Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #90 from futures/OAuthIntoWebapp
Linked in fcrepo-auth-oauth
- Loading branch information
Showing
42 changed files
with
2,954 additions
and
166 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!DOCTYPE suppressions PUBLIC | ||
"-//Puppy Crawl//DTD Suppressions 1.1//EN" | ||
"http://www.puppycrawl.com/dtds/suppressions_1_1.dtd"> | ||
<suppressions> | ||
<suppress files="[\\/]fcrepo-auth-oauth[\\/]" checks="[a-zA-Z0-9]*"/> | ||
</suppressions> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,180 @@ | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
<parent> | ||
<groupId>org.fcrepo</groupId> | ||
<artifactId>fcrepo</artifactId> | ||
<version>4.0-SNAPSHOT</version> | ||
</parent> | ||
<artifactId>fcrepo-auth-oauth</artifactId> | ||
<name>${project.artifactId}</name> | ||
<description>Fedora OAuth 2.0 module</description> | ||
<packaging>bundle</packaging> | ||
<properties> | ||
<oltu.version>0.31-SNAPSHOT</oltu.version> | ||
</properties> | ||
<dependencies> | ||
<dependency> | ||
<artifactId>fcrepo-http-api</artifactId> | ||
<groupId>org.fcrepo</groupId> | ||
<version>${project.version}</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.apache.oltu.oauth2</groupId> | ||
<artifactId>org.apache.oltu.oauth2.authzserver</artifactId> | ||
<version>${oltu.version}</version> | ||
<exclusions> | ||
<!-- Dependency convergence: fcrepo-http-api (via jersey-json:1.17.1) depends | ||
on jettison:1.1, but org.apache.oltu.oauth2.authzserver depends on jettison:1.2 --> | ||
<exclusion> | ||
<groupId>org.codehaus.jettison</groupId> | ||
<artifactId>jettison</artifactId> | ||
</exclusion> | ||
<!-- Dependency convergence: fcrepo-http-api (via fcrepo-jcr) depends on | ||
commons-codec:1.6, but org.apache.oltu.oauth2.authzserver depends on commons-codec:1.8 --> | ||
<exclusion> | ||
<groupId>commons-codec</groupId> | ||
<artifactId>commons-codec</artifactId> | ||
</exclusion> | ||
</exclusions> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.apache.oltu.oauth2</groupId> | ||
<artifactId>oltu-oauth2-resourceserver-filter</artifactId> | ||
<version>${oltu.version}</version> | ||
<exclusions> | ||
<!-- Dependency convergence: fcrepo-http-api (via jersey-json:1.17.1) | ||
depends on jettison:1.1, but org.apache.oltu.oauth2.authzserver depends on | ||
jettison:1.2 --> | ||
<exclusion> | ||
<groupId>org.codehaus.jettison</groupId> | ||
<artifactId>jettison</artifactId> | ||
</exclusion> | ||
<!-- Dependency convergence: fcrepo-http-api (via fcrepo-jcr) depends | ||
on commons-codec:1.6, but org.apache.oltu.oauth2.authzserver depends on commons-codec:1.8 --> | ||
<exclusion> | ||
<groupId>commons-codec</groupId> | ||
<artifactId>commons-codec</artifactId> | ||
</exclusion> | ||
</exclusions> | ||
</dependency> | ||
<!-- test gear --> | ||
<dependency> | ||
<groupId>org.fcrepo</groupId> | ||
<artifactId>fcrepo-kernel</artifactId> | ||
<version>${project.version}</version> | ||
<classifier>tests</classifier> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.fcrepo</groupId> | ||
<artifactId>fcrepo-http-commons</artifactId> | ||
<version>${project.version}</version> | ||
<scope>test</scope> | ||
<type>test-jar</type> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.glassfish.grizzly</groupId> | ||
<artifactId>grizzly-http-server</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.glassfish.grizzly</groupId> | ||
<artifactId>grizzly-http-servlet</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>com.sun.jersey</groupId> | ||
<artifactId>jersey-grizzly2</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>javax.mail</groupId> | ||
<artifactId>mail</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>com.sun.jersey.contribs</groupId> | ||
<artifactId>jersey-spring</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>junit</groupId> | ||
<artifactId>junit</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework</groupId> | ||
<artifactId>spring-test</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.apache.httpcomponents</groupId> | ||
<artifactId>httpclient</artifactId> | ||
<exclusions> | ||
<!-- Dependency convergence: httpclient:4.2.5 depends on commons-codec:1.6, | ||
but org.apache.oltu.oauth2.authzserver depends on commons-codec:1.8 --> | ||
<exclusion> | ||
<groupId>commons-codec</groupId> | ||
<artifactId>commons-codec</artifactId> | ||
</exclusion> | ||
</exclusions> | ||
</dependency> | ||
<dependency> | ||
<groupId>com.sun.jersey.jersey-test-framework</groupId> | ||
<artifactId>jersey-test-framework-grizzly2</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>com.sun.jersey</groupId> | ||
<artifactId>jersey-servlet</artifactId> | ||
<version>${jersey.version}</version> | ||
<scope>test</scope> | ||
</dependency> | ||
<!-- Playing with ordered loading for tests --> | ||
<dependency> | ||
<groupId>javax.servlet</groupId> | ||
<artifactId>javax.servlet-api</artifactId> | ||
<scope>provided</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>javax.annotation</groupId> | ||
<artifactId>javax.annotation-api</artifactId> | ||
<version>1.2</version> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.glassfish.jersey.containers</groupId> | ||
<artifactId>jersey-container-grizzly2-servlet</artifactId> | ||
<version>2.0</version> | ||
<scope>test</scope> | ||
</dependency> | ||
</dependencies> | ||
<build> | ||
<plugins> | ||
<plugin> | ||
<groupId>org.apache.felix</groupId> | ||
<artifactId>maven-bundle-plugin</artifactId> | ||
</plugin> | ||
<plugin> | ||
<artifactId>maven-checkstyle-plugin</artifactId> | ||
<configuration> | ||
<consoleOutput>true</consoleOutput> | ||
<configLocation>fcrepo-checkstyle/checkstyle.xml</configLocation> | ||
<suppressionsLocation>checkstyle-suppressions.xml</suppressionsLocation> | ||
</configuration> | ||
</plugin> | ||
<plugin> | ||
<groupId>org.codehaus.mojo</groupId> | ||
<artifactId>build-helper-maven-plugin</artifactId> | ||
</plugin> | ||
</plugins> | ||
</build> | ||
<repositories> | ||
<repository> | ||
<id>Apache Snapshots</id> | ||
<url>https://repository.apache.org/content/repositories/snapshots/</url> | ||
<snapshots> | ||
<enabled>true</enabled> | ||
</snapshots> | ||
</repository> | ||
</repositories> | ||
</project> |
32 changes: 32 additions & 0 deletions
32
fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/Constants.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
/** | ||
* Copyright 2013 DuraSpace, Inc. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package org.fcrepo.auth.oauth; | ||
|
||
public interface Constants { | ||
|
||
public static final String OAUTH_WORKSPACE = "oauth"; | ||
|
||
// TODO get namespaced properties to work | ||
public static final String CLIENT_PROPERTY = "oauth-client"; | ||
|
||
// TODO get namespaced properties to work | ||
public static final String PRINCIPAL_PROPERTY = "oauth-principal"; | ||
|
||
// TODO get namespaced properties to work | ||
public static final String SCOPES_PROPERTY = "oauth-scopes"; | ||
|
||
public static final Long EXPIRATION_TIMEOUT = 3600l; | ||
} |
73 changes: 73 additions & 0 deletions
73
fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/Decision.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
/** | ||
* Copyright 2013 DuraSpace, Inc. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package org.fcrepo.auth.oauth; | ||
|
||
import java.security.Principal; | ||
|
||
import org.apache.oltu.oauth2.rsfilter.OAuthClient; | ||
import org.apache.oltu.oauth2.rsfilter.OAuthDecision; | ||
|
||
/** | ||
* @author ajs6f | ||
* @date Jul 1, 2013 | ||
*/ | ||
public class Decision implements OAuthDecision { | ||
|
||
private OAuthClient oAuthClient; | ||
|
||
private Principal principal; | ||
|
||
private boolean isAuthorized; | ||
|
||
public Decision(final String client, final String principal) { | ||
this.oAuthClient = new OAuthClient() { | ||
|
||
@Override | ||
public String getClientId() { | ||
return client; | ||
} | ||
|
||
}; | ||
this.principal = new Principal() { | ||
|
||
@Override | ||
public String getName() { | ||
return principal; | ||
} | ||
|
||
}; | ||
} | ||
|
||
@Override | ||
public OAuthClient getOAuthClient() { | ||
return oAuthClient; | ||
} | ||
|
||
@Override | ||
public Principal getPrincipal() { | ||
return principal; | ||
} | ||
|
||
@Override | ||
public boolean isAuthorized() { | ||
return isAuthorized; | ||
} | ||
|
||
public void setAuthorized(final boolean isAuthorized) { | ||
this.isAuthorized = isAuthorized; | ||
} | ||
|
||
} |
92 changes: 92 additions & 0 deletions
92
fcrepo-auth-oauth/src/main/java/org/fcrepo/auth/oauth/DefaultOAuthResourceProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
/** | ||
* Copyright 2013 DuraSpace, Inc. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package org.fcrepo.auth.oauth; | ||
|
||
import static com.google.common.base.Throwables.propagate; | ||
import static org.fcrepo.auth.oauth.Constants.CLIENT_PROPERTY; | ||
import static org.fcrepo.auth.oauth.Constants.OAUTH_WORKSPACE; | ||
import static org.fcrepo.auth.oauth.Constants.PRINCIPAL_PROPERTY; | ||
import static org.slf4j.LoggerFactory.getLogger; | ||
|
||
import javax.jcr.Node; | ||
import javax.jcr.RepositoryException; | ||
import javax.jcr.Session; | ||
import javax.servlet.http.HttpServletRequest; | ||
|
||
import org.apache.oltu.oauth2.common.exception.OAuthProblemException; | ||
import org.apache.oltu.oauth2.common.exception.OAuthRuntimeException; | ||
import org.apache.oltu.oauth2.rsfilter.OAuthDecision; | ||
import org.apache.oltu.oauth2.rsfilter.OAuthRSProvider; | ||
import org.fcrepo.session.SessionFactory; | ||
import org.slf4j.Logger; | ||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.stereotype.Component; | ||
|
||
/** | ||
* @author ajs6f | ||
* @date Jul 1, 2013 | ||
*/ | ||
@Component | ||
public class DefaultOAuthResourceProvider implements OAuthRSProvider { | ||
|
||
@Autowired | ||
private SessionFactory sessionFactory; | ||
|
||
private static final Logger LOGGER = | ||
getLogger(DefaultOAuthResourceProvider.class); | ||
|
||
/* | ||
* (non-Javadoc) | ||
* @see | ||
* org.apache.oltu.oauth2.rsfilter.OAuthRSProvider#validateRequest(java. | ||
* lang.String, java.lang.String, javax.servlet.http.HttpServletRequest) | ||
*/ | ||
@Override | ||
public OAuthDecision validateRequest(final String rsId, final String token, | ||
final HttpServletRequest req) throws OAuthProblemException { | ||
// first check validity of token | ||
try { | ||
final Session session = sessionFactory.getSession(OAUTH_WORKSPACE); | ||
try { | ||
if (!session.itemExists("/tokens/" + token)) { | ||
throw new OAuthRuntimeException("Invalid token!"); | ||
} else { | ||
final Node tokenNode = session.getNode("/tokens/" + token); | ||
LOGGER.debug("Retrieved token from: {}", tokenNode | ||
.getPath()); | ||
final String client = | ||
tokenNode.getProperty(CLIENT_PROPERTY).getString(); | ||
LOGGER.debug("Retrieved client: {}", client); | ||
final String principal = | ||
tokenNode.getProperty(PRINCIPAL_PROPERTY) | ||
.getString(); | ||
LOGGER.debug("Retrieved principal: {}", principal); | ||
return new Decision(client, principal); | ||
} | ||
} finally { | ||
session.logout(); | ||
} | ||
} catch (final RepositoryException e) { | ||
propagate(e); | ||
} | ||
|
||
return null; | ||
} | ||
|
||
public void setSessionFactory(final SessionFactory sessionFactory) { | ||
this.sessionFactory = sessionFactory; | ||
} | ||
} |
Oops, something went wrong.