public static void verifyBodyHash(HttpServletRequest request, String oauthBodyHash) throws InvalidAuthenticationException { // we are doing body hash signing which is not permitted for form-encoded data if (request.getContentType() != null && request.getContentType().contains(OAuth.FORM_ENCODED)) { throw new AuthenticationHandler.InvalidAuthenticationException( "Cannot use oauth_body_hash with a Content-Type of application/x-www-form-urlencoded", null); } else { try { byte[] rawBody = readBody(request); byte[] received = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(oauthBodyHash)); byte[] expected = GenericDigestUtils.digest(rawBody); if (!Arrays.equals(received, expected)) { throw new AuthenticationHandler.InvalidAuthenticationException( "oauth_body_hash failed verification", null); } } catch (IOException ioe) { throw new AuthenticationHandler.InvalidAuthenticationException( "Unable to read content body for oauth_body_hash verification", null); } } }
/** * Override this to perform extra error processing. Headers will have already been set on the * response. * * @param req * the current http request for this filter * @param resp * the current http response for this filter * @param iae * the exception that caused the error path * @throws IOException */ protected void onError(HttpServletRequest req, HttpServletResponse resp, AuthenticationHandler.InvalidAuthenticationException iae) throws IOException { Throwable cause = iae.getCause(); // For now append the cause message if set, this allows us to send any underlying oauth errors String message = (cause == null) ? iae.getMessage() : iae.getMessage() + cause.getMessage(); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, message); }
/** * Override this to perform extra processing on redirect. Headers will have already been set on * the response. * * @param req * the current http request for this filter * @param resp * the current http response for this filter * @param iae * the exception that caused the redirect path * @throws IOException */ protected void onRedirect(HttpServletRequest req, HttpServletResponse resp, AuthenticationHandler.InvalidAuthenticationException iae) throws IOException { resp.sendRedirect(iae.getRedirect()); }
Throwable cause = iae.getCause(); if (iae.getAdditionalHeaders() != null) { for (Map.Entry<String,String> entry : iae.getAdditionalHeaders().entrySet()) { resp.addHeader(entry.getKey(), entry.getValue()); if (iae.getRedirect() != null) { onRedirect(req, resp, iae); } else {
Throwable cause = iae.getCause(); if (iae.getAdditionalHeaders() != null) { for (Map.Entry<String,String> entry : iae.getAdditionalHeaders().entrySet()) { resp.addHeader(entry.getKey(), entry.getValue()); if (iae.getRedirect() != null) { onRedirect(req, resp, iae); } else {
Throwable cause = iae.getCause(); if (iae.getAdditionalHeaders() != null) { for (Map.Entry<String,String> entry : iae.getAdditionalHeaders().entrySet()) { resp.addHeader(entry.getKey(), entry.getValue()); if (iae.getRedirect() != null) { onRedirect(req, resp, iae); } else {
Throwable cause = iae.getCause(); LOG.log(Level.INFO, iae.getMessage(), cause); if (iae.getAdditionalHeaders() != null) { for (Map.Entry<String,String> entry : iae.getAdditionalHeaders().entrySet()) { resp.addHeader(entry.getKey(), entry.getValue()); if (iae.getRedirect() != null) { resp.sendRedirect(iae.getRedirect()); } else { String message = (cause==null) ? iae.getMessage() : iae.getMessage() + cause.getMessage();
Throwable cause = iae.getCause(); LOG.log(Level.INFO, iae.getMessage(), cause); if (iae.getAdditionalHeaders() != null) { for (Map.Entry<String,String> entry : iae.getAdditionalHeaders().entrySet()) { resp.addHeader(entry.getKey(), entry.getValue()); if (iae.getRedirect() != null) { resp.sendRedirect(iae.getRedirect()); } else { String message = (cause==null) ? iae.getMessage() : iae.getMessage() + cause.getMessage();
/** * Only denies authentication when an invalid bearer token is received. * Unauthenticated requests can pass through to other AuthenticationHandlers. */ public SecurityToken getSecurityTokenFromRequest(HttpServletRequest request) throws InvalidAuthenticationException { OAuth2NormalizedRequest normalizedReq; try { normalizedReq = new OAuth2NormalizedRequest(request); } catch (OAuth2Exception oae) { // request failed to normalize LOG.logp(Level.WARNING, classname, "getSecurityTokenFromRequest", MessageKeys.INVALID_OAUTH); return null; } try { if (normalizedReq.getAccessToken() != null) { store.validateRequestForResource(normalizedReq, null); return createSecurityTokenForValidatedRequest(normalizedReq); } } catch (OAuth2Exception oae) { // TODO (Eric): process OAuth2Exception properly throw new InvalidAuthenticationException("Something went wrong: ", oae); } return null; }
/** * Only denies authentication when an invalid bearer token is received. * Unauthenticated requests can pass through to other AuthenticationHandlers. */ public SecurityToken getSecurityTokenFromRequest(HttpServletRequest request) throws InvalidAuthenticationException { OAuth2NormalizedRequest normalizedReq; try { normalizedReq = new OAuth2NormalizedRequest(request); } catch (OAuth2Exception oae) { // request failed to normalize LOG.logp(Level.WARNING, classname, "getSecurityTokenFromRequest", MessageKeys.INVALID_OAUTH); return null; } try { if (normalizedReq.getAccessToken() != null) { store.validateRequestForResource(normalizedReq, null); return createSecurityTokenForValidatedRequest(normalizedReq); } } catch (OAuth2Exception oae) { // TODO (Eric): process OAuth2Exception properly throw new InvalidAuthenticationException("Something went wrong: ", oae); } return null; }
public static void verifyBodyHash(HttpServletRequest request, String oauthBodyHash) throws InvalidAuthenticationException { // we are doing body hash signing which is not permitted for form-encoded data if (request.getContentType() != null && request.getContentType().contains(OAuth.FORM_ENCODED)) { throw new AuthenticationHandler.InvalidAuthenticationException( "Cannot use oauth_body_hash with a Content-Type of application/x-www-form-urlencoded", null); } else { try { byte[] rawBody = readBody(request); byte[] received = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(oauthBodyHash)); byte[] expected = GenericDigestUtils.digest(rawBody); if (!Arrays.equals(received, expected)) { throw new AuthenticationHandler.InvalidAuthenticationException( "oauth_body_hash failed verification", null); } } catch (IOException ioe) { throw new AuthenticationHandler.InvalidAuthenticationException( "Unable to read content body for oauth_body_hash verification", null); } } }
public static void verifyBodyHash(HttpServletRequest request, String oauthBodyHash) throws InvalidAuthenticationException { // we are doing body hash signing which is not permitted for form-encoded data if (request.getContentType() != null && request.getContentType().contains(OAuth.FORM_ENCODED)) { throw new AuthenticationHandler.InvalidAuthenticationException( "Cannot use oauth_body_hash with a Content-Type of application/x-www-form-urlencoded", null); } else { try { byte[] rawBody = readBody(request); byte[] received = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(oauthBodyHash)); byte[] expected = DigestUtils.sha(rawBody); if (!Arrays.equals(received, expected)) { throw new AuthenticationHandler.InvalidAuthenticationException( "oauth_body_hash failed verification", null); } } catch (IOException ioe) { throw new AuthenticationHandler.InvalidAuthenticationException( "Unable to read content body for oauth_body_hash verification", null); } } }
/** * Override this to perform extra error processing. Headers will have already been set on the * response. * * @param req * the current http request for this filter * @param resp * the current http response for this filter * @param iae * the exception that caused the error path * @throws IOException */ protected void onError(HttpServletRequest req, HttpServletResponse resp, AuthenticationHandler.InvalidAuthenticationException iae) throws IOException { Throwable cause = iae.getCause(); // For now append the cause message if set, this allows us to send any underlying oauth errors String message = (cause == null) ? iae.getMessage() : iae.getMessage() + cause.getMessage(); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, message); }
/** * Override this to perform extra error processing. Headers will have already been set on the * response. * * @param req * the current http request for this filter * @param resp * the current http response for this filter * @param iae * the exception that caused the error path * @throws IOException */ protected void onError(HttpServletRequest req, HttpServletResponse resp, AuthenticationHandler.InvalidAuthenticationException iae) throws IOException { Throwable cause = iae.getCause(); // For now append the cause message if set, this allows us to send any underlying oauth errors String message = (cause == null) ? iae.getMessage() : iae.getMessage() + cause.getMessage(); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, message); }
public SecurityToken getSecurityTokenFromRequest(HttpServletRequest request) throws InvalidAuthenticationException { OAuthMessage message = OAuthServlet.getMessage(request, null); if (Strings.isNullOrEmpty(getParameter(message, OAuth.OAUTH_SIGNATURE))) { // Is not an oauth request return null; } String bodyHash = getParameter(message, OAuthConstants.OAUTH_BODY_HASH); if (!Strings.isNullOrEmpty(bodyHash)) { verifyBodyHash(request, bodyHash); } try { return verifyMessage(message); } catch (OAuthProblemException oauthException) { throw new InvalidAuthenticationException("OAuth Authentication Failure", oauthException); } }
public SecurityToken getSecurityTokenFromRequest(HttpServletRequest request) throws InvalidAuthenticationException { OAuthMessage message = OAuthServlet.getMessage(request, null); if (Strings.isNullOrEmpty(getParameter(message, OAuth.OAUTH_SIGNATURE))) { // Is not an oauth request return null; } String bodyHash = getParameter(message, OAuthConstants.OAUTH_BODY_HASH); if (!Strings.isNullOrEmpty(bodyHash)) { verifyBodyHash(request, bodyHash); } try { return verifyMessage(message); } catch (OAuthProblemException oauthException) { throw new InvalidAuthenticationException("OAuth Authentication Failure", oauthException); } }
/** * Override this to perform extra processing on redirect. Headers will have already been set on * the response. * * @param req * the current http request for this filter * @param resp * the current http response for this filter * @param iae * the exception that caused the redirect path * @throws IOException */ protected void onRedirect(HttpServletRequest req, HttpServletResponse resp, AuthenticationHandler.InvalidAuthenticationException iae) throws IOException { resp.sendRedirect(iae.getRedirect()); }
public SecurityToken getSecurityTokenFromRequest(HttpServletRequest request) throws InvalidAuthenticationException { OAuthMessage message = OAuthServlet.getMessage(request, null); if (StringUtils.isEmpty(getParameter(message, OAuth.OAUTH_SIGNATURE))) { // Is not an oauth request return null; } String bodyHash = getParameter(message, OAuthConstants.OAUTH_BODY_HASH); if (!StringUtils.isEmpty(bodyHash)) { verifyBodyHash(request, bodyHash); } try { return verifyMessage(message); } catch (OAuthProblemException oauthException) { throw new InvalidAuthenticationException("OAuth Authentication Failure", oauthException); } }
/** * Override this to perform extra processing on redirect. Headers will have already been set on * the response. * * @param req * the current http request for this filter * @param resp * the current http response for this filter * @param iae * the exception that caused the redirect path * @throws IOException */ protected void onRedirect(HttpServletRequest req, HttpServletResponse resp, AuthenticationHandler.InvalidAuthenticationException iae) throws IOException { resp.sendRedirect(iae.getRedirect()); }
public SecurityToken getSecurityTokenFromRequest(HttpServletRequest request) throws InvalidAuthenticationException { Map<String, String> parameters = getMappedParameters(request); try { if (parameters.get(SecurityTokenCodec.SECURITY_TOKEN_NAME) == null) { return null; } return securityTokenCodec.createToken(parameters); } catch (SecurityTokenException e) { throw new InvalidAuthenticationException("Malformed security token " + parameters.get(SecurityTokenCodec.SECURITY_TOKEN_NAME), e); } }