View Javadoc

1   /**
2    *       Copyright 2010 Newcastle University
3    *
4    *          http://research.ncl.ac.uk/smart/
5    *
6    * Licensed to the Apache Software Foundation (ASF) under one or more
7    * contributor license agreements.  See the NOTICE file distributed with
8    * this work for additional information regarding copyright ownership.
9    * The ASF licenses this file to You under the Apache License, Version 2.0
10   * (the "License"); you may not use this file except in compliance with
11   * the License.  You may obtain a copy of the License at
12   *
13   *      http://www.apache.org/licenses/LICENSE-2.0
14   *
15   * Unless required by applicable law or agreed to in writing, software
16   * distributed under the License is distributed on an "AS IS" BASIS,
17   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18   * See the License for the specific language governing permissions and
19   * limitations under the License.
20   */
21  
22  package org.apache.amber.oauth2.rs.validator;
23  
24  import java.util.Map;
25  import javax.servlet.http.HttpServletRequest;
26  
27  import org.apache.amber.oauth2.common.OAuth;
28  import org.apache.amber.oauth2.common.error.OAuthError;
29  import org.apache.amber.oauth2.common.exception.OAuthProblemException;
30  import org.apache.amber.oauth2.common.utils.OAuthUtils;
31  import org.apache.amber.oauth2.common.validators.AbstractValidator;
32  
33  
34  /**
35   *
36   *
37   *
38   */
39  public class BearerHeaderOAuthValidator extends AbstractValidator {
40  
41      @Override
42      public void validateContentType(HttpServletRequest request) throws OAuthProblemException {
43      }
44  
45      @Override
46      public void validateMethod(HttpServletRequest request) throws OAuthProblemException {
47      }
48  
49      @Override
50      public void validateRequiredParameters(HttpServletRequest request) throws OAuthProblemException {
51          // Check if there is the Authorization Header
52          String authzHeader = request.getHeader(OAuth.HeaderType.AUTHORIZATION);
53          if (OAuthUtils.isEmpty(authzHeader)) {
54              throw OAuthProblemException.error("", "Missing authorization header.");
55          }
56  
57          // See if the authorization method is set to OAuth
58          String authzMethod = OAuthUtils.getAuthzMethod(authzHeader);
59          if (!OAuth.OAUTH_HEADER_NAME.equals(authzMethod)) {
60              throw OAuthProblemException.error("", "Incorrect authorization method.");
61          }
62  
63          // Get the header field
64          String headerField = OAuthUtils.getAuthHeaderField(authzHeader);
65          if (OAuthUtils.isEmpty(headerField)) {
66              throw OAuthProblemException
67                  .error(OAuthError.TokenResponse.INVALID_REQUEST, "Missing required parameter.");
68          }
69  
70          // Check if this OAuth 1.0 or OAuth 2.0
71          Map<String, String> values = OAuthUtils.decodeOAuthHeader(authzHeader);
72          String oauthVersionDiff = values.get(OAuth.OAUTH_VERSION_DIFFER);
73          if (!OAuthUtils.isEmpty(oauthVersionDiff)) {
74              throw OAuthProblemException
75                  .error(OAuthError.TokenResponse.INVALID_REQUEST,
76                      "Incorrect OAuth version. Found OAuth V1.0.");
77          }
78      }
79  }