Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
   *
   * Copyright (c) 2010-2011 Oracle and/or its affiliates. All rights reserved.
   *
   * The contents of this file are subject to the terms of either the GNU
   * General Public License Version 2 only ("GPL") or the Common Development
   * and Distribution License("CDDL") (collectively, the "License").  You
   * may not use this file except in compliance with the License.  You can
  * obtain a copy of the License at
  * http://glassfish.java.net/public/CDDL+GPL_1_1.html
  * or packager/legal/LICENSE.txt.  See the License for the specific
  * language governing permissions and limitations under the License.
  *
  * When distributing the software, include this License Header Notice in each
  * file and include the License file at packager/legal/LICENSE.txt.
  *
  * GPL Classpath Exception:
  * Oracle designates this particular file as subject to the "Classpath"
  * exception as provided by Oracle in the GPL Version 2 section of the License
  * file that accompanied this code.
  *
  * Modifications:
  * If applicable, add the following below the License Header, with the fields
  * enclosed by brackets [] replaced by your own identifying information:
  * "Portions Copyright [year] [name of copyright owner]"
  *
  * Contributor(s):
  * If you wish your version of this file to be governed by only the CDDL or
  * only the GPL Version 2, indicate your decision by adding "[Contributor]
  * elects to include this software in this distribution under the [CDDL or GPL
  * Version 2] license."  If you don't indicate a single choice of license, a
  * recipient has the option to distribute your version of this file under
  * either the CDDL, the GPL Version 2 or to extend the choice of license to
  * its licensees as provided above.  However, if you add GPL Version 2 code
  * and therefore, elected the GPL Version 2 license, then the option applies
  * only if the new code is made subject to such option by the copyright
  * holder.
  */
 
 package com.sun.jersey.oauth.client;
 
 import  javax.ws.rs.ext.Providers;
 import  com.sun.jersey.api.client.Client;
 import  com.sun.jersey.api.client.ClientHandlerException;
 import  com.sun.jersey.api.client.ClientRequest;
 import  com.sun.jersey.api.client.ClientResponse;
 import  com.sun.jersey.api.client.UniformInterfaceException;
 import  com.sun.jersey.api.client.filter.ClientFilter;
 import  com.sun.jersey.api.representation.Form;
 import  com.sun.jersey.oauth.signature.OAuthParameters;
 import  com.sun.jersey.oauth.signature.OAuthSecrets;
 import  com.sun.jersey.oauth.signature.OAuthSignature;
 import  com.sun.jersey.oauth.signature.OAuthSignatureException;
 import java.net.URI;
 import  javax.ws.rs.HttpMethod;
 import  javax.ws.rs.core.UriBuilder;

Client filter adding OAuth authorization header to the HTTP request, if no authorization header is already present. If the URI's for requesting request and access tokens and authorization are provided, as well as the AuthHandler implementation, the filter also takes care of handling the OAuth authorization flow.

Note: This filter signs the request based on its request parameters. For this reason, you should invoke this filter after any others that modify any request parameters.

Example 1:

 // baseline OAuth parameters for access to resource
 OAuthParameters params = new OAuthParameters().signatureMethod("HMAC-SHA1").
  consumerKey("key").setToken("accesskey");

 // OAuth secrets to access resource
 OAuthSecrets secrets = new OAuthSecrets().consumerSecret("secret").setTokenSecret("accesssecret");

 // if parameters and secrets remain static, filter can be added to each web resource
 OAuthClientFilter filter = new OAuthClientFilter(client.getProviders(), params, secrets);

 // OAuth test server
 WebResource resource = client.resource("http://term.ie/oauth/example/request_token.php");

 resource.addFilter(filter);

 String response = resource.get(String.class);
 

Example 2 (handling authorization flow):

 OAuthClientFilter filter = new OAuthClientFilter(
     client.getProviders(),
     new OAuthParameters().consumerKey("key"),
     new OAuthSecrets().consumerSecret("secret"),
     "http://request.token.uri",
     "http://access.token.uri",
     "http://authorization.uri",
     new OAuthClientFilter.AuthHandler() {
         

Author(s):
Paul C. Bryan <pbryan@sun.com>
Martin Matula <martin.matula@oracle.com>
Override:
public void authorized(String token, String tokenSecret) { // store the access token for future use storeAccessToken(token, tokenSecret); }
Override:
public String authorize(URI authorizationUri) { try { // ask user to authorize the app and enter the verification code // generated by the server String verificationCode = askUserToGoToAuthUriAuthorizeAndEnterVerifier(authorizationUri); return verificationCode; } catch (IOException ex) { throw new RuntimeException(ex); } } } ); // add the filter to the client client.addFilter(filter); // make calls to the protected resources (authorization is handled // by the filter (and the passed AuthHandler) as needed, transparently WebResource resource = client.resource("http://my.service.uri/items"); String response = resource.get(String.class);
public final class OAuthClientFilter extends ClientFilter {

    
The registered providers, which contains entity message body readers and writers.
    private final Providers providers;

    
The OAuth parameters to be used in generating signature.
    private final OAuthParameters parameters;

    
The OAuth secrets to be used in generating signature.
    private final OAuthSecrets secrets;
    private final URI requestTokenUri;
    private final URI accessTokenUri;
    private final URI authorizationUri;
    private final AuthHandler handler;
    private enum State {
        UNMANAGED, MANAGED, REQUEST_TOKEN;
    }
    private State state;

    
Constructs a new OAuth client filter with the specified providers.

Parameters:
providers the registered providers from Client.getProviders() method.
parameters the OAuth parameters to be used in signing requests.
secrets the OAuth secrets to be used in signing requests.
    public OAuthClientFilter(final Providers providers,
    final OAuthParameters parametersfinal OAuthSecrets secrets) {
        this(providersparameterssecretsnullnullnullnull);
    }

    
Constructs a new OAuth client filter providing URI's for requesting request and access tokens and authorization. Passing these URI's will cause the filter will automatically attempt to obtain the tokens based if it receives 401 Unauthorized http status code.

Parameters:
providers the registered providers from Client.getProviders() method.
parameters the OAuthParameters to be used in signing requests.
secrets the OAuth secrets to be used in signing requests.
requestTokenUri URI for requesting new request tokens.
accessTokenUri URI for requesting access tokens.
authorizationUri URI for requesting authorization of request tokens.
handler Implementation of AuthHandler this filter calls to obtain user authorization and notify the application of a new access token obtained. If null is passed, instead of invoking the handler for user authorization when needed, UnauthorizedRequestException is thrown by the filter.
    public OAuthClientFilter(Providers providers, OAuthParameters parameters,
            OAuthSecrets secretsString requestTokenUriString accessTokenUri,
            String authorizationUriAuthHandler handler) {
        if (providers == null || parameters == null || secrets == null) {
            throw new NullPointerException();
        }
        if ((requestTokenUri != null || accessTokenUri != null || authorizationUri != null) &&
                (requestTokenUri == null || accessTokenUri == null || authorizationUri == null)) {
            throw new NullPointerException();
        }
        this. = providers;
        this. = parameters;
        this. = secrets;
        this. = handler == null ? new AuthHandler() {
            @Override
            public void authorized(String tokenString tokenSecret) {
            }
            @Override
            public String authorize(URI authorizationUri) {
                return null;
            }
        } : handler;
        
        if (parameters.getSignatureMethod() == null) {
            parameters.signatureMethod("HMAC-SHA1");
        }
        if (parameters.getVersion() == null) {
            parameters.version();
        }
        if (requestTokenUri == null) {
            this. = this. = this. = null;
             = .;
        } else {
            this. = UriBuilder.fromUri(requestTokenUri).build();
            this. = UriBuilder.fromUri(accessTokenUri).build();
            this. = UriBuilder.fromUri(authorizationUri).build();
             = .;
        }
    }

    
Note: This method automatically sets the nonce and timestamp.
    @Override
    public ClientResponse handle(final ClientRequest requestthrows ClientHandlerException {
        // secrets and parameters exist; no auth header already: sign request; add as authorization header
        if (!request.getHeaders().containsKey("Authorization")) {
            switch () {
                case :
                    // check if authorized
                    if (.getToken() == null) {
                        // put together a request token request
                         = .;
                        try {
                            ClientResponse cr = handle(ClientRequest.create().build(, HttpMethod.POST));
                            Form response = cr.getEntity(Form.class);
                            String token = response.getFirst(OAuthParameters.TOKEN);
                            .token(token);
                            .tokenSecret(response.getFirst(OAuthParameters.TOKEN_SECRET));
                             = .;
                            .verifier(.authorize(getAuthorizationUri()));
                            return handle(request);
                        } finally {
                            if ( == .) {
                                .setToken(null);
                                .setTokenSecret(null);
                            }
                             = .;
                        }
                    }
                    break;
                case :
                    if (.getVerifier() == null) {
                        throw new UnauthorizedRequestException(getAuthorizationUri());
                    }
                     = .;
                    try {
                        ClientResponse cr = handle(ClientRequest.create().build(, HttpMethod.POST));
                        Form response = cr.getEntity(Form.class);
                        String token = response.getFirst(OAuthParameters.TOKEN);
                        String secret = response.getFirst(OAuthParameters.TOKEN_SECRET);
                        if (token == null) {
                            throw new UnauthorizedRequestException(null);
                        }
                        .token(token);
                        .tokenSecret(secret);
                        .authorized(.getToken(), .getTokenSecret());
                         = .;
                    } finally {
                        .remove(OAuthParameters.VERIFIER);
                        if ( == .) {
                            .remove(OAuthParameters.TOKEN);
                            .tokenSecret(null);
                             = .;
                        }
                    }
            }
            final OAuthParameters p = (OAuthParameters).clone(); // make modifications to clone
            if (p.getTimestamp() == null) {
                p.setTimestamp();
            }
            if (p.getNonce() == null) {
                p.setNonce();
            }
            try {
                OAuthSignature.sign(new RequestWrapper(request), p);
            }
            catch (OAuthSignatureException se) {
                throw new ClientHandlerException(se);
            }
        }
        // next filter in chain
        ClientResponse response;
        UniformInterfaceException uie = null;
        try {
            response = getNext().handle(request);
        } catch (UniformInterfaceException e) {
            response = e.getResponse();
            uie = e;
        }
        if ( == . && response.getClientResponseStatus() == ClientResponse.Status.UNAUTHORIZED) {
            request.getHeaders().remove("Authorization");
            .remove(OAuthParameters.TOKEN);
            .tokenSecret(null);
            uie = null;
            return handle(request);
        }
        if (uie != null) {
            throw uie;
        }
        
        return response;
    }
    private URI getAuthorizationUri() {
        return UriBuilder.fromUri()
                .queryParam(OAuthParameters.TOKEN, .getToken())
                .build();
    }

    
Implementation of this interface should be passed to the filter constructor to handle user authorization requests and respond to obtaining a new access token (e.g. by storing it for future use).
    public static interface AuthHandler {
        
Method called by the filter when an authorization of a request token is needed. Implementation should redirect user to the authorization URI passed as the parameter to this method and return the verification code (or null) generated by the server in a response to user authorization.

Parameters:
authorizationUri Authorization URI the user should be redirected to.
Returns:
verifier code that was generated by the server, null if the user refused to authorize the client.
        String authorize(URI authorizationUri);

        
Notifies the handler that the application was authorized by the user and a new access token was obtained. Application may want to store this for future use (to avoid the need for a new authorization next time it runs).

Parameters:
token The new access token.
tokenSecret Secret corresponding to the new access token.
        void authorized(String tokenString tokenSecret);
    }
New to GrepCode? Check out our FAQ X