthenticationException;
21 import org.springframework.security.core.Authentication;
22 import org.springframework.security.core.AuthenticationException;
23 import org.springframework.security.core.context.SecurityContextHolder;
24 import org.springframework.security.oauth.provider.InvalidOAuthParametersException;
25 import org.springframework.security.oauth.provider.token.InvalidOAuthTokenException;
26 import org.springframework.security.oauth.provider.token.OAuthProviderToken;
27 import org.springframework.security.oauth.provider.token.OAuthProviderTokenServices;
28 import org.springframework.security.oauth.provider.verifier.OAuthVerifierServices;
29 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
30 import org.springframework.util.Assert;
31
32 import javax.servlet.http.HttpServletRequest;
33 import javax.servlet.http.HttpServletResponse;
34
35
36
37
38
39
40
41
42
43
44
45 public class UserAuthorizationProcessingFilter extends AbstractAuthenticationProcessingFilter {
46
47 protected static final String CALLBACK_ATTRIBUTE = UserAuthorizationProcessingFilter.class.getName() + "#CALLBACK";
48 protected static final String VERIFIER_ATTRIBUTE = UserAuthorizationProcessingFilter.class.getName() + "#VERIFIER";
49
50 private OAuthProviderTokenServices tokenServices;
51 private String tokenIdParameterName = "requestToken";
52 private OAuthVerifierServices verifierServices;
53 private boolean require10a = true;
54
55 public UserAuthorizationProcessingFilter() {
56 super("/oauth_authenticate_token");
57 }
58
59 public UserAuthorizationProcessingFilter(String defaultProcessesUrl) {
60 super(defaultProcessesUrl);
61 }
62
63 @Override
64 public void afterPropertiesSet() {
65
66 super.afterPropertiesSet();
67 Assert.notNull(getTokenServices(), "A token services must be provided.");
68 Assert.notNull(getVerifierServices(), "Verifier services are required.");
69 }
70
71 public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
72 String requestToken = request.getParameter(getTokenParameterName());
73 if (requestToken == null) {
74 throw new InvalidOAuthParametersException("An OAuth token id is required.");
75 }
76
77 OAuthProviderToken token = getTokenServices().getToken(requestToken);
78 if (token == null) {
79 throw new InvalidOAuthTokenException("No callback value has been provided for request token " + requestToken + ".");
80 }
81
82 String callbackURL = token.getCallbackUrl();
83 if (isRequire10a() && callbackURL == null) {
84 throw new InvalidOAuthTokenException("No callback value has been provided for request token " + requestToken + ".");
85 }
86
87 if (callbackURL != null) {
88 request.setAttribute(CALLBACK_ATTRIBUTE, callbackURL);
89 }
90
91 Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
92 if (authentication == null || !authentication.isAuthenticated()) {
93 throw new InsufficientAuthenticationException("User must be authenticated before authorizing a request token.");
94 }
95 String verifier = getVerifierServices().createVerifier();
96 request.setAttribute(VERIFIER_ATTRIBUTE, verifier);
97 getTokenServices().authorizeRequestToken(requestToken, verifier, authentication);
98 return authentication;
99 }
100
101
102
103
104
105
106 public String getTokenParameterName() {
107 return tokenIdParameterName;
108 }
109
110
111
112
113
114
115 public void setTokenIdParameterName(String tokenIdParameterName) {
116 this.tokenIdParameterName = tokenIdParameterName;
117 }
118
119
120
121
122
123
124 public OAuthProviderTokenServices getTokenServices() {
125 return tokenServices;
126 }
127
128
129
130
131
132
133 @Autowired
134 public void setTokenServices(OAuthProviderTokenServices tokenServices) {
135 this.tokenServices = tokenServices;
136 }
137
138
139
140
141
142
143 public OAuthVerifierServices getVerifierServices() {
144 return verifierServices;
145 }
146
147
148
149
150
151
152 @Autowired
153 public void setVerifierServices(OAuthVerifierServices verifierServices) {
154 this.verifierServices = verifierServices;
155 }
156
157
158
159
160
161
162 public boolean isRequire10a() {
163 return require10a;
164 }
165
166
167
168
169
170
171 public void setRequire10a(boolean require10a) {
172 this.require10a = require10a;
173 }
174
175 }