View Javadoc

1   /**
2    *       Copyright 2010 Newcastle University
3    *
4    *          http://research.ncl.ac.uk/smart/
5    *
6    * Licensed to the Apache Software Foundation (ASF) under one or more
7    * contributor license agreements.  See the NOTICE file distributed with
8    * this work for additional information regarding copyright ownership.
9    * The ASF licenses this file to You under the Apache License, Version 2.0
10   * (the "License"); you may not use this file except in compliance with
11   * the License.  You may obtain a copy of the License at
12   *
13   *      http://www.apache.org/licenses/LICENSE-2.0
14   *
15   * Unless required by applicable law or agreed to in writing, software
16   * distributed under the License is distributed on an "AS IS" BASIS,
17   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18   * See the License for the specific language governing permissions and
19   * limitations under the License.
20   */
21  
22  package org.apache.amber.oauth2.rs.validator;
23  
24  import javax.servlet.http.HttpServletRequest;
25  
26  import org.apache.amber.oauth2.common.OAuth;
27  import org.apache.amber.oauth2.common.error.OAuthError;
28  import org.apache.amber.oauth2.common.exception.OAuthProblemException;
29  import org.apache.amber.oauth2.common.utils.OAuthUtils;
30  import org.apache.amber.oauth2.common.validators.AbstractValidator;
31  
32  
33  /**
34   *
35   *
36   *
37   */
38  public class BearerBodyOAuthValidator extends AbstractValidator {
39  
40      @Override
41      public void validateMethod(HttpServletRequest request) throws OAuthProblemException {
42          // Check if the method is POST, PUT, or DELETE
43          String method = request.getMethod();
44          if (!(OAuth.HttpMethod.POST.equals(method) || OAuth.HttpMethod.PUT.equals(method) || OAuth.HttpMethod
45              .DELETE.equals(method))) {
46              throw OAuthProblemException
47                  .error(OAuthError.TokenResponse.INVALID_REQUEST)
48                  .description("Incorrect method. POST, PUT, DELETE are supported.");
49          }
50      }
51  
52      @Override
53      public void validateContentType(HttpServletRequest request) throws OAuthProblemException {
54          if (OAuthUtils.isMultipart(request)) {
55              throw OAuthProblemException.error(OAuthError.CodeResponse.INVALID_REQUEST).
56                  description("Request is not single part.");
57          }
58          super.validateContentType(request);
59      }
60  
61  
62      @Override
63      public void validateRequiredParameters(HttpServletRequest request) throws OAuthProblemException {
64  
65          if (OAuthUtils.isMultipart(request)) {
66              throw OAuthProblemException.error(OAuthError.TokenResponse.INVALID_REQUEST).
67                  description("Request is not single part.");
68          }
69  
70  
71          String[] tokens = request.getParameterValues(OAuth.OAUTH_BEARER_TOKEN);
72          if (OAuthUtils.hasEmptyValues(tokens)) {
73              tokens = request.getParameterValues(OAuth.OAUTH_TOKEN);
74              if (OAuthUtils.hasEmptyValues(tokens)) {
75                  throw OAuthProblemException.error(null, "Missing OAuth token.");
76              }
77          }
78  
79          if (tokens.length > 1) {
80              throw OAuthProblemException.error(OAuthError.TokenResponse.INVALID_REQUEST)
81                  .description("Multiple tokens attached.");
82          }
83  
84          String oauthVersionDiff = request.getParameter(OAuth.OAUTH_VERSION_DIFFER);
85          if (!OAuthUtils.isEmpty(oauthVersionDiff)) {
86              throw OAuthProblemException.error(OAuthError.TokenResponse.INVALID_REQUEST)
87                  .description("Incorrect OAuth version. Found OAuth V1.0.");
88          }
89  
90      }
91  }