Author: [email protected]
Date: Mon Jul 11 11:46:11 2011
New Revision: 1211
Log:
[AMDATUAUTH-20] Request tokens are now removed when a user explicitly denies
access to a specific service consumer
Modified:
trunk/amdatu-auth/oauth-example/pom.xml
trunk/amdatu-auth/oauth-example/src/main/java/org/amdatu/example/oauth/osgi/Activator.java
trunk/amdatu-auth/oauth-example/src/main/java/org/amdatu/example/oauth/service/OAuthGadgetsRegistrationServiceImpl.java
trunk/amdatu-auth/oauth-example/src/main/java/org/amdatu/example/oauth/service/OAuthProtectedResource.java
trunk/amdatu-auth/oauth-server/src/main/java/org/amdatu/authentication/oauth/server/OAuthTokenProvider.java
trunk/amdatu-auth/oauth-server/src/main/java/org/amdatu/authentication/oauth/server/service/OAuthTokenProviderImpl.java
trunk/amdatu-auth/oauth-server/src/main/java/org/amdatu/authentication/oauth/server/servlet/OAuthAuthorizeTokenServletImpl.java
trunk/amdatu-auth/oauth-server/src/main/resources/jsp/authorize.jsp
trunk/amdatu-auth/test-integration/tests/src/test/java/org/amdatu/auth/test/integration/tests/AuthTest.java
trunk/amdatu-auth/test-integration/tests/src/test/java/org/amdatu/auth/test/integration/tests/util/OAuthResourceOwnerClient.java
Modified: trunk/amdatu-auth/oauth-example/pom.xml
==============================================================================
--- trunk/amdatu-auth/oauth-example/pom.xml (original)
+++ trunk/amdatu-auth/oauth-example/pom.xml Mon Jul 11 11:46:11 2011
@@ -71,6 +71,11 @@
<type>bundle</type>
</dependency>
<dependency>
+ <groupId>org.amdatu.auth</groupId>
+ <artifactId>org.amdatu.auth.tokenprovider</artifactId>
+ <type>bundle</type>
+ </dependency>
+ <dependency>
<groupId>org.amdatu.web</groupId>
<artifactId>org.amdatu.web.jaxrs</artifactId>
<type>bundle</type>
Modified:
trunk/amdatu-auth/oauth-example/src/main/java/org/amdatu/example/oauth/osgi/Activator.java
==============================================================================
---
trunk/amdatu-auth/oauth-example/src/main/java/org/amdatu/example/oauth/osgi/Activator.java
(original)
+++
trunk/amdatu-auth/oauth-example/src/main/java/org/amdatu/example/oauth/osgi/Activator.java
Mon Jul 11 11:46:11 2011
@@ -15,25 +15,25 @@
*/
package org.amdatu.example.oauth.osgi;
-import java.util.Dictionary;
-import java.util.Hashtable;
-
-import org.amdatu.authentication.oauth.api.OAuthServiceConsumerRegistry;
-import org.amdatu.authentication.oauth.server.OAuthTokenProvider;
-import org.amdatu.example.oauth.service.DummyInterface;
-import org.amdatu.example.oauth.service.OAuthGadgetsRegistrationServiceImpl;
-import org.amdatu.example.oauth.service.OAuthProtectedResource;
-import org.amdatu.libraries.utilities.osgi.ServiceDependentActivator;
-import org.amdatu.opensocial.gadgetmanagement.GadgetManagement;
-import org.amdatu.web.dispatcher.DispatcherService;
-import org.amdatu.web.httpcontext.ResourceProvider;
-import org.amdatu.web.jsp.JspSupport;
-import org.amdatu.web.resource.ResourceSupport;
-import org.amdatu.web.rest.jaxrs.JaxRsSpi;
-import org.apache.felix.dm.DependencyManager;
-import org.osgi.framework.BundleContext;
-import org.osgi.service.http.HttpService;
-import org.osgi.service.log.LogService;
+import java.util.Dictionary;
+import java.util.Hashtable;
+
+import org.amdatu.authentication.oauth.api.OAuthServiceConsumerRegistry;
+import org.amdatu.authentication.oauth.server.OAuthTokenProvider;
+import org.amdatu.example.oauth.service.DummyInterface;
+import org.amdatu.example.oauth.service.OAuthGadgetsRegistrationServiceImpl;
+import org.amdatu.example.oauth.service.OAuthProtectedResource;
+import org.amdatu.libraries.utilities.osgi.ServiceDependentActivator;
+import org.amdatu.opensocial.gadgetmanagement.GadgetManagement;
+import org.amdatu.web.dispatcher.DispatcherService;
+import org.amdatu.web.httpcontext.ResourceProvider;
+import org.amdatu.web.jsp.JspSupport;
+import org.amdatu.web.resource.ResourceSupport;
+import org.amdatu.web.rest.jaxrs.JaxRsSpi;
+import org.apache.felix.dm.DependencyManager;
+import org.osgi.framework.BundleContext;
+import org.osgi.service.http.HttpService;
+import org.osgi.service.log.LogService;
/**
* This is the OSGi activator for this bundle.
@@ -72,9 +72,7 @@
manager.add(createComponent()
.setInterface(DummyInterface.class.getName(), null)
.setImplementation(OAuthProtectedResource.class)
-
.add(createServiceDependency().setService(LogService.class).setRequired(true))
-
.add(createServiceDependency().setService(OAuthTokenProvider.class).setRequired(true))
-
.add(createServiceDependency().setService(OAuthServiceConsumerRegistry.class).setRequired(true)));
+
.add(createServiceDependency().setService(OAuthTokenProvider.class).setRequired(true)));
}
@Override
Modified:
trunk/amdatu-auth/oauth-example/src/main/java/org/amdatu/example/oauth/service/OAuthGadgetsRegistrationServiceImpl.java
==============================================================================
---
trunk/amdatu-auth/oauth-example/src/main/java/org/amdatu/example/oauth/service/OAuthGadgetsRegistrationServiceImpl.java
(original)
+++
trunk/amdatu-auth/oauth-example/src/main/java/org/amdatu/example/oauth/service/OAuthGadgetsRegistrationServiceImpl.java
Mon Jul 11 11:46:11 2011
@@ -134,7 +134,7 @@
return CONSUMER_NAME;
}
- public Map<String, String> getProperties() {
+ public Map<String, Object> getProperties() {
return null;
}
}
Modified:
trunk/amdatu-auth/oauth-example/src/main/java/org/amdatu/example/oauth/service/OAuthProtectedResource.java
==============================================================================
---
trunk/amdatu-auth/oauth-example/src/main/java/org/amdatu/example/oauth/service/OAuthProtectedResource.java
(original)
+++
trunk/amdatu-auth/oauth-example/src/main/java/org/amdatu/example/oauth/service/OAuthProtectedResource.java
Mon Jul 11 11:46:11 2011
@@ -15,28 +15,25 @@
*/
package org.amdatu.example.oauth.service;
-import java.io.IOException;
-import java.net.URISyntaxException;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.CacheControl;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-
-import net.oauth.OAuthAccessor;
-import net.oauth.OAuthConsumer;
-import net.oauth.OAuthException;
-import net.oauth.OAuthMessage;
-import net.oauth.server.OAuthServlet;
-
-import org.amdatu.authentication.oauth.api.OAuthServiceConsumerRegistry;
-import org.amdatu.authentication.oauth.server.OAuthTokenProvider;
-import org.osgi.service.log.LogService;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.CacheControl;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
+import net.oauth.server.OAuthServlet;
+
+import org.amdatu.authentication.oauth.server.OAuthTokenProvider;
+import org.amdatu.authentication.tokenprovider.Token;
/**
* Full path to this resource becomes: /rest/resource
@@ -46,9 +43,7 @@
*/
@Path("resource")
public class OAuthProtectedResource implements DummyInterface {
- private volatile LogService m_logService;
private volatile OAuthTokenProvider m_tokenProvider;
- private volatile OAuthServiceConsumerRegistry m_consumerRegistry;
@GET
@Produces( { MediaType.TEXT_HTML })
@@ -59,14 +54,21 @@
try {
String response = "<p>oAuth validation successfull. OAuth
parameters received by service provider:<br/><br/>";
- response += "<table><tr><th align=\"left\">parameter</th><th
align=\"left\">value</th></tr>";
- OAuthAccessor accessor = validateOAuth(request);
- response += "<tr><td>request token</td><td>" +
accessor.requestToken + "</td></tr>";
- response += "<tr><td>token secret</td><td>" + accessor.tokenSecret
+ "</td></tr>";
- response += "<tr><td>access token</td><td>" + accessor.accessToken
+ "</td></tr>";
- response += "<tr><td>consumer key</td><td>" +
accessor.consumer.consumerKey + "</td></tr>";
- response += "<tr><td>consumer secret</td><td>" +
accessor.consumer.consumerSecret + "</td></tr>";
- response += "<tr><td>consumer callback url</td><td>" +
accessor.consumer.callbackURL + "</td></tr>";
+ response += "<table><tr><th align=\"left\">parameter</th><th
align=\"left\">value</th></tr>";
+ OAuthMessage requestMessage = OAuthServlet.getMessage(request,
null);
+ m_tokenProvider.validateOAuthMessage(requestMessage);
+ Token token = m_tokenProvider.getToken(requestMessage);
+ response += "<tr><td>token</td><td>" + token.getToken() +
"</td></tr>";
+ response += "<tr><td>token secret</td><td>" +
token.getTokenSecret() + "</td></tr>";
+ response += "<tr><td>token type id</td><td>" +
token.getProperty(OAuthTokenProvider.TOKEN_TYPE_PROPERTY) + "</td></tr>";
+ response += "<tr><td>token authorized</td><td>" +
token.getProperty(OAuthTokenProvider.TOKEN_AUTHORIZED_PROPERTY) + "</td></tr>";
+ response += "<tr><td>token timestamp</td><td>" +
token.getProperty(OAuthTokenProvider.LAST_USED_TIMESTAMP_PROPERTY) +
"</td></tr>";
+
+ response += "<tr><td>consumer key</td><td>" +
requestMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY) + "</td></tr>";
+ response += "<tr><td>callback url</td><td>" +
token.getProperty(OAuthTokenProvider.CALLBACK_URL_PROPERTY) + "</td></tr>";
+ response += "<tr><td>user id</td><td>" +
token.getProperty(OAuthTokenProvider.USERID_PROPERTY) + "</td></tr>";
+ response += "<tr><td>verifier</td><td>" +
token.getProperty(OAuthTokenProvider.VERIFIER_PROPERTY) + "</td></tr>";
+
response += "</table></p>";
return Response.ok(response,
MediaType.TEXT_HTML).cacheControl(cc).build();
}
@@ -79,28 +81,5 @@
// oAuth dance.
return
Response.status(HttpServletResponse.SC_UNAUTHORIZED).cacheControl(cc).build();
}
- catch (URISyntaxException e) {
- return Response.serverError().cacheControl(cc).build();
- }
- }
-
- private OAuthAccessor validateOAuth(HttpServletRequest request) throws
IOException, OAuthException,
- URISyntaxException {
- OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
-
- // In case of tow-legged or three-legged oAuth, the oAuth message
contains a request or access token
- // A Signed request however doesn't provide a token, we first verify
the type of oAuth request
- OAuthAccessor accessor;
- if (requestMessage.getToken() == null ||
"".equals(requestMessage.getToken())) {
- // This is a signed request
- OAuthConsumer consumer =
m_tokenProvider.getConsumer(requestMessage);
- accessor = new OAuthAccessor(consumer);
- }
- else {
- // This is 2-legged or 3-legged oAuth
- accessor = m_tokenProvider.getAccessor(requestMessage);
- }
- m_tokenProvider.getOAuthValidator().validateMessage(requestMessage,
accessor);
- return accessor;
}
}
Modified:
trunk/amdatu-auth/oauth-server/src/main/java/org/amdatu/authentication/oauth/server/OAuthTokenProvider.java
==============================================================================
---
trunk/amdatu-auth/oauth-server/src/main/java/org/amdatu/authentication/oauth/server/OAuthTokenProvider.java
(original)
+++
trunk/amdatu-auth/oauth-server/src/main/java/org/amdatu/authentication/oauth/server/OAuthTokenProvider.java
Mon Jul 11 11:46:11 2011
@@ -49,7 +49,7 @@
* Property key that stores the token type (access or request).
*/
String TOKEN_TYPE_PROPERTY = "oauth_token_type";
-
+
/**
* Property key that stores the timestamp of the latest time the token was
used.
*/
@@ -59,12 +59,12 @@
* Indicates the callback URL associated with this request token.
*/
String CALLBACK_URL_PROPERTY = "oauth_callback";
-
+
/**
* Indicates the oauth_verifier associated with this request token.
*/
String VERIFIER_PROPERTY = "oauth_verifier";
-
+
/**
* Indicates a request token.
*/
@@ -153,20 +153,24 @@
* The token to mark
* @param userId
* The userid on which behalf the token is authorized
+ * @param authorize
+ * Indicates if the token should be authorized or not
* @throws OAuthException
* In case any exception occurred
*/
- void markAsAuthorized(Token token, String userId) throws OAuthException;
-
+ void authorizeToken(Token token, String userId, boolean authorize) throws
OAuthException;
+
/**
- * Generates a new oath verifier, which is just a nonce. The nonce is
associated with the
+ * Generates a new oath verifier, which is just a nonce. The nonce is
associated with the
* request token and also returned as additional query parameter in the
callback URL. From the callback
- * URL the consumer receives the oauth_verifier and sends it along with
the exchange request for access
- * token request. The OAuth server receives the request token and verifier
and verifies that the
- * provided verifier matches the verifier stored with the request token.
This makes sure that the
+ * URL the consumer receives the oauth_verifier and sends it along with
the exchange request for access
+ * token request. The OAuth server receives the request token and verifier
and verifies that the
+ * provided verifier matches the verifier stored with the request token.
This makes sure that the
* user who authorized the request is the same as the one initiated the
OAuth dance (preventing session
* fixation attacks).
- * @param token The request token
+ *
+ * @param token
+ * The request token
* @return a newly generated verifier
* @throws OAuthException
*/
@@ -176,8 +180,11 @@
* Exchange the request token for an access token. This call is typically
invoked after a request token
* has been authorized, however this method does not validate that. The
token servlets are supposed to
* perform all token validations.
- * @param token The request token to exchange
- * @param verifier The oauth_verifier provided by the service provider
when the token was authorized
+ *
+ * @param token
+ * The request token to exchange
+ * @param verifier
+ * The oauth_verifier provided by the service provider when the
token was authorized
*
* @throws OAuthException
* In case the oAuth token stored in the accessor is invalid.
Modified:
trunk/amdatu-auth/oauth-server/src/main/java/org/amdatu/authentication/oauth/server/service/OAuthTokenProviderImpl.java
==============================================================================
---
trunk/amdatu-auth/oauth-server/src/main/java/org/amdatu/authentication/oauth/server/service/OAuthTokenProviderImpl.java
(original)
+++
trunk/amdatu-auth/oauth-server/src/main/java/org/amdatu/authentication/oauth/server/service/OAuthTokenProviderImpl.java
Mon Jul 11 11:46:11 2011
@@ -94,7 +94,7 @@
catch (ConsumerRegistryStorageException e) {
String msg =
"Could not load oauth_consumer with key '" +
requestMessage.getConsumerKey()
- + "' from the consumer registry";
+ + "' from the consumer registry";
throw OAuthServerUtil.createException(e, requestMessage, msg);
}
}
@@ -110,7 +110,7 @@
OAuthServiceConsumer serviceConsumer =
m_consumerRegistry.getConsumer(consumerKey);
if (serviceConsumer == null) {
String msg = "The oauth_consumer with key '" + consumerKey +
"' stored in the request token "
- + "does not exist in the consumer registry";
+ + "does not exist in the consumer registry";
throw
OAuthServerUtil.createException(OAuth.Problems.CONSUMER_KEY_UNKNOWN, msg);
}
return OAuthServerUtil.copy(serviceConsumer, m_serviceProvider);
@@ -131,7 +131,7 @@
// Check if the token is not expired in the meantime
if
(REQUEST_TOKEN_TYPE.equals(token.getProperty(TOKEN_TYPE_PROPERTY))
- && token.isExpired(m_config.getRequestTokenMaxAge())) {
+ &&
token.isExpired(m_config.getRequestTokenMaxAge())) {
m_tokenStore.removeToken(token);
String msg = "The request token is expired (maximum age is " +
m_config.getRequestTokenMaxAge() + " ms)";
throw
OAuthServerUtil.createException(OAuth.Problems.TOKEN_EXPIRED, msg);
@@ -148,6 +148,9 @@
long lastUsed =
Long.parseLong(token.getProperty(OAuthTokenProvider.LAST_USED_TIMESTAMP_PROPERTY));
if (lastUsed < (System.currentTimeMillis() -
m_config.getAccessTokenTimeout())) {
expired = true;
+ } else {
+ // Update the last used timestamp
+
token.setProperty(OAuthTokenProvider.LAST_USED_TIMESTAMP_PROPERTY, new
Long(System.currentTimeMillis()).toString());
}
}
if (expired) {
@@ -207,9 +210,15 @@
return token;
}
- public synchronized void markAsAuthorized(final Token token, final String
userId) throws OAuthException {
- token.setProperty(OAuthTokenProvider.TOKEN_AUTHORIZED_PROPERTY,
"true");
- token.setProperty(OAuthTokenProvider.USERID_PROPERTY, userId);
+ public synchronized void authorizeToken(final Token token, final String
userId, boolean authorize) throws OAuthException {
+ if (authorize) {
+ // Mark the token as authorized
+ token.setProperty(OAuthTokenProvider.TOKEN_AUTHORIZED_PROPERTY,
"true");
+ token.setProperty(OAuthTokenProvider.USERID_PROPERTY, userId);
+ } else {
+ // Invalidate the token by removing it from the store
+ m_tokenStore.removeToken(token);
+ }
}
public String generateVerifier(Token token) throws OAuthException {
Modified:
trunk/amdatu-auth/oauth-server/src/main/java/org/amdatu/authentication/oauth/server/servlet/OAuthAuthorizeTokenServletImpl.java
==============================================================================
---
trunk/amdatu-auth/oauth-server/src/main/java/org/amdatu/authentication/oauth/server/servlet/OAuthAuthorizeTokenServletImpl.java
(original)
+++
trunk/amdatu-auth/oauth-server/src/main/java/org/amdatu/authentication/oauth/server/servlet/OAuthAuthorizeTokenServletImpl.java
Mon Jul 11 11:46:11 2011
@@ -63,9 +63,9 @@
// Create a service dependency on the token provider for 'our' tenant
String tenantFilter =
"(&(" + Tenant.TENANT_ID_SERVICEPROPERTY + "=" + m_tenantId + ")("
+ Constants.OBJECTCLASS
- + "=" + TokenProvider.class.getName() + "))";
+ + "=" + TokenProvider.class.getName() + "))";
component.add(m_dependencyManager.createServiceDependency()
- .setService(TokenProvider.class,
tenantFilter).setRequired(true).setInstanceBound(true));
+ .setService(TokenProvider.class,
tenantFilter).setRequired(true).setInstanceBound(true));
}
public void start() {
@@ -74,12 +74,14 @@
@Override
public void doGet(final HttpServletRequest request, final
HttpServletResponse response) throws IOException,
- ServletException {
+ ServletException {
try {
OAuthMessage requestMessage = OAuthServlet.getMessage(request,
null);
- OAuthConsumer consumer =
m_oAuthTokenProvider.getConsumer(requestMessage);
Token token = m_oAuthTokenProvider.getToken(requestMessage);
-
+ if (token == null) {
+ String msg = "No request token found in the OAuth request";
+ throw
OAuthServerUtil.createException(OAuth.Problems.PARAMETER_REJECTED, msg);
+ }
if
("true".equalsIgnoreCase(token.getProperty(OAuthTokenProvider.TOKEN_AUTHORIZED_PROPERTY)))
{
// already authorized send the user back
m_logService.log(LogService.LOG_DEBUG, "Token authorized,
redirecting user to callback url");
@@ -87,7 +89,8 @@
}
else {
m_logService.log(LogService.LOG_DEBUG,
- "Authorize token request received, redirecting user to
authorization page");
+ "Authorize token request received, redirecting user to
authorization page");
+ OAuthConsumer consumer =
m_oAuthTokenProvider.getConsumer(token);
sendToAuthorizePage(request, response, token, consumer);
}
}
@@ -98,23 +101,32 @@
@Override
public void doPost(final HttpServletRequest request, final
HttpServletResponse response) throws IOException,
- ServletException {
+ ServletException {
try {
OAuthMessage requestMessage = OAuthServlet.getMessage(request,
null);
- String userId = getUserId(request);
- if (userId == null) {
- // If there is no user id available now, we throw a permission
denied as it won't happen
- // in a normal situation! Maybe it's a hack attempt.
- String msg = "No userid send along with the authorize request";
- throw
OAuthServerUtil.createException(OAuth.Problems.PERMISSION_DENIED, msg);
- }
// Retrieve the request token and consumer
Token token = m_oAuthTokenProvider.getToken(requestMessage);
- // Now set the userId as property of the request token and mark it
as authorized
- m_oAuthTokenProvider.markAsAuthorized(token, userId);
- returnToConsumer(response, token);
+ // Verify if the user granted or denied access
+ boolean authorize =
"true".equals(request.getParameter("authorize"));
+ if (!authorize) {
+ // User denies access, remove the request token immediately
+ m_oAuthTokenProvider.authorizeToken(token, null, false);
+ response.setStatus(HttpServletResponse.SC_OK);
+ } else {
+ String userId = getUserId(request);
+ if (userId == null) {
+ // If there is no user id available now, we throw a
permission denied as it won't happen
+ // in a normal situation! Maybe it's a hack attempt.
+ String msg = "No userid send along with the authorize
request";
+ throw
OAuthServerUtil.createException(OAuth.Problems.PERMISSION_DENIED, msg);
+ }
+
+ // Now set the userId as property of the request token and
mark it as authorized
+ m_oAuthTokenProvider.authorizeToken(token, userId, true);
+ returnToConsumer(response, token);
+ }
}
catch (Exception e) {
OAuthServerUtil.handleException(e, request, response, true);
@@ -123,7 +135,7 @@
private void sendToAuthorizePage(final HttpServletRequest request, final
HttpServletResponse response,
final Token token, final OAuthConsumer consumer)
- throws IOException, ServletException {
+ throws IOException, ServletException {
String callback = request.getParameter(OAuth.OAUTH_CALLBACK);
if (callback == null || callback.length() <= 0) {
callback = "none";
@@ -134,7 +146,7 @@
request.setAttribute("TOKEN", token.getToken());
m_logService.log(LogService.LOG_DEBUG,
"Forwarding authorize token request to " +
m_serviceProvider.getAuthorizeTokenURL()
- + ", token=" + token.getToken() + ", callback=" + callback);
+ + ", token=" + token.getToken() + ", callback=" + callback);
// Dispatch the request to the authorize JSP
// The authorize URL
@@ -143,7 +155,7 @@
}
private void returnToConsumer(final HttpServletResponse response, final
Token token) throws IOException,
- OAuthException {
+ OAuthException {
// Send the user back to site's callBackUrl
String callback =
token.getProperty(OAuthTokenProvider.CALLBACK_URL_PROPERTY);
Modified: trunk/amdatu-auth/oauth-server/src/main/resources/jsp/authorize.jsp
==============================================================================
--- trunk/amdatu-auth/oauth-server/src/main/resources/jsp/authorize.jsp
(original)
+++ trunk/amdatu-auth/oauth-server/src/main/resources/jsp/authorize.jsp Mon Jul
11 11:46:11 2011
@@ -56,9 +56,9 @@
<div id="welcome_username"></div><br/>
Do you want to allow access to <%=appDesc%>?<br/><br/>
- <form name="authorizeForm"
action="${contextPath}/oauth-server/authorizetoken" method="POST">
+ <form id="authorizeForm" name="authorizeForm"
action="${contextPath}/oauth-server/authorizetoken" method="POST">
<input type="hidden" name="oauth_token" value="<%= token %>"/>
- <input type="hidden" name="oauth_callback" value="<%= callback %>"/>
+ <input type="hidden" id="authorize" name="authorize" value="true"/>
<input type="button" id="deny" onclick="javascript:denyAccess()"
value="Deny access"/>
<input type="submit" name="Authorize" value="Grant access"/>
</form>
@@ -162,8 +162,25 @@
);
}
+ function postAccessDenied() {
+ var postdata = {
+ oauth_token : "<%= token %>",
+ authorize : false
+ };
+
+ var url = "${contextPath}/oauth-server/authorizetoken";
+ jQuery.ajax({
+ url: url,
+ type: "POST",
+ data: postdata,
+ dataType: "json",
+ async:true
+ }
+ );
+ }
+
function denyAccess() {
- logout();
+ postAccessDenied();
showAccessDenied();
}
Modified:
trunk/amdatu-auth/test-integration/tests/src/test/java/org/amdatu/auth/test/integration/tests/AuthTest.java
==============================================================================
---
trunk/amdatu-auth/test-integration/tests/src/test/java/org/amdatu/auth/test/integration/tests/AuthTest.java
(original)
+++
trunk/amdatu-auth/test-integration/tests/src/test/java/org/amdatu/auth/test/integration/tests/AuthTest.java
Mon Jul 11 11:46:11 2011
@@ -251,7 +251,7 @@
AuthUtils.waitForURL(m_oAuthServiceProvider.getRequestTokenURL(),
HttpStatus.SC_UNAUTHORIZED);
m_logService.log(LogService.LOG_DEBUG, "Waiting for '" +
m_oAuthServiceProvider.getAuthorizeTokenURL()
+ "' to come available...");
- AuthUtils.waitForURL(m_oAuthServiceProvider.getAuthorizeTokenURL(),
HttpStatus.SC_UNAUTHORIZED);
+ AuthUtils.waitForURL(m_oAuthServiceProvider.getAuthorizeTokenURL(),
HttpStatus.SC_BAD_REQUEST);
m_logService.log(LogService.LOG_DEBUG, "Waiting for '" +
m_oAuthServiceProvider.getAccessTokenURL()
+ "' to come available...");
AuthUtils.waitForURL(m_oAuthServiceProvider.getAccessTokenURL(),
HttpStatus.SC_UNAUTHORIZED);
Modified:
trunk/amdatu-auth/test-integration/tests/src/test/java/org/amdatu/auth/test/integration/tests/util/OAuthResourceOwnerClient.java
==============================================================================
---
trunk/amdatu-auth/test-integration/tests/src/test/java/org/amdatu/auth/test/integration/tests/util/OAuthResourceOwnerClient.java
(original)
+++
trunk/amdatu-auth/test-integration/tests/src/test/java/org/amdatu/auth/test/integration/tests/util/OAuthResourceOwnerClient.java
Mon Jul 11 11:46:11 2011
@@ -108,15 +108,11 @@
String token =
sResponseBody.substring(sResponseBody.indexOf(tokenStart) +
tokenStart.length());
token = token.substring(0, token.indexOf("\""));
- String callbackStart = "<input type=\"hidden\" name=\"oauth_callback\"
value=\"";
- String callback =
sResponseBody.substring(sResponseBody.indexOf(callbackStart) +
callbackStart.length());
- callback = callback.substring(0, callback.indexOf("\""));
-
// Now build the post request
HttpClient httpClient = new HttpClient();
NameValuePair[] data = {
new NameValuePair("oauth_token", token),
- new NameValuePair("oauth_callback", callback)
+ new NameValuePair("authorize", "true")
};
PostMethod postMethod = null;
try {
_______________________________________________
Amdatu-commits mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-commits
