svn commit: r1041902 - in /shindig/trunk: features/src/main/javascript/features/opensocial-jsonrpc/ features/src/main/javascript/features/osapi/ java/common/src/main/java/org/apache/shindig/auth/ java/common/src/test/java/org/apache/shindig/auth/

lindner Fri, 03 Dec 2010 08:37:48 -0800

Author: lindner
Date: Fri Dec  3 16:36:13 2010
New Revision: 1041902

URL: http://svn.apache.org/viewvc?rev=1041902&view=rev
Log:
OAuth v2 Draft 11 and OAuth Bearer Token Draft 1 modifications


Modified:
    
shindig/trunk/features/src/main/javascript/features/opensocial-jsonrpc/jsonrpccontainer.js
    
shindig/trunk/features/src/main/javascript/features/osapi/jsonrpctransport.js
    
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
    
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/UrlParameterAuthenticationHandlerTest.java

Modified: 
shindig/trunk/features/src/main/javascript/features/opensocial-jsonrpc/jsonrpccontainer.js
URL: 
http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/opensocial-jsonrpc/jsonrpccontainer.js?rev=1041902&r1=1041901&r2=1041902&view=diff
==============================================================================
--- 
shindig/trunk/features/src/main/javascript/features/opensocial-jsonrpc/jsonrpccontainer.js
 (original)
+++ 
shindig/trunk/features/src/main/javascript/features/opensocial-jsonrpc/jsonrpccontainer.js
 Fri Dec  3 16:36:13 2010
@@ -221,7 +221,7 @@ var JsonRpcRequestItem = function(rpc, o
 
     var token = shindig.auth.getSecurityToken();
     if (token) {
-      headers['Authorization'] = 'OAuth ' + token;
+      headers['Authorization'] = 'OAuth2 ' + token;
     }
 
     this.sendRequest(this.path_, sendResponse, makeRequestParams, headers);
@@ -459,7 +459,7 @@ var JsonRpcRequestItem = function(rpc, o
     var headers = {'Content-Type': 'application/json'};
     var token = shindig.auth.getSecurityToken();
     if (token) {
-      headers['Authorization'] = 'OAuth ' + token;
+      headers['Authorization'] = 'OAuth2 ' + token;
     }
 
     this.sendRequest(this.invalidatePath_, null, makeRequestParams, headers);

Modified: 
shindig/trunk/features/src/main/javascript/features/osapi/jsonrpctransport.js
URL: 
http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/osapi/jsonrpctransport.js?rev=1041902&r1=1041901&r2=1041902&view=diff
==============================================================================
--- 
shindig/trunk/features/src/main/javascript/features/osapi/jsonrpctransport.js 
(original)
+++ 
shindig/trunk/features/src/main/javascript/features/osapi/jsonrpctransport.js 
Fri Dec  3 16:36:13 2010
@@ -63,7 +63,7 @@
     var url = this.name;
     var token = shindig.auth.getSecurityToken();
     if (token) {
-      headers['Authorization'] = 'OAuth ' + token;
+      headers['Authorization'] = 'OAuth2 ' + token;
     }
     gadgets.io.makeNonProxiedRequest(url, processResponse, request, headers);
   }

Modified: 
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
URL: 
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java?rev=1041902&r1=1041901&r2=1041902&view=diff
==============================================================================
--- 
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
 (original)
+++ 
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/UrlParameterAuthenticationHandler.java
 Fri Dec  3 16:36:13 2010
@@ -72,7 +72,7 @@ public class UrlParameterAuthenticationH
     return this.securityTokenCodec;
   }
 
-  private static final Pattern AUTHORIZATION_REGEX = 
Pattern.compile("\\s*OAuth\\s+(\\S*)\\s*.*");
+  private static final Pattern AUTHORIZATION_REGEX = 
Pattern.compile("\\s*OAuth2\\s+(\\S*)\\s*.*");
 
   protected Map<String, String> getMappedParameters(final HttpServletRequest 
request) {
     Map<String, String> params = Maps.newHashMap();
@@ -83,17 +83,18 @@ public class UrlParameterAuthenticationH
 
     // OAuth2 token as a param
     // NOTE: if oauth_signature_method is present then we have a OAuth 1.0 
request
-    // See OAuth 2.0 Draft 10 -- 5.1.2  URI Query Parameter
+    // See OAuth 2.0 Bearer Tokens Draft 01 -- 2.3  URI Query Parameter
+    // http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-01
     if (token == null && isSecure && 
request.getParameter(OAuth.OAUTH_SIGNATURE_METHOD) == null) {
       token = request.getParameter(OAuth.OAUTH_TOKEN);
     }
 
     // token in authorization header
-    // See OAuth 2.0 Draft 10 -- 5.1.1 The Authorization Request Header Field
+    // See OAuth 2.0 Bearer Tokens Draft 01 -- 2.1 The Authorization Request 
Header Field
    if (token == null && isSecure) {
       for (Enumeration<String> headers = request.getHeaders("Authorization"); 
headers != null && headers.hasMoreElements();) {
         String authorization = headers.nextElement();
-        if (authorization != null && 
!authorization.contains("oauth_signature_method=")) {
+        if (authorization != null) {
           Matcher m = AUTHORIZATION_REGEX.matcher(authorization);
           if (m.matches()) {
             token = m.group(1);

Modified: 
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/UrlParameterAuthenticationHandlerTest.java
URL: 
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/UrlParameterAuthenticationHandlerTest.java?rev=1041902&r1=1041901&r2=1041902&view=diff
==============================================================================
--- 
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/UrlParameterAuthenticationHandlerTest.java
 (original)
+++ 
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/UrlParameterAuthenticationHandlerTest.java
 Fri Dec  3 16:36:13 2010
@@ -54,6 +54,9 @@ public class UrlParameterAuthenticationH
     // Old behavior, no longer supported
     req = new FakeHttpServletRequest().setHeader("Authorization", "Token 
token=\"1234\"");
     Assert.assertNull(authHandler.getSecurityTokenFromRequest(req));
+
+    req = new FakeHttpServletRequest().setHeader("Authorization", "OAuth 
1234");
+    Assert.assertNull(authHandler.getSecurityTokenFromRequest(req));
   }
 
   @Test
@@ -75,19 +78,19 @@ public class UrlParameterAuthenticationH
   @Test
   public void testOAuth2Header() throws Exception {
     req = new FakeHttpServletRequest("https://www.example.org/";)
-        .setHeader("Authorization", "OAuth  1234");
+        .setHeader("Authorization", "OAuth2  1234");
     Assert.assertEquals(expectedToken, 
authHandler.getSecurityTokenFromRequest(req));
 
     req = new FakeHttpServletRequest("https://www.example.org/";)
-        .setHeader("Authorization", "   OAuth    1234 ");
+        .setHeader("Authorization", "   OAuth2    1234 ");
     Assert.assertEquals(expectedToken, 
authHandler.getSecurityTokenFromRequest(req));
 
     req = new FakeHttpServletRequest("https://www.example.org/";)
-        .setHeader("Authorization", "OAuth 1234 x=1,y=\"2 2 2\"");
+        .setHeader("Authorization", "OAuth2 1234 x=1,y=\"2 2 2\"");
     Assert.assertEquals(expectedToken, 
authHandler.getSecurityTokenFromRequest(req));
 
     req = new FakeHttpServletRequest("http://www.example.org/";)
-        .setHeader("Authorization", "OAuth 1234");
+        .setHeader("Authorization", "OAuth2 1234");
     Assert.assertNull(authHandler.getSecurityTokenFromRequest(req));
   }

svn commit: r1041902 - in /shindig/trunk: features/src/main/javascript/features/opensocial-jsonrpc/ features/src/main/javascript/features/osapi/ java/common/src/main/java/org/apache/shindig/auth/ java/common/src/test/java/org/apache/shindig/auth/

Reply via email to