1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 package org.apache.amber.oauth2.rs.validator;
23
24 import javax.servlet.http.HttpServletRequest;
25
26 import org.apache.amber.oauth2.common.OAuth;
27 import org.apache.amber.oauth2.common.error.OAuthError;
28 import org.apache.amber.oauth2.common.exception.OAuthProblemException;
29 import org.apache.amber.oauth2.common.utils.OAuthUtils;
30 import org.apache.amber.oauth2.common.validators.AbstractValidator;
31
32
33
34
35
36
37
38 public class BearerBodyOAuthValidator extends AbstractValidator {
39
40 @Override
41 public void validateMethod(HttpServletRequest request) throws OAuthProblemException {
42
43 String method = request.getMethod();
44 if (!(OAuth.HttpMethod.POST.equals(method) || OAuth.HttpMethod.PUT.equals(method) || OAuth.HttpMethod
45 .DELETE.equals(method))) {
46 throw OAuthProblemException
47 .error(OAuthError.TokenResponse.INVALID_REQUEST)
48 .description("Incorrect method. POST, PUT, DELETE are supported.");
49 }
50 }
51
52 @Override
53 public void validateContentType(HttpServletRequest request) throws OAuthProblemException {
54 if (OAuthUtils.isMultipart(request)) {
55 throw OAuthProblemException.error(OAuthError.CodeResponse.INVALID_REQUEST).
56 description("Request is not single part.");
57 }
58 super.validateContentType(request);
59 }
60
61
62 @Override
63 public void validateRequiredParameters(HttpServletRequest request) throws OAuthProblemException {
64
65 if (OAuthUtils.isMultipart(request)) {
66 throw OAuthProblemException.error(OAuthError.TokenResponse.INVALID_REQUEST).
67 description("Request is not single part.");
68 }
69
70
71 String[] tokens = request.getParameterValues(OAuth.OAUTH_BEARER_TOKEN);
72 if (OAuthUtils.hasEmptyValues(tokens)) {
73 tokens = request.getParameterValues(OAuth.OAUTH_TOKEN);
74 if (OAuthUtils.hasEmptyValues(tokens)) {
75 throw OAuthProblemException.error(null, "Missing OAuth token.");
76 }
77 }
78
79 if (tokens.length > 1) {
80 throw OAuthProblemException.error(OAuthError.TokenResponse.INVALID_REQUEST)
81 .description("Multiple tokens attached.");
82 }
83
84 String oauthVersionDiff = request.getParameter(OAuth.OAUTH_VERSION_DIFFER);
85 if (!OAuthUtils.isEmpty(oauthVersionDiff)) {
86 throw OAuthProblemException.error(OAuthError.TokenResponse.INVALID_REQUEST)
87 .description("Incorrect OAuth version. Found OAuth V1.0.");
88 }
89
90 }
91 }