1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.security.oauth.provider.filter;
18
19 import org.springframework.security.core.AuthenticationException;
20 import org.springframework.security.core.context.SecurityContextHolder;
21 import org.springframework.security.oauth.common.OAuthCodec;
22 import org.springframework.security.oauth.common.OAuthConsumerParameter;
23 import org.springframework.security.oauth.common.OAuthProviderParameter;
24 import org.springframework.security.oauth.provider.ConsumerAuthentication;
25 import org.springframework.security.oauth.provider.ConsumerDetails;
26 import org.springframework.security.oauth.provider.InvalidOAuthParametersException;
27 import org.springframework.security.oauth.provider.token.OAuthProviderToken;
28
29 import javax.servlet.FilterChain;
30 import javax.servlet.http.HttpServletRequest;
31 import javax.servlet.http.HttpServletResponse;
32 import java.io.IOException;
33 import java.util.Map;
34
35
36
37
38
39
40
41 public class AccessTokenProcessingFilter extends OAuthProviderProcessingFilter {
42
43
44
45
46 private String responseContentType = "text/plain;charset=utf-8";
47
48 private boolean require10a = true;
49
50 public AccessTokenProcessingFilter() {
51 setFilterProcessesUrl("/oauth_access_token");
52 }
53
54 protected OAuthProviderToken createOAuthToken(ConsumerAuthentication authentication) {
55 return getTokenServices().createAccessToken(authentication.getConsumerCredentials().getToken());
56 }
57
58 @Override
59 protected void validateAdditionalParameters(ConsumerDetails consumerDetails, Map<String, String> oauthParams) {
60 super.validateAdditionalParameters(consumerDetails, oauthParams);
61
62 String token = oauthParams.get(OAuthConsumerParameter.oauth_token.toString());
63 if (token == null) {
64 throw new InvalidOAuthParametersException(messages.getMessage("AccessTokenProcessingFilter.missingToken", "Missing token."));
65 }
66
67 if (isRequire10a()) {
68 String verifier = oauthParams.get(OAuthConsumerParameter.oauth_verifier.toString());
69 if (verifier == null) {
70 throw new InvalidOAuthParametersException(messages.getMessage("AccessTokenProcessingFilter.missingVerifier", "Missing verifier."));
71 }
72 OAuthProviderToken requestToken = getTokenServices().getToken(token);
73 if (!verifier.equals(requestToken.getVerifier())) {
74 throw new InvalidOAuthParametersException(messages.getMessage("AccessTokenProcessingFilter.missingVerifier", "Invalid verifier."));
75 }
76 }
77 }
78
79 protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException {
80
81 ConsumerAuthenticationringframework/security/oauth/provider/ConsumerAuthentication.html#ConsumerAuthentication">ConsumerAuthentication authentication = (ConsumerAuthentication) SecurityContextHolder.getContext().getAuthentication();
82 OAuthProviderToken authToken = createOAuthToken(authentication);
83 if (!authToken.getConsumerKey().equals(authentication.getConsumerDetails().getConsumerKey())) {
84 throw new IllegalStateException("The consumer key associated with the created auth token is not valid for the authenticated consumer.");
85 }
86
87 String tokenValue = authToken.getValue();
88
89 StringBuilder responseValue = new StringBuilder(OAuthProviderParameter.oauth_token.toString())
90 .append('=')
91 .append(OAuthCodec.oauthEncode(tokenValue))
92 .append('&')
93 .append(OAuthProviderParameter.oauth_token_secret.toString())
94 .append('=')
95 .append(OAuthCodec.oauthEncode(authToken.getSecret()));
96 response.setContentType(getResponseContentType());
97 response.getWriter().print(responseValue.toString());
98 response.flushBuffer();
99 }
100
101 @Override
102 protected void onNewTimestamp() throws AuthenticationException {
103 throw new InvalidOAuthParametersException(messages.getMessage("AccessTokenProcessingFilter.timestampNotNew", "A new timestamp should not be used in a request for an access token."));
104 }
105
106
107
108
109
110
111 public String getResponseContentType() {
112 return responseContentType;
113 }
114
115
116
117
118
119
120 public void setResponseContentType(String responseContentType) {
121 this.responseContentType = responseContentType;
122 }
123
124
125
126
127
128
129 public boolean isRequire10a() {
130 return require10a;
131 }
132
133
134
135
136
137
138 public void setRequire10a(boolean require10a) {
139 this.require10a = require10a;
140 }
141 }