diff --git a/jaxrs/examples/oauth-authenticator/authenticator/src/main/java/org/jboss/resteasy/examples/oauth/authenticator/OAuthBasicAuthenticator.java b/jaxrs/examples/oauth-authenticator/authenticator/src/main/java/org/jboss/resteasy/examples/oauth/authenticator/OAuthBasicAuthenticator.java index 2e36da6d2b0..f9fe0943000 100644 --- a/jaxrs/examples/oauth-authenticator/authenticator/src/main/java/org/jboss/resteasy/examples/oauth/authenticator/OAuthBasicAuthenticator.java +++ b/jaxrs/examples/oauth-authenticator/authenticator/src/main/java/org/jboss/resteasy/examples/oauth/authenticator/OAuthBasicAuthenticator.java @@ -3,15 +3,9 @@ import java.io.IOException; import java.net.HttpURLConnection; import java.security.Principal; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; import java.util.ArrayList; import java.util.Arrays; import java.util.HashSet; -import java.util.List; import java.util.Set; import javax.servlet.ServletException; @@ -49,17 +43,28 @@ public class OAuthBasicAuthenticator extends AuthenticatorBase { private static final Set SUPPORTED_AUTH_METHODS = new HashSet(Arrays.asList("oauth", "basic", "oauth+basic", "basic+oauth")); - private static final String DEFAULT_CONSUMER_ROLE = "user"; - private BasicAuthenticator ba = new BasicAuthenticator(); + /** + * These DB connection properties are not used at the moment as a DB-aware + * OAuthProvider expects db.properties be available on the class path; + * However, an OAuthProvider constructor accepting either Properties or Map + * can be used when instantiating the provider and have these properties injected. + * + * This option can work given that it is easy to inject the configuration properties + * into this Authenticator implementation but it is tricky to do for OAuthProvider + * unless it is converted into a Catalina Realm which makes it all very complicated + * when we have Basic and OAuth - given that Basic and OAuth realms + * (i.e, databases of users and their passwords, etc) are unlikely to intersect or work + * in the "or" combination. + */ protected String driver; protected String url; protected String user; protected String password; + private String oauthProviderName; - private Connection conn; private OAuthProvider oauthProvider; private OAuthValidator validator; @@ -159,8 +164,6 @@ public void start() throws LifecycleException { super.start(); try { - Class.forName(driver); - conn = DriverManager.getConnection(url, user, password); oauthProvider = (OAuthProvider)Class.forName(oauthProviderName).newInstance(); validator = new OAuthValidator(oauthProvider); } catch (Exception ex) { @@ -169,20 +172,6 @@ public void start() throws LifecycleException { } - @Override - public void stop() throws LifecycleException { - super.stop(); - if (conn != null) - { - try { - conn.close(); - } catch (Exception ex) { - // ignore - } - } - } - - protected void doAuthenticateOAuth(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { OAuthMessage message = OAuthUtils.readMessage(request); @@ -227,43 +216,20 @@ protected void createPrincipalAndRoles(HttpServletRequest request, OAuthToken accessToken) { - List roles = new ArrayList(); - // get the default roles which may've been allocated to a consumer - roles.add(DEFAULT_CONSUMER_ROLE); - roles.addAll(convertPermissionsToRoles(accessToken.getPermissions()[0])); - Realm realm = new OAuthRealm(consumer.getKey(), roles); + Set roles = oauthProvider.convertPermissionsToRoles(accessToken.getPermissions()); + Realm realm = new OAuthRealm(roles); context.setRealm(realm); - final Principal principal = new GenericPrincipal(realm, consumer.getKey(), "", roles); + final Principal principal = new GenericPrincipal(realm, consumer.getKey(), "", new ArrayList(roles)); ((Request)request).setUserPrincipal(principal); ((Request)request).setAuthType("OAuth"); } - private Set convertPermissionsToRoles(String permissions) { - Set roles = new HashSet(); - // get the default roles which may've been allocated to a consumer - try { - Statement st = conn.createStatement(); - ResultSet rs = st.executeQuery("SELECT role FROM permissions WHERE" - + " permission='" + permissions + "'"); - if (rs.next()) { - String rolesValues = rs.getString("role"); - roles.add(rolesValues); - } - } catch (SQLException ex) { - throw new RuntimeException("No role exists for permission " + permissions); - } - return roles; - } - - private static class OAuthRealm extends RealmBase { - //private String username; - private List roles; + private Set roles; - public OAuthRealm(String username, List roles) { - //this.username = username; + public OAuthRealm(Set roles) { this.roles = roles; } diff --git a/jaxrs/examples/oauth-authenticator/authenticator/src/main/java/org/jboss/resteasy/examples/oauth/authenticator/OAuthDBProvider.java b/jaxrs/examples/oauth-authenticator/authenticator/src/main/java/org/jboss/resteasy/examples/oauth/authenticator/OAuthDBProvider.java index b22f897a2a4..b659e77de12 100644 --- a/jaxrs/examples/oauth-authenticator/authenticator/src/main/java/org/jboss/resteasy/examples/oauth/authenticator/OAuthDBProvider.java +++ b/jaxrs/examples/oauth-authenticator/authenticator/src/main/java/org/jboss/resteasy/examples/oauth/authenticator/OAuthDBProvider.java @@ -6,12 +6,13 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; +import java.util.HashSet; import java.util.Properties; +import java.util.Set; import java.util.UUID; import org.jboss.resteasy.auth.oauth.OAuthConsumer; import org.jboss.resteasy.auth.oauth.OAuthException; -import org.jboss.resteasy.auth.oauth.OAuthPermissions; import org.jboss.resteasy.auth.oauth.OAuthProvider; import org.jboss.resteasy.auth.oauth.OAuthRequestToken; import org.jboss.resteasy.auth.oauth.OAuthToken; @@ -22,6 +23,8 @@ **/ public class OAuthDBProvider implements OAuthProvider { + private static final String DEFAULT_CONSUMER_ROLE = "user"; + private static Connection conn; static { Properties props = new Properties(); @@ -296,11 +299,38 @@ public void registerConsumerScopes(String consumerKey, public void registerConsumerPermissions(String consumerKey, - OAuthPermissions permissions) throws OAuthException { + String[] permissions) throws OAuthException { // TODO Auto-generated method stub } + public Set convertPermissionsToRoles(String[] permissions) { + Set roles = new HashSet(); + roles.add(DEFAULT_CONSUMER_ROLE); + if (permissions == null || permissions.length == 0) { + return roles; + } + StringBuilder query = new StringBuilder(); + query.append("SELECT role FROM permissions WHERE "); + for (int i = 0; i < permissions.length; i++) { + query.append("permission='" + permissions[i] + "'"); + if (i + 1 < permissions.length) { + query.append(" OR "); + } + } + try { + Statement st = conn.createStatement(); + ResultSet rs = st.executeQuery(query.toString()); + if (rs.next()) { + String rolesValues = rs.getString("role"); + roles.add(rolesValues); + } + } catch (SQLException ex) { + throw new RuntimeException("No role exists for permission " + permissions); + } + return roles; + } + private static synchronized void update(String expression) throws SQLException { Statement st = conn.createStatement(); // statements diff --git a/jaxrs/examples/oauth-push-messaging-sso/push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingFilter.java b/jaxrs/examples/oauth-push-messaging-sso/push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingFilter.java index 439ad6383d7..14571cec1f2 100644 --- a/jaxrs/examples/oauth-push-messaging-sso/push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingFilter.java +++ b/jaxrs/examples/oauth-push-messaging-sso/push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingFilter.java @@ -1,13 +1,6 @@ package org.jboss.resteasy.examples.oauth; import java.security.Principal; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; -import java.util.HashSet; -import java.util.Properties; import java.util.Set; import javax.servlet.http.HttpServletRequest; @@ -15,34 +8,10 @@ import org.jboss.resteasy.auth.oauth.OAuthConsumer; import org.jboss.resteasy.auth.oauth.OAuthFilter; -import org.jboss.resteasy.auth.oauth.OAuthPermissions; import org.jboss.resteasy.auth.oauth.OAuthToken; public class OAuthPushMessagingFilter extends OAuthFilter { - private static final String DEFAULT_CONSUMER_ROLE = "user"; - - private static Connection conn; - - static { - Properties props = new Properties(); - try { - props.load(OAuthPushMessagingFilter.class.getResourceAsStream("/db.properties")); - } catch (Exception ex) { - throw new RuntimeException("db.properties resource is not available"); - } - String driver = props.getProperty("db.driver"); - String url = props.getProperty("db.url"); - String user = props.getProperty("db.username"); - String password = props.getProperty("db.password"); - - try { - Class.forName(driver); - conn = DriverManager.getConnection(url, user, password); - } catch (Exception ex) { - throw new RuntimeException("In memory OAuth DB can not be created " + ex.getMessage()); - } - } public OAuthPushMessagingFilter() { @@ -88,33 +57,7 @@ public String getName() { private Set getRoles(OAuthConsumer consumer) { - Set roles = new HashSet(); - // get the default roles which may've been allocated to a consumer - roles.add(DEFAULT_CONSUMER_ROLE); - // get the public permissions if any - OAuthPermissions permissions = consumer.getPermissions(); - if (permissions != null) { - for (String permission : permissions.getPermissions()) { - roles.addAll(convertPermissionsToRoles(permission)); - } - } - return roles; + return getProvider().convertPermissionsToRoles(consumer.getPermissions()); } - private Set convertPermissionsToRoles(String permissions) { - Set roles = new HashSet(); - // get the default roles which may've been allocated to a consumer - try { - Statement st = conn.createStatement(); - ResultSet rs = st.executeQuery("SELECT role FROM permissions WHERE" - + " permission='" + permissions + "'"); - if (rs.next()) { - String rolesValues = rs.getString("role"); - roles.add(rolesValues); - } - } catch (SQLException ex) { - throw new RuntimeException("No role exists for permission " + permissions); - } - return roles; - } } \ No newline at end of file diff --git a/jaxrs/examples/oauth-push-messaging-sso/push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingProvider.java b/jaxrs/examples/oauth-push-messaging-sso/push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingProvider.java index 5bfaf76200e..f7a2fdc0595 100644 --- a/jaxrs/examples/oauth-push-messaging-sso/push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingProvider.java +++ b/jaxrs/examples/oauth-push-messaging-sso/push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingProvider.java @@ -6,12 +6,13 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; +import java.util.HashSet; import java.util.Properties; +import java.util.Set; import java.util.UUID; import org.jboss.resteasy.auth.oauth.OAuthConsumer; import org.jboss.resteasy.auth.oauth.OAuthException; -import org.jboss.resteasy.auth.oauth.OAuthPermissions; import org.jboss.resteasy.auth.oauth.OAuthProvider; import org.jboss.resteasy.auth.oauth.OAuthRequestToken; import org.jboss.resteasy.auth.oauth.OAuthToken; @@ -22,6 +23,8 @@ **/ public class OAuthPushMessagingProvider implements OAuthProvider { + private static final String DEFAULT_CONSUMER_ROLE = "user"; + private static Connection conn; static { Properties props = new Properties(); @@ -59,7 +62,7 @@ private static void initTables() update( "CREATE TABLE consumers ( id INTEGER IDENTITY, key VARCHAR(256)" + ", secret VARCHAR(256), display_name VARCHAR(256), connect_uri VARCHAR(256), " - + "scopes VARCHAR(256), permissions VARCHAR(256), perm_type VARCHAR(256), unique(key))"); + + "scopes VARCHAR(256), permissions VARCHAR(256), unique(key))"); // request tokens update( @@ -149,7 +152,7 @@ public OAuthConsumer getConsumer(String consumerKey) throws OAuthException { String perms = rs.getString("permissions"); OAuthConsumer consumer = new OAuthConsumer(key, secret, displayName, connectURI, - perms != null ? new OAuthPermissions("custom", new String[]{perms}) : null); + perms != null ? new String[]{perms} : null); consumer.setScopes(new String[]{scopes}); return consumer; } else { @@ -310,13 +313,12 @@ public void registerConsumerScopes(String consumerKey, } public void registerConsumerPermissions(String consumerKey, - OAuthPermissions permissions) throws OAuthException { + String[] permissions) throws OAuthException { try { if (permissions != null) { update("UPDATE consumers SET permissions=" - + "'" + permissions.getPermissions()[0] + "'" - + ",perm_type='" + permissions.getPermissionType() + "'" + + "'" + permissions[0] + "'" + " WHERE key='" + consumerKey + "'"); } } catch (SQLException ex) { @@ -326,6 +328,33 @@ public void registerConsumerPermissions(String consumerKey, } + public Set convertPermissionsToRoles(String[] permissions) { + Set roles = new HashSet(); + roles.add(DEFAULT_CONSUMER_ROLE); + if (permissions == null || permissions.length == 0) { + return roles; + } + StringBuilder query = new StringBuilder(); + query.append("SELECT role FROM permissions WHERE "); + for (int i = 0; i < permissions.length; i++) { + query.append("permission='" + permissions[i] + "'"); + if (i + 1 < permissions.length) { + query.append(" OR "); + } + } + try { + Statement st = conn.createStatement(); + ResultSet rs = st.executeQuery(query.toString()); + if (rs.next()) { + String rolesValues = rs.getString("role"); + roles.add(rolesValues); + } + } catch (SQLException ex) { + throw new RuntimeException("No role exists for permission " + permissions); + } + return roles; + } + private static void registerCustomPermissionsAndRoles() { try { diff --git a/jaxrs/examples/oauth-push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingFilter.java b/jaxrs/examples/oauth-push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingFilter.java index b6fb412ede0..0c9f4b826f6 100644 --- a/jaxrs/examples/oauth-push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingFilter.java +++ b/jaxrs/examples/oauth-push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingFilter.java @@ -1,13 +1,6 @@ package org.jboss.resteasy.examples.oauth; import java.security.Principal; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; -import java.util.HashSet; -import java.util.Properties; import java.util.Set; import javax.servlet.http.HttpServletRequest; @@ -15,34 +8,10 @@ import org.jboss.resteasy.auth.oauth.OAuthConsumer; import org.jboss.resteasy.auth.oauth.OAuthFilter; -import org.jboss.resteasy.auth.oauth.OAuthPermissions; import org.jboss.resteasy.auth.oauth.OAuthToken; public class OAuthPushMessagingFilter extends OAuthFilter { - private static final String DEFAULT_CONSUMER_ROLE = "user"; - private static Connection conn; - - static { - Properties props = new Properties(); - try { - props.load(OAuthPushMessagingFilter.class.getResourceAsStream("/db.properties")); - } catch (Exception ex) { - throw new RuntimeException("db.properties resource is not available"); - } - String driver = props.getProperty("db.driver"); - String url = props.getProperty("db.url"); - String user = props.getProperty("db.username"); - String password = props.getProperty("db.password"); - - try { - Class.forName(driver); - conn = DriverManager.getConnection(url, user, password); - } catch (Exception ex) { - throw new RuntimeException("In memory OAuth DB can not be created " + ex.getMessage()); - } - } - public OAuthPushMessagingFilter() { @@ -87,36 +56,9 @@ public String getName() { private Set getRoles(OAuthConsumer consumer) { - Set roles = new HashSet(); - // add a default role here - depending on the consumer id, request URI, etc - // example, "user" - roles.add(DEFAULT_CONSUMER_ROLE); + return getProvider().convertPermissionsToRoles(consumer.getPermissions()); - // get the public permissions if any - OAuthPermissions permissions = consumer.getPermissions(); - if (permissions != null) { - for (String permission : permissions.getPermissions()) { - roles.addAll(convertPermissionsToRoles(permission)); - } - } - return roles; } - private Set convertPermissionsToRoles(String permissions) { - Set roles = new HashSet(); - // get the default roles which may've been allocated to a consumer - try { - Statement st = conn.createStatement(); - ResultSet rs = st.executeQuery("SELECT role FROM permissions WHERE" - + " permission='" + permissions + "'"); - if (rs.next()) { - String rolesValues = rs.getString("role"); - roles.add(rolesValues); - } - } catch (SQLException ex) { - throw new RuntimeException("No role exists for permission " + permissions); - } - return roles; - } } \ No newline at end of file diff --git a/jaxrs/examples/oauth-push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingProvider.java b/jaxrs/examples/oauth-push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingProvider.java index 5bf2e00f7c3..46c11a6231f 100644 --- a/jaxrs/examples/oauth-push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingProvider.java +++ b/jaxrs/examples/oauth-push-messaging/src/main/java/org/jboss/resteasy/examples/oauth/OAuthPushMessagingProvider.java @@ -6,12 +6,13 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; +import java.util.HashSet; import java.util.Properties; +import java.util.Set; import java.util.UUID; import org.jboss.resteasy.auth.oauth.OAuthConsumer; import org.jboss.resteasy.auth.oauth.OAuthException; -import org.jboss.resteasy.auth.oauth.OAuthPermissions; import org.jboss.resteasy.auth.oauth.OAuthProvider; import org.jboss.resteasy.auth.oauth.OAuthRequestToken; import org.jboss.resteasy.auth.oauth.OAuthToken; @@ -22,6 +23,8 @@ **/ public class OAuthPushMessagingProvider implements OAuthProvider { + private static final String DEFAULT_CONSUMER_ROLE = "user"; + private static Connection conn; static { Properties props = new Properties(); @@ -59,7 +62,7 @@ private static void initTables() update( "CREATE TABLE consumers ( id INTEGER IDENTITY, key VARCHAR(256)" + ", secret VARCHAR(256), display_name VARCHAR(256), connect_uri VARCHAR(256), " - + "scopes VARCHAR(256), permissions VARCHAR(256), perm_type VARCHAR(256), unique(key))"); + + "scopes VARCHAR(256), permissions VARCHAR(256), unique(key))"); // request tokens update( @@ -148,7 +151,7 @@ public OAuthConsumer getConsumer(String consumerKey) throws OAuthException { String perms = rs.getString("permissions"); OAuthConsumer consumer = new OAuthConsumer(key, secret, displayName, connectURI, - perms != null ? new OAuthPermissions("custom", new String[]{perms}) : null); + perms != null ? new String[]{perms} : null); consumer.setScopes(new String[]{scopes}); return consumer; } else { @@ -309,13 +312,12 @@ public void registerConsumerScopes(String consumerKey, } public void registerConsumerPermissions(String consumerKey, - OAuthPermissions permissions) throws OAuthException { + String[] permissions) throws OAuthException { try { if (permissions != null) { update("UPDATE consumers SET permissions=" - + "'" + permissions.getPermissions()[0] + "'" - + ",perm_type='" + permissions.getPermissionType() + "'" + + "'" + permissions[0] + "'" + " WHERE key='" + consumerKey + "'"); } } catch (SQLException ex) { @@ -336,5 +338,32 @@ private static void registerCustomPermissionsAndRoles() { throw new RuntimeException("Permissions can not be mapped to roles"); } } + + public Set convertPermissionsToRoles(String[] permissions) { + Set roles = new HashSet(); + roles.add(DEFAULT_CONSUMER_ROLE); + if (permissions == null || permissions.length == 0) { + return roles; + } + StringBuilder query = new StringBuilder(); + query.append("SELECT role FROM permissions WHERE "); + for (int i = 0; i < permissions.length; i++) { + query.append("permission='" + permissions[i] + "'"); + if (i + 1 < permissions.length) { + query.append(" OR "); + } + } + try { + Statement st = conn.createStatement(); + ResultSet rs = st.executeQuery(query.toString()); + if (rs.next()) { + String rolesValues = rs.getString("role"); + roles.add(rolesValues); + } + } catch (SQLException ex) { + throw new RuntimeException("No role exists for permission " + permissions); + } + return roles; + } } diff --git a/jaxrs/examples/oauth/src/main/java/org/jboss/resteasy/examples/oauth/OAuthDBFilter.java b/jaxrs/examples/oauth/src/main/java/org/jboss/resteasy/examples/oauth/OAuthDBFilter.java index be8aa7d2f8c..c16ac2dd393 100644 --- a/jaxrs/examples/oauth/src/main/java/org/jboss/resteasy/examples/oauth/OAuthDBFilter.java +++ b/jaxrs/examples/oauth/src/main/java/org/jboss/resteasy/examples/oauth/OAuthDBFilter.java @@ -1,13 +1,6 @@ package org.jboss.resteasy.examples.oauth; import java.security.Principal; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; -import java.util.HashSet; -import java.util.Properties; import java.util.Set; import javax.servlet.http.HttpServletRequest; @@ -18,29 +11,6 @@ public class OAuthDBFilter extends OAuthFilter { - private static final String DEFAULT_CONSUMER_ROLE = "user"; - - private static Connection conn; - static { - Properties props = new Properties(); - try { - props.load(OAuthDBFilter.class.getResourceAsStream("/db.properties")); - } catch (Exception ex) { - throw new RuntimeException("db.properties resource is not available"); - } - String driver = props.getProperty("db.driver"); - String url = props.getProperty("db.url"); - String user = props.getProperty("db.username"); - String password = props.getProperty("db.password"); - - try { - Class.forName(driver); - conn = DriverManager.getConnection(url, user, password); - } catch (Exception ex) { - throw new RuntimeException("In memory OAuth DB can not be created " + ex.getMessage()); - } - } - public OAuthDBFilter() { @@ -53,9 +23,7 @@ protected HttpServletRequest createSecurityContext(HttpServletRequest request, // Alternatively we can have an alias associated with a given key // Example: www.messageing.service : kermit final Principal principal = new SimplePrincipal(consumer.getKey()); - final Set roles = new HashSet(); - roles.add(DEFAULT_CONSUMER_ROLE); - roles.addAll(convertPermissionsToRoles(accessToken.getPermissions()[0])); + final Set roles = getProvider().convertPermissionsToRoles(accessToken.getPermissions()); return new HttpServletRequestWrapper(request){ @Override public Principal getUserPrincipal(){ @@ -87,20 +55,5 @@ public String getName() { } - private Set convertPermissionsToRoles(String permissions) { - Set roles = new HashSet(); - // get the default roles which may've been allocated to a consumer - try { - Statement st = conn.createStatement(); - ResultSet rs = st.executeQuery("SELECT role FROM permissions WHERE" - + " permission='" + permissions + "'"); - if (rs.next()) { - String rolesValues = rs.getString("role"); - roles.add(rolesValues); - } - } catch (SQLException ex) { - throw new RuntimeException("No role exists for permission " + permissions); - } - return roles; - } + } \ No newline at end of file diff --git a/jaxrs/examples/oauth/src/main/java/org/jboss/resteasy/examples/oauth/OAuthDBProvider.java b/jaxrs/examples/oauth/src/main/java/org/jboss/resteasy/examples/oauth/OAuthDBProvider.java index 6d41d9346e6..dddc790e716 100644 --- a/jaxrs/examples/oauth/src/main/java/org/jboss/resteasy/examples/oauth/OAuthDBProvider.java +++ b/jaxrs/examples/oauth/src/main/java/org/jboss/resteasy/examples/oauth/OAuthDBProvider.java @@ -6,12 +6,13 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; +import java.util.HashSet; import java.util.Properties; +import java.util.Set; import java.util.UUID; import org.jboss.resteasy.auth.oauth.OAuthConsumer; import org.jboss.resteasy.auth.oauth.OAuthException; -import org.jboss.resteasy.auth.oauth.OAuthPermissions; import org.jboss.resteasy.auth.oauth.OAuthProvider; import org.jboss.resteasy.auth.oauth.OAuthRequestToken; import org.jboss.resteasy.auth.oauth.OAuthToken; @@ -22,6 +23,7 @@ **/ public class OAuthDBProvider implements OAuthProvider { + private static final String DEFAULT_CONSUMER_ROLE = "user"; private static Connection conn; static { @@ -308,12 +310,6 @@ public void registerConsumerScopes(String consumerKey, } - public void registerConsumerPermissions(String consumerKey, - OAuthPermissions permissions) throws OAuthException { - // TODO Auto-generated method stub - - } - private void registerCustomPermissionsAndRoles() { try { @@ -325,4 +321,39 @@ private void registerCustomPermissionsAndRoles() { throw new RuntimeException("Permissions can not be mapped to roles"); } } + + + public Set convertPermissionsToRoles(String[] permissions) { + Set roles = new HashSet(); + roles.add(DEFAULT_CONSUMER_ROLE); + if (permissions == null || permissions.length == 0) { + return roles; + } + StringBuilder query = new StringBuilder(); + query.append("SELECT role FROM permissions WHERE "); + for (int i = 0; i < permissions.length; i++) { + query.append("permission='" + permissions[i] + "'"); + if (i + 1 < permissions.length) { + query.append(" OR "); + } + } + try { + Statement st = conn.createStatement(); + ResultSet rs = st.executeQuery(query.toString()); + if (rs.next()) { + String rolesValues = rs.getString("role"); + roles.add(rolesValues); + } + } catch (SQLException ex) { + throw new RuntimeException("No role exists for permission " + permissions); + } + return roles; + } + + + public void registerConsumerPermissions(String consumerKey, + String[] permissions) throws OAuthException { + // TODO Auto-generated method stub + + } } diff --git a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthConsumer.java b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthConsumer.java index dfda866b24c..6b3534abde0 100644 --- a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthConsumer.java +++ b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthConsumer.java @@ -16,7 +16,7 @@ public class OAuthConsumer { private String displayName; private String connectURI; private Set scopes; - private OAuthPermissions permissions; + private String[] permissions; public OAuthConsumer(String key, String secret, String displayName, String connectURI) { this.key = key; @@ -26,7 +26,7 @@ public OAuthConsumer(String key, String secret, String displayName, String conne } public OAuthConsumer(String key, String secret, String displayName, String connectURI, - OAuthPermissions perms) { + String[] perms) { this.key = key; this.secret = secret; this.displayName = displayName; @@ -82,7 +82,7 @@ public void setScopes(String[] scopes) { } - public OAuthPermissions getPermissions() { + public String[] getPermissions() { return permissions; } } diff --git a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthConsumerRegistration.java b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthConsumerRegistration.java index c090bda8a91..909888b948f 100644 --- a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthConsumerRegistration.java +++ b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthConsumerRegistration.java @@ -32,6 +32,6 @@ public void registerConsumerScopes(String consumerKey, * @throws OAuthException thrown if permissions can not be registered. */ public void registerConsumerPermissions(String consumerKey, - OAuthPermissions permissions) throws OAuthException; + String[] permissions) throws OAuthException; } diff --git a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthFilter.java b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthFilter.java index 4c94f0c58c1..0a4ab75777d 100644 --- a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthFilter.java +++ b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthFilter.java @@ -94,6 +94,9 @@ protected void _doFilter(HttpServletRequest request, HttpServletResponse respons } + protected OAuthProvider getProvider() { + return provider; + } protected HttpServletRequest createSecurityContext(HttpServletRequest request, diff --git a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthMemoryProvider.java b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthMemoryProvider.java index b86823e7041..0c656661097 100644 --- a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthMemoryProvider.java +++ b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthMemoryProvider.java @@ -1,8 +1,6 @@ package org.jboss.resteasy.auth.oauth; import java.net.HttpURLConnection; -import java.util.Arrays; -import java.util.HashSet; import java.util.Set; import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; @@ -200,8 +198,13 @@ public void registerConsumerScopes(String consumerKey, String[] scopes) } public void registerConsumerPermissions(String consumerKey, - OAuthPermissions permissions) throws OAuthException { + String[] permissions) throws OAuthException { // TODO Auto-generated method stub } + + public Set convertPermissionsToRoles(String[] permissions) { + // TODO Auto-generated method stub + return null; + } } diff --git a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthPermissions.java b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthPermissions.java deleted file mode 100644 index 2613f4ac5f7..00000000000 --- a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthPermissions.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.jboss.resteasy.auth.oauth; - -public class OAuthPermissions { - - private String permissionType; - private String[] permissions; - - public OAuthPermissions(String permissionType, String[] permissions) { - this.permissionType = permissionType; - this.permissions = permissions; - } - - public String[] getPermissions() { - return permissions; - } - - public String getPermissionType() { - return permissionType; - } -} diff --git a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthProvider.java b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthProvider.java index cf6121c4992..fd660dec330 100644 --- a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthProvider.java +++ b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthProvider.java @@ -1,5 +1,7 @@ package org.jboss.resteasy.auth.oauth; +import java.util.Set; + /** * Implement this interface to provide the RESTEasy servlets and filters with the knowledge to * load and store OAuth Consumer, Request and Access Tokens. @@ -86,5 +88,14 @@ public OAuthToken makeRequestToken(String consumerKey, String callback, * with the given OAuth Token */ public void checkTimestamp(OAuthToken token, long timestamp) throws OAuthException; + + /** + * Converts custom permissions which may have been associated with consumers + * or access tokens into domain specific roles, example, + * given a "printResources" permission this method may return a role name "printerService" + * @param permissions + * @return roles + */ + public Set convertPermissionsToRoles(String[] permissions); } diff --git a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthProviderChecker.java b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthProviderChecker.java index a92ae4f08d8..7012e0d1d11 100644 --- a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthProviderChecker.java +++ b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthProviderChecker.java @@ -1,5 +1,7 @@ package org.jboss.resteasy.auth.oauth; +import java.util.Set; + /** * Used to make sure the OAuthProvider implementer does not return null values. * If any null is returned, throws a RuntimeException @@ -67,8 +69,12 @@ public void registerConsumerScopes(String consumerKey, String[] scopes) provider.registerConsumerScopes(consumerKey, scopes); } - public void registerConsumerPermissions(String consumerKey, OAuthPermissions permissions) + public void registerConsumerPermissions(String consumerKey, String[] permissions) throws OAuthException { provider.registerConsumerPermissions(consumerKey, permissions); } + + public Set convertPermissionsToRoles(String[] permissions) { + return provider.convertPermissionsToRoles(permissions); + } } diff --git a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthServlet.java b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthServlet.java index 288f61d70f2..b3c6cb22422 100644 --- a/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthServlet.java +++ b/jaxrs/resteasy-oauth/src/main/java/org/jboss/resteasy/auth/oauth/OAuthServlet.java @@ -303,9 +303,7 @@ private void serveConsumerScopesRegistrationRequest(HttpServletRequest req, String[] permissions = req.getParameterValues("xoauth_permission"); if (permissions != null) { - String permissionType = req.getParameter("xoauth_permission_type"); - permissionType = permissionType == null ? "custom" : "crud"; - provider.registerConsumerPermissions(consumerKey, new OAuthPermissions(permissionType, permissions)); + provider.registerConsumerPermissions(consumerKey, permissions); } resp.setStatus(HttpURLConnection.HTTP_OK);