Bringing fcrepo-auth-oauth under fcrepo4

fcrepo · Jul 2, 2013 · eea2ad6 · eea2ad6
1 parent 82015a3
commit eea2ad6
Show file tree

Hide file tree

Showing 38 changed files with 2,734 additions and 0 deletions.
diff --git a/fcrepo-auth-oauth/checkstyle-suppressions.xml b/fcrepo-auth-oauth/checkstyle-suppressions.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE suppressions PUBLIC
+     "-//Puppy Crawl//DTD Suppressions 1.1//EN"
+     "http://www.puppycrawl.com/dtds/suppressions_1_1.dtd">
+<suppressions>
+  <suppress files="[\\/]fcrepo-auth-oauth[\\/]" checks="[a-zA-Z0-9]*"/>
+</suppressions>
diff --git a/fcrepo-auth-oauth/pom.xml b/fcrepo-auth-oauth/pom.xml
@@ -0,0 +1,180 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.fcrepo</groupId>
+    <artifactId>fcrepo</artifactId>
+    <version>4.0-SNAPSHOT</version>
+  </parent>
+  <artifactId>fcrepo-auth-oauth</artifactId>
+  <name>${project.artifactId}</name>
+  <description>Fedora OAuth 2.0 module</description>
+  <packaging>bundle</packaging>
+  <properties>
+    <oltu.version>0.31-SNAPSHOT</oltu.version>
+  </properties>
+  <dependencies>
+    <dependency>
+      <artifactId>fcrepo-http-api</artifactId>
+      <groupId>org.fcrepo</groupId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.oltu.oauth2</groupId>
+      <artifactId>org.apache.oltu.oauth2.authzserver</artifactId>
+      <version>${oltu.version}</version>
+      <exclusions>
+        <!-- Dependency convergence: fcrepo-http-api (via jersey-json:1.17.1) depends 
+          on jettison:1.1, but org.apache.oltu.oauth2.authzserver depends on jettison:1.2 -->
+        <exclusion>
+          <groupId>org.codehaus.jettison</groupId>
+          <artifactId>jettison</artifactId>
+        </exclusion>
+        <!-- Dependency convergence: fcrepo-http-api (via fcrepo-jcr) depends on 
+          commons-codec:1.6, but org.apache.oltu.oauth2.authzserver depends on commons-codec:1.8 -->
+        <exclusion>
+          <groupId>commons-codec</groupId>
+          <artifactId>commons-codec</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.oltu.oauth2</groupId>
+      <artifactId>oltu-oauth2-resourceserver-filter</artifactId>
+      <version>${oltu.version}</version>
+      <exclusions>
+        <!-- Dependency convergence: fcrepo-http-api (via jersey-json:1.17.1) 
+          depends on jettison:1.1, but org.apache.oltu.oauth2.authzserver depends on 
+          jettison:1.2 -->
+        <exclusion>
+          <groupId>org.codehaus.jettison</groupId>
+          <artifactId>jettison</artifactId>
+        </exclusion>
+        <!-- Dependency convergence: fcrepo-http-api (via fcrepo-jcr) depends 
+          on commons-codec:1.6, but org.apache.oltu.oauth2.authzserver depends on commons-codec:1.8 -->
+        <exclusion>
+          <groupId>commons-codec</groupId>
+          <artifactId>commons-codec</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <!-- test gear -->
+    <dependency>
+      <groupId>org.fcrepo</groupId>
+      <artifactId>fcrepo-kernel</artifactId>
+      <version>${project.version}</version>
+      <classifier>tests</classifier>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.fcrepo</groupId>
+      <artifactId>fcrepo-http-commons</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+      <type>test-jar</type>
+    </dependency>
+    <dependency>
+      <groupId>org.glassfish.grizzly</groupId>
+      <artifactId>grizzly-http-server</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.glassfish.grizzly</groupId>
+      <artifactId>grizzly-http-servlet</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.sun.jersey</groupId>
+      <artifactId>jersey-grizzly2</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>javax.mail</groupId>
+      <artifactId>mail</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.sun.jersey.contribs</groupId>
+      <artifactId>jersey-spring</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-test</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.httpcomponents</groupId>
+      <artifactId>httpclient</artifactId>
+      <exclusions>
+        <!-- Dependency convergence: httpclient:4.2.5 depends on commons-codec:1.6, 
+          but org.apache.oltu.oauth2.authzserver depends on commons-codec:1.8 -->
+        <exclusion>
+          <groupId>commons-codec</groupId>
+          <artifactId>commons-codec</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>com.sun.jersey.jersey-test-framework</groupId>
+      <artifactId>jersey-test-framework-grizzly2</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.sun.jersey</groupId>
+      <artifactId>jersey-servlet</artifactId>
+      <version>${jersey.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <!-- Playing with ordered loading for tests -->
+    <dependency>
+      <groupId>javax.servlet</groupId>
+      <artifactId>javax.servlet-api</artifactId>
+      <scope>provided</scope>
+    </dependency>
+    <dependency>
+      <groupId>javax.annotation</groupId>
+      <artifactId>javax.annotation-api</artifactId>
+      <version>1.2</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.glassfish.jersey.containers</groupId>
+      <artifactId>jersey-container-grizzly2-servlet</artifactId>
+      <version>2.0</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.felix</groupId>
+        <artifactId>maven-bundle-plugin</artifactId>
+      </plugin>
+      <plugin>
+        <artifactId>maven-checkstyle-plugin</artifactId>
+        <configuration>
+          <consoleOutput>true</consoleOutput>
+          <configLocation>fcrepo-checkstyle/checkstyle.xml</configLocation>
+          <suppressionsLocation>checkstyle-suppressions.xml</suppressionsLocation>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>build-helper-maven-plugin</artifactId>
+      </plugin>
+    </plugins>
+  </build>
+  <repositories>
+    <repository>
+      <id>Apache Snapshots</id>
+      <url>https://repository.apache.org/content/repositories/snapshots/</url>
+      <snapshots>
+        <enabled>true</enabled>
+      </snapshots>
+    </repository>
+  </repositories>
+</project>
diff --git a/fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/Constants.java b/fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/Constants.java
@@ -0,0 +1,32 @@
+/**
+ * Copyright 2013 DuraSpace, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.fcrepo.auth.oauth;
+
+public interface Constants {
+
+    public static final String OAUTH_WORKSPACE = "oauth";
+
+    // TODO get namespaced properties to work
+    public static final String CLIENT_PROPERTY = "oauth-client";
+
+    // TODO get namespaced properties to work
+    public static final String PRINCIPAL_PROPERTY = "oauth-principal";
+
+    // TODO get namespaced properties to work
+    public static final String SCOPES_PROPERTY = "oauth-scopes";
+
+    public static final Long EXPIRATION_TIMEOUT = 3600l;
+}
diff --git a/fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/Decision.java b/fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/Decision.java
@@ -0,0 +1,73 @@
+/**
+ * Copyright 2013 DuraSpace, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.fcrepo.auth.oauth;
+
+import java.security.Principal;
+
+import org.apache.oltu.oauth2.rsfilter.OAuthClient;
+import org.apache.oltu.oauth2.rsfilter.OAuthDecision;
+
+/**
+ * @author ajs6f
+ * @date Jul 1, 2013
+ */
+public class Decision implements OAuthDecision {
+
+    private OAuthClient oAuthClient;
+
+    private Principal principal;
+
+    private boolean isAuthorized;
+
+    public Decision(final String client, final String principal) {
+        this.oAuthClient = new OAuthClient() {
+
+            @Override
+            public String getClientId() {
+                return client;
+            }
+
+        };
+        this.principal = new Principal() {
+
+            @Override
+            public String getName() {
+                return principal;
+            }
+
+        };
+    }
+
+    @Override
+    public OAuthClient getOAuthClient() {
+        return oAuthClient;
+    }
+
+    @Override
+    public Principal getPrincipal() {
+        return principal;
+    }
+
+    @Override
+    public boolean isAuthorized() {
+        return isAuthorized;
+    }
+
+    public void setAuthorized(final boolean isAuthorized) {
+        this.isAuthorized = isAuthorized;
+    }
+
+}
diff --git a/fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/DefaultOAuthResourceProvider.java b/fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/DefaultOAuthResourceProvider.java
@@ -0,0 +1,92 @@
+/**
+ * Copyright 2013 DuraSpace, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.fcrepo.auth.oauth;
+
+import static com.google.common.base.Throwables.propagate;
+import static org.fcrepo.auth.oauth.Constants.CLIENT_PROPERTY;
+import static org.fcrepo.auth.oauth.Constants.OAUTH_WORKSPACE;
+import static org.fcrepo.auth.oauth.Constants.PRINCIPAL_PROPERTY;
+import static org.slf4j.LoggerFactory.getLogger;
+
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
+import org.apache.oltu.oauth2.common.exception.OAuthRuntimeException;
+import org.apache.oltu.oauth2.rsfilter.OAuthDecision;
+import org.apache.oltu.oauth2.rsfilter.OAuthRSProvider;
+import org.fcrepo.session.SessionFactory;
+import org.slf4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+/**
+ * @author ajs6f
+ * @date Jul 1, 2013
+ */
+@Component
+public class DefaultOAuthResourceProvider implements OAuthRSProvider {
+
+    @Autowired
+    private SessionFactory sessionFactory;
+
+    private static final Logger LOGGER =
+            getLogger(DefaultOAuthResourceProvider.class);
+
+    /*
+     * (non-Javadoc)
+     * @see
+     * org.apache.oltu.oauth2.rsfilter.OAuthRSProvider#validateRequest(java.
+     * lang.String, java.lang.String, javax.servlet.http.HttpServletRequest)
+     */
+    @Override
+    public OAuthDecision validateRequest(final String rsId, final String token,
+            final HttpServletRequest req) throws OAuthProblemException {
+        // first check validity of token
+        try {
+            final Session session = sessionFactory.getSession(OAUTH_WORKSPACE);
+            try {
+                if (!session.itemExists("/tokens/" + token)) {
+                    throw new OAuthRuntimeException("Invalid token!");
+                } else {
+                    final Node tokenNode = session.getNode("/tokens/" + token);
+                    LOGGER.debug("Retrieved token from: {}", tokenNode
+                            .getPath());
+                    final String client =
+                            tokenNode.getProperty(CLIENT_PROPERTY).getString();
+                    LOGGER.debug("Retrieved client: {}", client);
+                    final String principal =
+                            tokenNode.getProperty(PRINCIPAL_PROPERTY)
+                                    .getString();
+                    LOGGER.debug("Retrieved principal: {}", principal);
+                    return new Decision(client, principal);
+                }
+            } finally {
+                session.logout();
+            }
+        } catch (final RepositoryException e) {
+            propagate(e);
+        }
+
+        return null;
+    }
+
+    public void setSessionFactory(final SessionFactory sessionFactory) {
+        this.sessionFactory = sessionFactory;
+    }
+}