1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.security.oauth.provider.filter;
18
19 import org.springframework.security.core.AuthenticationException;
20 import org.springframework.security.core.context.SecurityContextHolder;
21 import org.springframework.security.oauth.common.OAuthCodec;
22 import org.springframework.security.oauth.common.OAuthConsumerParameter;
23 import org.springframework.security.oauth.common.OAuthProviderParameter;
24 import org.springframework.security.oauth.provider.ConsumerAuthentication;
25 import org.springframework.security.oauth.provider.ConsumerDetails;
26 import org.springframework.security.oauth.provider.InvalidOAuthParametersException;
27 import org.springframework.security.oauth.provider.token.OAuthProviderToken;
28
29 import javax.servlet.FilterChain;
30 import javax.servlet.http.HttpServletRequest;
31 import javax.servlet.http.HttpServletResponse;
32 import java.io.IOException;
33 import java.util.Map;
34
35
36
37
38
39
40
41
42 public class UnauthenticatedRequestTokenProcessingFilter extends OAuthProviderProcessingFilter {
43
44
45
46
47 private String responseContentType = "text/plain;charset=utf-8";
48
49 private boolean require10a = true;
50
51 public UnauthenticatedRequestTokenProcessingFilter() {
52 setFilterProcessesUrl("/oauth_request_token");
53 }
54
55 @Override
56 protected void validateAdditionalParameters(ConsumerDetails consumerDetails, Map<String, String> oauthParams) {
57 super.validateAdditionalParameters(consumerDetails, oauthParams);
58
59 if (isRequire10a()) {
60 String token = oauthParams.get(OAuthConsumerParameter.oauth_callback.toString());
61 if (token == null) {
62 throw new InvalidOAuthParametersException(messages.getMessage("AccessTokenProcessingFilter.missingCallback", "Missing callback."));
63 }
64 }
65 }
66
67 protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException {
68
69 ConsumerAuthenticationringframework/security/oauth/provider/ConsumerAuthentication.html#ConsumerAuthentication">ConsumerAuthentication authentication = (ConsumerAuthentication) SecurityContextHolder.getContext().getAuthentication();
70 OAuthProviderToken authToken = createOAuthToken(authentication);
71 if (!authToken.getConsumerKey().equals(authentication.getConsumerDetails().getConsumerKey())) {
72 throw new IllegalStateException("The consumer key associated with the created auth token is not valid for the authenticated consumer.");
73 }
74
75 String tokenValue = authToken.getValue();
76 String callback = authentication.getOAuthParameters().get(OAuthConsumerParameter.oauth_callback.toString());
77
78 StringBuilder responseValue = new StringBuilder(OAuthProviderParameter.oauth_token.toString())
79 .append('=')
80 .append(OAuthCodec.oauthEncode(tokenValue))
81 .append('&')
82 .append(OAuthProviderParameter.oauth_token_secret.toString())
83 .append('=')
84 .append(OAuthCodec.oauthEncode(authToken.getSecret()));
85 if (callback != null) {
86 responseValue.append('&')
87 .append(OAuthProviderParameter.oauth_callback_confirmed.toString())
88 .append("=true");
89 }
90 response.setContentType(getResponseContentType());
91 response.getWriter().print(responseValue.toString());
92 response.flushBuffer();
93 }
94
95 @Override
96 protected void onNewTimestamp() throws AuthenticationException {
97
98 }
99
100
101
102
103
104
105
106 protected OAuthProviderToken createOAuthToken(ConsumerAuthentication authentication) {
107 return getTokenServices().createUnauthorizedRequestToken(authentication.getConsumerDetails().getConsumerKey(),
108 authentication.getOAuthParameters().get(OAuthConsumerParameter.oauth_callback.toString()));
109 }
110
111
112
113
114
115
116 public String getResponseContentType() {
117 return responseContentType;
118 }
119
120
121
122
123
124
125 public void setResponseContentType(String responseContentType) {
126 this.responseContentType = responseContentType;
127 }
128
129
130
131
132
133
134 public boolean isRequire10a() {
135 return require10a;
136 }
137
138
139
140
141
142
143 public void setRequire10a(boolean require10a) {
144 this.require10a = require10a;
145 }
146 }