Skip to content

Commit

Permalink
Moving the permissions to roles conversion into OAuth providers
Browse files Browse the repository at this point in the history 
git-svn-id: file:///Users/billburke/jboss/resteasy/resteasy-git/svn-server-sync/resteasy/trunk@1230 2b1ed4c4-5db3-0410-90e4-80a7a6204c25
  • Loading branch information
sberyozk committed Sep 16, 2010
1 parent 87bfe1d commit d225b62
Show file tree
Hide file tree
Showing 16 changed files with 195 additions and 271 deletions.
72 changes: 19 additions & 53 deletions ...rc/main/java/org/jboss/resteasy/examples/oauth/authenticator/OAuthBasicAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,9 @@
import java.io.IOException;
import java.net.HttpURLConnection;
import java.security.Principal;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import javax.servlet.ServletException;
Expand Down Expand Up @@ -49,17 +43,28 @@ public class OAuthBasicAuthenticator extends AuthenticatorBase {
private static final Set<String> SUPPORTED_AUTH_METHODS =
new HashSet<String>(Arrays.asList("oauth", "basic", "oauth+basic", "basic+oauth"));

private static final String DEFAULT_CONSUMER_ROLE = "user";

private BasicAuthenticator ba = new BasicAuthenticator();

/**
* These DB connection properties are not used at the moment as a DB-aware
* OAuthProvider expects db.properties be available on the class path;
* However, an OAuthProvider constructor accepting either Properties or Map
* can be used when instantiating the provider and have these properties injected.
*
* This option can work given that it is easy to inject the configuration properties
* into this Authenticator implementation but it is tricky to do for OAuthProvider
* unless it is converted into a Catalina Realm which makes it all very complicated
* when we have Basic and OAuth - given that Basic and OAuth realms
* (i.e, databases of users and their passwords, etc) are unlikely to intersect or work
* in the "or" combination.
*/
protected String driver;
protected String url;
protected String user;
protected String password;

private String oauthProviderName;

private Connection conn;
private OAuthProvider oauthProvider;
private OAuthValidator validator;

Expand Down Expand Up @@ -159,8 +164,6 @@ public void start() throws LifecycleException {
super.start();

try {
Class.forName(driver);
conn = DriverManager.getConnection(url, user, password);
oauthProvider = (OAuthProvider)Class.forName(oauthProviderName).newInstance();
validator = new OAuthValidator(oauthProvider);
} catch (Exception ex) {
Expand All @@ -169,20 +172,6 @@ public void start() throws LifecycleException {
}


@Override
public void stop() throws LifecycleException {
super.stop();
if (conn != null)
{
try {
conn.close();
} catch (Exception ex) {
// ignore
}
}
}


protected void doAuthenticateOAuth(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {

OAuthMessage message = OAuthUtils.readMessage(request);
Expand Down Expand Up @@ -227,43 +216,20 @@ protected void createPrincipalAndRoles(HttpServletRequest request,
OAuthToken accessToken)
{

List<String> roles = new ArrayList<String>();
// get the default roles which may've been allocated to a consumer
roles.add(DEFAULT_CONSUMER_ROLE);
roles.addAll(convertPermissionsToRoles(accessToken.getPermissions()[0]));
Realm realm = new OAuthRealm(consumer.getKey(), roles);
Set<String> roles = oauthProvider.convertPermissionsToRoles(accessToken.getPermissions());
Realm realm = new OAuthRealm(roles);
context.setRealm(realm);

final Principal principal = new GenericPrincipal(realm, consumer.getKey(), "", roles);
final Principal principal = new GenericPrincipal(realm, consumer.getKey(), "", new ArrayList<String>(roles));
((Request)request).setUserPrincipal(principal);
((Request)request).setAuthType("OAuth");
}

private Set<String> convertPermissionsToRoles(String permissions) {
Set<String> roles = new HashSet<String>();
// get the default roles which may've been allocated to a consumer
try {
Statement st = conn.createStatement();
ResultSet rs = st.executeQuery("SELECT role FROM permissions WHERE"
+ " permission='" + permissions + "'");
if (rs.next()) {
String rolesValues = rs.getString("role");
roles.add(rolesValues);
}
} catch (SQLException ex) {
throw new RuntimeException("No role exists for permission " + permissions);
}
return roles;
}


private static class OAuthRealm extends RealmBase {

//private String username;
private List<String> roles;
private Set<String> roles;

public OAuthRealm(String username, List<String> roles) {
//this.username = username;
public OAuthRealm(Set<String> roles) {
this.roles = roles;
}

Expand Down
34 changes: 32 additions & 2 deletions ...icator/src/main/java/org/jboss/resteasy/examples/oauth/authenticator/OAuthDBProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,13 @@
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import java.util.UUID;

import org.jboss.resteasy.auth.oauth.OAuthConsumer;
import org.jboss.resteasy.auth.oauth.OAuthException;
import org.jboss.resteasy.auth.oauth.OAuthPermissions;
import org.jboss.resteasy.auth.oauth.OAuthProvider;
import org.jboss.resteasy.auth.oauth.OAuthRequestToken;
import org.jboss.resteasy.auth.oauth.OAuthToken;
Expand All @@ -22,6 +23,8 @@
**/
public class OAuthDBProvider implements OAuthProvider {

private static final String DEFAULT_CONSUMER_ROLE = "user";

private static Connection conn;
static {
Properties props = new Properties();
Expand Down Expand Up @@ -296,11 +299,38 @@ public void registerConsumerScopes(String consumerKey,


public void registerConsumerPermissions(String consumerKey,
OAuthPermissions permissions) throws OAuthException {
String[] permissions) throws OAuthException {
// TODO Auto-generated method stub

}

public Set<String> convertPermissionsToRoles(String[] permissions) {
Set<String> roles = new HashSet<String>();
roles.add(DEFAULT_CONSUMER_ROLE);
if (permissions == null || permissions.length == 0) {
return roles;
}
StringBuilder query = new StringBuilder();
query.append("SELECT role FROM permissions WHERE ");
for (int i = 0; i < permissions.length; i++) {
query.append("permission='" + permissions[i] + "'");
if (i + 1 < permissions.length) {
query.append(" OR ");
}
}
try {
Statement st = conn.createStatement();
ResultSet rs = st.executeQuery(query.toString());
if (rs.next()) {
String rolesValues = rs.getString("role");
roles.add(rolesValues);
}
} catch (SQLException ex) {
throw new RuntimeException("No role exists for permission " + permissions);
}
return roles;
}

private static synchronized void update(String expression) throws SQLException {

Statement st = conn.createStatement(); // statements
Expand Down
59 changes: 1 addition & 58 deletions ...h-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingFilter.java
View file
Original file line number Diff line number Diff line change
@@ -1,48 +1,17 @@
package org.jboss.resteasy.examples.oauth;

import java.security.Principal;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

import org.jboss.resteasy.auth.oauth.OAuthConsumer;
import org.jboss.resteasy.auth.oauth.OAuthFilter;
import org.jboss.resteasy.auth.oauth.OAuthPermissions;
import org.jboss.resteasy.auth.oauth.OAuthToken;

public class OAuthPushMessagingFilter extends OAuthFilter {

private static final String DEFAULT_CONSUMER_ROLE = "user";

private static Connection conn;

static {
Properties props = new Properties();
try {
props.load(OAuthPushMessagingFilter.class.getResourceAsStream("/db.properties"));
} catch (Exception ex) {
throw new RuntimeException("db.properties resource is not available");
}
String driver = props.getProperty("db.driver");
String url = props.getProperty("db.url");
String user = props.getProperty("db.username");
String password = props.getProperty("db.password");

try {
Class.forName(driver);
conn = DriverManager.getConnection(url, user, password);
} catch (Exception ex) {
throw new RuntimeException("In memory OAuth DB can not be created " + ex.getMessage());
}
}

public OAuthPushMessagingFilter()
{
Expand Down Expand Up @@ -88,33 +57,7 @@ public String getName() {


private Set<String> getRoles(OAuthConsumer consumer) {
Set<String> roles = new HashSet<String>();
// get the default roles which may've been allocated to a consumer
roles.add(DEFAULT_CONSUMER_ROLE);
// get the public permissions if any
OAuthPermissions permissions = consumer.getPermissions();
if (permissions != null) {
for (String permission : permissions.getPermissions()) {
roles.addAll(convertPermissionsToRoles(permission));
}
}
return roles;
return getProvider().convertPermissionsToRoles(consumer.getPermissions());
}

private Set<String> convertPermissionsToRoles(String permissions) {
Set<String> roles = new HashSet<String>();
// get the default roles which may've been allocated to a consumer
try {
Statement st = conn.createStatement();
ResultSet rs = st.executeQuery("SELECT role FROM permissions WHERE"
+ " permission='" + permissions + "'");
if (rs.next()) {
String rolesValues = rs.getString("role");
roles.add(rolesValues);
}
} catch (SQLException ex) {
throw new RuntimeException("No role exists for permission " + permissions);
}
return roles;
}
}
41 changes: 35 additions & 6 deletions ...messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,13 @@
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import java.util.UUID;

import org.jboss.resteasy.auth.oauth.OAuthConsumer;
import org.jboss.resteasy.auth.oauth.OAuthException;
import org.jboss.resteasy.auth.oauth.OAuthPermissions;
import org.jboss.resteasy.auth.oauth.OAuthProvider;
import org.jboss.resteasy.auth.oauth.OAuthRequestToken;
import org.jboss.resteasy.auth.oauth.OAuthToken;
Expand All @@ -22,6 +23,8 @@
**/
public class OAuthPushMessagingProvider implements OAuthProvider {

private static final String DEFAULT_CONSUMER_ROLE = "user";

private static Connection conn;
static {
Properties props = new Properties();
Expand Down Expand Up @@ -59,7 +62,7 @@ private static void initTables()
update(
"CREATE TABLE consumers ( id INTEGER IDENTITY, key VARCHAR(256)" +
", secret VARCHAR(256), display_name VARCHAR(256), connect_uri VARCHAR(256), "
+ "scopes VARCHAR(256), permissions VARCHAR(256), perm_type VARCHAR(256), unique(key))");
+ "scopes VARCHAR(256), permissions VARCHAR(256), unique(key))");

// request tokens
update(
Expand Down Expand Up @@ -149,7 +152,7 @@ public OAuthConsumer getConsumer(String consumerKey) throws OAuthException {
String perms = rs.getString("permissions");
OAuthConsumer consumer =
new OAuthConsumer(key, secret, displayName, connectURI,
perms != null ? new OAuthPermissions("custom", new String[]{perms}) : null);
perms != null ? new String[]{perms} : null);
consumer.setScopes(new String[]{scopes});
return consumer;
} else {
Expand Down Expand Up @@ -310,13 +313,12 @@ public void registerConsumerScopes(String consumerKey,
}

public void registerConsumerPermissions(String consumerKey,
OAuthPermissions permissions) throws OAuthException {
String[] permissions) throws OAuthException {
try {
if (permissions != null)
{
update("UPDATE consumers SET permissions="
+ "'" + permissions.getPermissions()[0] + "'"
+ ",perm_type='" + permissions.getPermissionType() + "'"
+ "'" + permissions[0] + "'"
+ " WHERE key='" + consumerKey + "'");
}
} catch (SQLException ex) {
Expand All @@ -326,6 +328,33 @@ public void registerConsumerPermissions(String consumerKey,

}

public Set<String> convertPermissionsToRoles(String[] permissions) {
Set<String> roles = new HashSet<String>();
roles.add(DEFAULT_CONSUMER_ROLE);
if (permissions == null || permissions.length == 0) {
return roles;
}
StringBuilder query = new StringBuilder();
query.append("SELECT role FROM permissions WHERE ");
for (int i = 0; i < permissions.length; i++) {
query.append("permission='" + permissions[i] + "'");
if (i + 1 < permissions.length) {
query.append(" OR ");
}
}
try {
Statement st = conn.createStatement();
ResultSet rs = st.executeQuery(query.toString());
if (rs.next()) {
String rolesValues = rs.getString("role");
roles.add(rolesValues);
}
} catch (SQLException ex) {
throw new RuntimeException("No role exists for permission " + permissions);
}
return roles;
}

private static void registerCustomPermissionsAndRoles() {

try {
Expand Down

0 comments on commit d225b62

Please sign in to comment.