All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.springframework.security.oauth.config.ProtectedResourceDetailsBeanDefinitionParser Maven / Gradle / Ivy

/*
 * Copyright 2008 Web Cohesion
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.security.oauth.config;

import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.oauth.common.signature.SharedConsumerSecret;
import org.springframework.security.oauth.common.signature.HMAC_SHA1SignatureMethod;
import org.springframework.security.oauth.consumer.BaseProtectedResourceDetails;
import org.springframework.security.oauth.consumer.InMemoryProtectedResourceDetailsService;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;

import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.HashMap;

/**
 * @author Ryan Heaton
 */
public class ProtectedResourceDetailsBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {

  @Override
  protected Class getBeanClass(Element element) {
    return InMemoryProtectedResourceDetailsService.class;
  }

  @Override
  protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
    List consumerElements = DomUtils.getChildElementsByTagName(element, "resource");
    Map resources = new TreeMap();
    for (Object item : consumerElements) {
      BaseProtectedResourceDetails resource = new BaseProtectedResourceDetails();
      Element consumerElement = (Element) item;
      String id = consumerElement.getAttribute("id");
      if (StringUtils.hasText(id)) {
        resource.setId(id);
      }
      else {
        parserContext.getReaderContext().error("A resource id must be supplied with the definition of a protected resource.", consumerElement);
      }

      String key = consumerElement.getAttribute("key");
      if (StringUtils.hasText(key)) {
        resource.setConsumerKey(key);
      }
      else {
        parserContext.getReaderContext().error("A consumer key must be supplied with the definition of a protected resource.", consumerElement);
      }

      String secret = consumerElement.getAttribute("secret");
      if (StringUtils.hasText(secret)) {
        resource.setSharedSecret(new SharedConsumerSecret(secret));
      }
      else {
        parserContext.getReaderContext().error("A shared secret must be supplied with the definition of a resource.", consumerElement);
      }

      String requestTokenURL = consumerElement.getAttribute("request-token-url");
      if (StringUtils.hasText(requestTokenURL)) {
        resource.setRequestTokenURL(requestTokenURL);
      }
      else {
        parserContext.getReaderContext().error("A request token URL must be supplied with the definition of a resource.", consumerElement);
      }

      String requestTokenMethod = consumerElement.getAttribute("request-token-method");
      if (StringUtils.hasText(requestTokenMethod)) {
        resource.setRequestTokenHttpMethod(requestTokenMethod);
      }

      String accessTokenURL = consumerElement.getAttribute("access-token-url");
      if (StringUtils.hasText(accessTokenURL)) {
        resource.setAccessTokenURL(accessTokenURL);
      }
      else {
        parserContext.getReaderContext().error("An access token URL must be supplied with the definition of a resource.", consumerElement);
      }

      String accessTokenMethod = consumerElement.getAttribute("access-token-method");
      if (StringUtils.hasText(accessTokenMethod)) {
        resource.setAccessTokenHttpMethod(accessTokenMethod);
      }

      String userAuthorizationURL = consumerElement.getAttribute("user-authorization-url");
      if (StringUtils.hasText(userAuthorizationURL)) {
        resource.setUserAuthorizationURL(userAuthorizationURL);
      }
      else {
        parserContext.getReaderContext().error("A user authorization URL must be supplied with the definition of a resource.", consumerElement);
      }

      String sigMethod = consumerElement.getAttribute("signature-method");
      if (!StringUtils.hasText(sigMethod)) {
        sigMethod = HMAC_SHA1SignatureMethod.SIGNATURE_NAME;
      }
      resource.setSignatureMethod(sigMethod);

      String acceptsHeader = consumerElement.getAttribute("accepts-authorization-header");
      if (StringUtils.hasText(acceptsHeader)) {
        resource.setAcceptsAuthorizationHeader(Boolean.valueOf(acceptsHeader));
      }

      String headerRealm = consumerElement.getAttribute("authorization-header-realm");
      if (StringUtils.hasText(headerRealm)) {
        resource.setAuthorizationHeaderRealm(headerRealm);
      }

      String use10a = consumerElement.getAttribute("use10a");
      if (StringUtils.hasText(use10a)) {
        resource.setUse10a("true".equals(use10a));
      }

      List additionalParameters = DomUtils.getChildElementsByTagName(consumerElement, "addtionalParameter");
      if (additionalParameters != null && !additionalParameters.isEmpty()) {
        Map additionalParams = new HashMap();
        for (Object additionalParameter : additionalParameters) {
          additionalParams.put(((Element)additionalParameter).getAttribute("name"), ((Element)additionalParameter).getAttribute("value"));
        }
        resource.setAdditionalParameters(additionalParams);
      }

      resources.put(id, resource);
    }

    builder.addPropertyValue("resourceDetailsStore", resources);
  }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy