• Home
• org.apache.shindig
• shindig-gadgets
• 3.0.0-beta4
• source code
• OAuthProtocolException.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.apache.shindig.gadgets.oauth.OAuthProtocolException Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */
package org.apache.shindig.gadgets.oauth;

import org.apache.shindig.auth.OAuthUtil;
import org.apache.shindig.gadgets.http.HttpResponse;

import com.google.common.collect.ImmutableSet;

import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;

import java.util.Set;

/**
 * Implements the
 * 
 * OAuth problem reporting extension
 * 
 * We divide problems into three categories:
 * - problems that cause us to abort the protocol.  For example, if we don't
 *   have a consumer key that the service provider accepts, we give up.
 *   
 * - problems that cause us to ask for the user's permission again.  For
 *   example, if the service provider reports that an access token has been
 *   revoked, we throw away the token and start over.
 *   
 * - problems that require us to refresh our access token per the OAuth
 *   session extension protocol
 *   
 * By default we assume most service provider errors fall into the second
 * category: we should ask for the user's permission again.
 */
class OAuthProtocolException extends Exception {

  /**
   * Problems that should force us to abort the protocol right away,
   * and next time the user visits ask them for permission again.
   */
  private static Set fatalProblems =
      ImmutableSet.of("version_rejected",
                      "signature_method_rejected",
                      "consumer_key_unknown",
                      "consumer_key_rejected",
                      "timestamp_refused");

  /**
   * Problems that should force us to abort the protocol right away,
   * but we can still try to use the access token again later.
   */
  private static Set temporaryProblems = 
      ImmutableSet.of("consumer_key_refused");

  /**
   * Problems that should have us try to refresh the access token.
   */
  private static Set extensionProblems =
      ImmutableSet.of("access_token_expired");

  private final boolean canRetry;

  private final boolean startFromScratch;

  private final boolean canExtend;

  private final String problemCode;

  public OAuthProtocolException(int status, OAuthMessage reply) {
    String problem = OAuthUtil.getParameter(reply, OAuthProblemException.OAUTH_PROBLEM);
    if (problem == null) {
      throw new IllegalArgumentException("No problem reported for OAuthProtocolException");
    }
    this.problemCode = problem;
    if (fatalProblems.contains(problem)) {
      startFromScratch = true;
      canRetry = false;
      canExtend = false;
    } else if (temporaryProblems.contains(problem)) {
      startFromScratch = false;
      canRetry = false;
      canExtend = false;
    } else if (extensionProblems.contains(problem)) {
      startFromScratch = false;
      canRetry = true;
      canExtend = true;
    } else {
      // fallback to status to figure out behavior
      if (status == HttpResponse.SC_UNAUTHORIZED) {
        startFromScratch = true;
        canRetry = true;
      } else {
        startFromScratch = false;
        canRetry = false;
      }
      canExtend = false;
    }
  }

  /**
   * Handle OAuth protocol errors for SPs that don't support the problem
   * reporting extension
   * @param status HTTP status code, assumed to be between 400 and 499 inclusive
   */
  public OAuthProtocolException(int status) {
    if (status == HttpResponse.SC_UNAUTHORIZED) {
      startFromScratch = true;
      canRetry = true;
    } else {
      startFromScratch = false;
      canRetry = false;
    }
    canExtend = false;
    problemCode = null;
  }

  /**
   * @return true if we've gotten confused to the point where we should give
   * up and ask the user for approval again.
   */
  public boolean startFromScratch() {
    return startFromScratch;
  }

  /**
   * @return true if we think we can make progress by attempting the protocol
   * flow again (which may require starting from scratch).
   */
  public boolean canRetry() {
    return canRetry;
  }

  /**
   * @return true if we think we can make progress by attempting to extend the lifetime of the
   * access token.
   */
  public boolean canExtend() {
    return canExtend;
  }

  /**
   * @return the OAuth problem code (from the problem reporting extension).
   */
  public String getProblemCode() {
    return problemCode;
  }
}