Skip to content
Permalink
Browse files

Merge pull request #90 from futures/OAuthIntoWebapp

Linked in fcrepo-auth-oauth
  • Loading branch information...
barmintor committed Jul 4, 2013
2 parents 405f99d + d52d0b8 commit 103ed4cf3909089f8d40d494ac6f9232da81146c
Showing with 2,954 additions and 166 deletions.
  1. +7 −0 fcrepo-auth-oauth/checkstyle-suppressions.xml
  2. +180 −0 fcrepo-auth-oauth/pom.xml
  3. +32 −0 fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/Constants.java
  4. +73 −0 fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/Decision.java
  5. +92 −0 fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/DefaultOAuthResourceProvider.java
  6. +175 −0 fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/api/AuthzEndpoint.java
  7. +252 −0 fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/api/TokenEndpoint.java
  8. +52 −0 fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/api/Util.java
  9. +69 −0 fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/filter/Decision.java
  10. +77 −0 fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/filter/DefaultOAuthResourceProvider.java
  11. +204 −0 fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/filter/OAuthFilter.java
  12. +93 −0 fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/filter/RestrictToAuthNFilter.java
  13. +130 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/AbstractOAuthResourceIT.java
  14. +82 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/AuthzEndpointIT.java
  15. +144 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/ContainerWrapper.java
  16. +72 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/TestBinding.java
  17. +94 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/TokenEndpointIT.java
  18. +115 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/WebAppConfig.java
  19. +32 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/bind/ContextParam.java
  20. +30 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/bind/Describable.java
  21. +29 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/bind/Displayable.java
  22. +54 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/bind/Filter.java
  23. +49 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/bind/FilterMapping.java
  24. +32 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/bind/InitParam.java
  25. +56 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/bind/Listener.java
  26. +63 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/bind/Param.java
  27. +61 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/bind/Servlet.java
  28. +30 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/bind/ServletMapping.java
  29. +30 −0 fcrepo-auth-oauth/src/test/java/org/fcrepo/auth/oauth/integration/api/bind/UrlMappable.java
  30. +92 −0 ...uth-oauth/src/test/java/org/fcrepo/auth/oauth/test/filter/AuthenticatedRequestWrappingFilter.java
  31. +22 −0 fcrepo-auth-oauth/src/test/resources/logback-test.xml
  32. +14 −0 fcrepo-auth-oauth/src/test/resources/spring-test/master.xml
  33. +22 −0 fcrepo-auth-oauth/src/test/resources/spring-test/repo.xml
  34. +19 −0 fcrepo-auth-oauth/src/test/resources/spring-test/rest.xml
  35. +39 −0 fcrepo-auth-oauth/src/test/resources/spring-test/security.xml
  36. +15 −0 fcrepo-auth-oauth/src/test/resources/spring-test/test-container.xml
  37. +16 −0 fcrepo-auth-oauth/src/test/resources/spring-test/transactions.xml
  38. +86 −0 fcrepo-auth-oauth/src/test/resources/web.xml
  39. +5 −0 fcrepo-webapp/pom.xml
  40. +37 −0 fcrepo-webapp/src/main/resources/spring/security.xml
  41. +50 −18 fcrepo-webapp/src/main/webapp/WEB-INF/web.xml
  42. +128 −148 pom.xml
@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE suppressions PUBLIC
"-//Puppy Crawl//DTD Suppressions 1.1//EN"
"http://www.puppycrawl.com/dtds/suppressions_1_1.dtd">
<suppressions>
<suppress files="[\\/]fcrepo-auth-oauth[\\/]" checks="[a-zA-Z0-9]*"/>
</suppressions>
@@ -0,0 +1,180 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.fcrepo</groupId>
<artifactId>fcrepo</artifactId>
<version>4.0-SNAPSHOT</version>
</parent>
<artifactId>fcrepo-auth-oauth</artifactId>
<name>${project.artifactId}</name>
<description>Fedora OAuth 2.0 module</description>
<packaging>bundle</packaging>
<properties>
<oltu.version>0.31-SNAPSHOT</oltu.version>
</properties>
<dependencies>
<dependency>
<artifactId>fcrepo-http-api</artifactId>
<groupId>org.fcrepo</groupId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.oltu.oauth2</groupId>
<artifactId>org.apache.oltu.oauth2.authzserver</artifactId>
<version>${oltu.version}</version>
<exclusions>
<!-- Dependency convergence: fcrepo-http-api (via jersey-json:1.17.1) depends
on jettison:1.1, but org.apache.oltu.oauth2.authzserver depends on jettison:1.2 -->
<exclusion>
<groupId>org.codehaus.jettison</groupId>
<artifactId>jettison</artifactId>
</exclusion>
<!-- Dependency convergence: fcrepo-http-api (via fcrepo-jcr) depends on
commons-codec:1.6, but org.apache.oltu.oauth2.authzserver depends on commons-codec:1.8 -->
<exclusion>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.oltu.oauth2</groupId>
<artifactId>oltu-oauth2-resourceserver-filter</artifactId>
<version>${oltu.version}</version>
<exclusions>
<!-- Dependency convergence: fcrepo-http-api (via jersey-json:1.17.1)
depends on jettison:1.1, but org.apache.oltu.oauth2.authzserver depends on
jettison:1.2 -->
<exclusion>
<groupId>org.codehaus.jettison</groupId>
<artifactId>jettison</artifactId>
</exclusion>
<!-- Dependency convergence: fcrepo-http-api (via fcrepo-jcr) depends
on commons-codec:1.6, but org.apache.oltu.oauth2.authzserver depends on commons-codec:1.8 -->
<exclusion>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- test gear -->
<dependency>
<groupId>org.fcrepo</groupId>
<artifactId>fcrepo-kernel</artifactId>
<version>${project.version}</version>
<classifier>tests</classifier>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.fcrepo</groupId>
<artifactId>fcrepo-http-commons</artifactId>
<version>${project.version}</version>
<scope>test</scope>
<type>test-jar</type>
</dependency>
<dependency>
<groupId>org.glassfish.grizzly</groupId>
<artifactId>grizzly-http-server</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.glassfish.grizzly</groupId>
<artifactId>grizzly-http-servlet</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-grizzly2</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.mail</groupId>
<artifactId>mail</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.sun.jersey.contribs</groupId>
<artifactId>jersey-spring</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<exclusions>
<!-- Dependency convergence: httpclient:4.2.5 depends on commons-codec:1.6,
but org.apache.oltu.oauth2.authzserver depends on commons-codec:1.8 -->
<exclusion>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.sun.jersey.jersey-test-framework</groupId>
<artifactId>jersey-test-framework-grizzly2</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-servlet</artifactId>
<version>${jersey.version}</version>
<scope>test</scope>
</dependency>
<!-- Playing with ordered loading for tests -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<version>1.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-grizzly2-servlet</artifactId>
<version>2.0</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
</plugin>
<plugin>
<artifactId>maven-checkstyle-plugin</artifactId>
<configuration>
<consoleOutput>true</consoleOutput>
<configLocation>fcrepo-checkstyle/checkstyle.xml</configLocation>
<suppressionsLocation>checkstyle-suppressions.xml</suppressionsLocation>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>build-helper-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>Apache Snapshots</id>
<url>https://repository.apache.org/content/repositories/snapshots/</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
</project>
@@ -0,0 +1,32 @@
/**
* Copyright 2013 DuraSpace, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.fcrepo.auth.oauth;

public interface Constants {

public static final String OAUTH_WORKSPACE = "oauth";

// TODO get namespaced properties to work
public static final String CLIENT_PROPERTY = "oauth-client";

// TODO get namespaced properties to work
public static final String PRINCIPAL_PROPERTY = "oauth-principal";

// TODO get namespaced properties to work
public static final String SCOPES_PROPERTY = "oauth-scopes";

public static final Long EXPIRATION_TIMEOUT = 3600l;
}
@@ -0,0 +1,73 @@
/**
* Copyright 2013 DuraSpace, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.fcrepo.auth.oauth;

import java.security.Principal;

import org.apache.oltu.oauth2.rsfilter.OAuthClient;
import org.apache.oltu.oauth2.rsfilter.OAuthDecision;

/**
* @author ajs6f
* @date Jul 1, 2013
*/
public class Decision implements OAuthDecision {

private OAuthClient oAuthClient;

private Principal principal;

private boolean isAuthorized;

public Decision(final String client, final String principal) {
this.oAuthClient = new OAuthClient() {

@Override
public String getClientId() {
return client;
}

};
this.principal = new Principal() {

@Override
public String getName() {
return principal;
}

};
}

@Override
public OAuthClient getOAuthClient() {
return oAuthClient;
}

@Override
public Principal getPrincipal() {
return principal;
}

@Override
public boolean isAuthorized() {
return isAuthorized;
}

public void setAuthorized(final boolean isAuthorized) {
this.isAuthorized = isAuthorized;
}

}
@@ -0,0 +1,92 @@
/**
* Copyright 2013 DuraSpace, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.fcrepo.auth.oauth;

import static com.google.common.base.Throwables.propagate;
import static org.fcrepo.auth.oauth.Constants.CLIENT_PROPERTY;
import static org.fcrepo.auth.oauth.Constants.OAUTH_WORKSPACE;
import static org.fcrepo.auth.oauth.Constants.PRINCIPAL_PROPERTY;
import static org.slf4j.LoggerFactory.getLogger;

import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.http.HttpServletRequest;

import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthRuntimeException;
import org.apache.oltu.oauth2.rsfilter.OAuthDecision;
import org.apache.oltu.oauth2.rsfilter.OAuthRSProvider;
import org.fcrepo.session.SessionFactory;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

/**
* @author ajs6f
* @date Jul 1, 2013
*/
@Component
public class DefaultOAuthResourceProvider implements OAuthRSProvider {

@Autowired
private SessionFactory sessionFactory;

private static final Logger LOGGER =
getLogger(DefaultOAuthResourceProvider.class);

/*
* (non-Javadoc)
* @see
* org.apache.oltu.oauth2.rsfilter.OAuthRSProvider#validateRequest(java.
* lang.String, java.lang.String, javax.servlet.http.HttpServletRequest)
*/
@Override
public OAuthDecision validateRequest(final String rsId, final String token,
final HttpServletRequest req) throws OAuthProblemException {
// first check validity of token
try {
final Session session = sessionFactory.getSession(OAUTH_WORKSPACE);
try {
if (!session.itemExists("/tokens/" + token)) {
throw new OAuthRuntimeException("Invalid token!");
} else {
final Node tokenNode = session.getNode("/tokens/" + token);
LOGGER.debug("Retrieved token from: {}", tokenNode
.getPath());
final String client =
tokenNode.getProperty(CLIENT_PROPERTY).getString();
LOGGER.debug("Retrieved client: {}", client);
final String principal =
tokenNode.getProperty(PRINCIPAL_PROPERTY)
.getString();
LOGGER.debug("Retrieved principal: {}", principal);
return new Decision(client, principal);
}
} finally {
session.logout();
}
} catch (final RepositoryException e) {
propagate(e);
}

return null;
}

public void setSessionFactory(final SessionFactory sessionFactory) {
this.sessionFactory = sessionFactory;
}
}
Oops, something went wrong.

0 comments on commit 103ed4c

Please sign in to comment.
You can’t perform that action at this time.