/*
* JBoss, a division of Red Hat
* Copyright 2013, Red Hat Middleware, LLC, and individual
* contributors as indicated by the @authors tag. See the
* copyright.txt in the distribution for a full listing of
* individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.gatein.security.oauth.twitter;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.exoplatform.container.ExoContainerContext;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.services.organization.UserProfile;
import org.gatein.security.oauth.spi.InteractionState;
import org.gatein.security.oauth.exception.OAuthException;
import org.gatein.security.oauth.exception.OAuthExceptionCode;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
import org.gatein.security.oauth.spi.OAuthCodec;
import org.gatein.security.oauth.common.OAuthConstants;
import org.gatein.security.oauth.utils.OAuthPersistenceUtils;
import twitter4j.Twitter;
import twitter4j.TwitterException;
import twitter4j.TwitterFactory;
import twitter4j.auth.AccessToken;
import twitter4j.auth.RequestToken;
import twitter4j.conf.ConfigurationBuilder;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class TwitterProcessorImpl implements TwitterProcessor {
private static Logger log = LoggerFactory.getLogger(TwitterProcessorImpl.class);
private final String redirectURL;
private final String clientID;
private final String clientSecret;
private final TwitterFactory twitterFactory;
private final int chunkLength;
public TwitterProcessorImpl(ExoContainerContext context, InitParams params) {
this.clientID = params.getValueParam("clientId").getValue();
this.clientSecret = params.getValueParam("clientSecret").getValue();
String redirectURLParam = params.getValueParam("redirectURL").getValue();
if (clientID == null || clientID.length() == 0 || clientID.trim().equals("<<to be replaced>>")) {
throw new IllegalArgumentException("Property 'clientId' needs to be provided. The value should be " +
"clientId of your Twitter application");
}
if (clientSecret == null || clientSecret.length() == 0 || clientSecret.trim().equals("<<to be replaced>>")) {
throw new IllegalArgumentException("Property 'clientSecret' needs to be provided. The value should be " +
"clientSecret of your Twitter application");
}
if (redirectURLParam == null || redirectURLParam.length() == 0) {
this.redirectURL = "http://localhost:8080/" + context.getName() + OAuthConstants.TWITTER_AUTHENTICATION_URL_PATH;
} else {
this.redirectURL = redirectURLParam.replaceAll("@@portal.container.name@@", context.getName());
}
this.chunkLength = OAuthPersistenceUtils.getChunkLength(params);
if (log.isDebugEnabled()) {
log.debug("configuration: clientId=" + clientID +
", clientSecret=" + clientSecret +
", redirectURL=" + redirectURL +
", chunkLength=" + chunkLength);
}
// Create 'generic' twitterFactory for user authentication to GateIn
ConfigurationBuilder builder = new ConfigurationBuilder();
builder.setOAuthConsumerKey(clientID).setOAuthConsumerSecret(clientSecret);
twitterFactory = new TwitterFactory(builder.build());
}
@Override
public InteractionState<TwitterAccessTokenContext> processOAuthInteraction(HttpServletRequest request, HttpServletResponse response) throws
IOException, OAuthException {
Twitter twitter = twitterFactory.getInstance();
HttpSession session = request.getSession();
//See if we are a callback
RequestToken requestToken = (RequestToken) session.getAttribute(OAuthConstants.ATTRIBUTE_TWITTER_REQUEST_TOKEN);
try {
if (requestToken == null) {
requestToken = twitter.getOAuthRequestToken(redirectURL);
// Save requestToken to session, but only temporarily until oauth workflow is finished
session.setAttribute(OAuthConstants.ATTRIBUTE_TWITTER_REQUEST_TOKEN, requestToken);
if (log.isTraceEnabled()) {
log.trace("RequestToken obtained from twitter. Redirecting to Twitter for authorization");
}
// Redirect to twitter to perform authentication
response.sendRedirect(requestToken.getAuthenticationURL());
return new InteractionState<TwitterAccessTokenContext>(InteractionState.State.AUTH, null);
} else {
String verifier = request.getParameter(OAuthConstants.OAUTH_VERIFIER);
// User denied scope
if (request.getParameter(OAuthConstants.OAUTH_DENIED) != null) {
throw new OAuthException(OAuthExceptionCode.USER_DENIED_SCOPE, "User denied scope on Twitter authorization page");
}
// Obtain accessToken from twitter
AccessToken accessToken = twitter.getOAuthAccessToken(requestToken, verifier);
if (log.isTraceEnabled()) {
log.trace("Twitter accessToken: " + accessToken);
}
// Remove requestToken from session. We don't need it anymore
session.removeAttribute(OAuthConstants.ATTRIBUTE_TWITTER_REQUEST_TOKEN);
TwitterAccessTokenContext accessTokenContext = new TwitterAccessTokenContext(accessToken.getToken(), accessToken.getTokenSecret());
return new InteractionState<TwitterAccessTokenContext>(InteractionState.State.FINISH, accessTokenContext);
}
} catch (TwitterException twitterException) {
throw new OAuthException(OAuthExceptionCode.TWITTER_ERROR, twitterException);
}
}
@Override
public InteractionState<TwitterAccessTokenContext> processOAuthInteraction(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String scope) throws IOException, OAuthException {
throw new OAuthException(OAuthExceptionCode.TWITTER_ERROR, "This is currently not supported for Twitter");
}
@Override
public <C> C getAuthorizedSocialApiObject(TwitterAccessTokenContext accessToken, Class<C> socialApiObjectType) {
if (Twitter.class.equals(socialApiObjectType)) {
return socialApiObjectType.cast(getAuthorizedTwitterInstance(accessToken));
} else {
if (log.isDebugEnabled()) {
log.debug("Class '" + socialApiObjectType + "' not supported by this processor");
}
return null;
}
}
@Override
public Twitter getAuthorizedTwitterInstance(TwitterAccessTokenContext accessTokenContext) {
ConfigurationBuilder builder = new ConfigurationBuilder();
builder.setOAuthConsumerKey(clientID).setOAuthConsumerSecret(clientSecret);
// Now add accessToken properties to builder
builder.setOAuthAccessToken(accessTokenContext.getAccessToken());
builder.setOAuthAccessTokenSecret(accessTokenContext.getAccessTokenSecret());
// Return twitter instance with successfully established accessToken
return new TwitterFactory(builder.build()).getInstance();
}
@Override
public void saveAccessTokenAttributesToUserProfile(UserProfile userProfile, OAuthCodec codec, TwitterAccessTokenContext accessToken) {
String encodedAccessToken = codec.encodeString(accessToken.getAccessToken());
String encodedAccessTokenSecret = codec.encodeString(accessToken.getAccessTokenSecret());
OAuthPersistenceUtils.saveLongAttribute(encodedAccessToken, userProfile, OAuthConstants.PROFILE_TWITTER_ACCESS_TOKEN,
false, chunkLength);
OAuthPersistenceUtils.saveLongAttribute(encodedAccessTokenSecret, userProfile, OAuthConstants.PROFILE_TWITTER_ACCESS_TOKEN_SECRET,
false, chunkLength);
}
@Override
public TwitterAccessTokenContext getAccessTokenFromUserProfile(UserProfile userProfile, OAuthCodec codec) {
String encodedAccessToken = OAuthPersistenceUtils.getLongAttribute(userProfile, OAuthConstants.PROFILE_TWITTER_ACCESS_TOKEN, false);
String encodedAccessTokenSecret = OAuthPersistenceUtils.getLongAttribute(userProfile, OAuthConstants.PROFILE_TWITTER_ACCESS_TOKEN_SECRET, false);
String decodedAccessToken = codec.decodeString(encodedAccessToken);
String decodedAccessTokenSecret = codec.decodeString(encodedAccessTokenSecret);
if (decodedAccessToken == null || decodedAccessTokenSecret == null) {
return null;
} else {
return new TwitterAccessTokenContext(decodedAccessToken, decodedAccessTokenSecret);
}
}
@Override
public TwitterAccessTokenContext validateTokenAndUpdateScopes(TwitterAccessTokenContext accessToken) throws OAuthException {
try {
// Perform validation by obtaining some info about user
Twitter twitter = getAuthorizedTwitterInstance(accessToken);
twitter.verifyCredentials();
return accessToken;
} catch (TwitterException tw) {
if (tw.getStatusCode() == 401) {
throw new OAuthException(OAuthExceptionCode.ACCESS_TOKEN_ERROR,
"Error when verifying twitter access token: " + tw.getMessage(), tw);
} else {
throw new OAuthException(OAuthExceptionCode.IO_ERROR,
"IO Error when obtaining tokenInfo: " + tw.getClass() + ": " + tw.getMessage(), tw);
}
}
}
@Override
public void removeAccessTokenFromUserProfile(UserProfile userProfile) {
OAuthPersistenceUtils.removeLongAttribute(userProfile, OAuthConstants.PROFILE_TWITTER_ACCESS_TOKEN, false);
OAuthPersistenceUtils.removeLongAttribute(userProfile, OAuthConstants.PROFILE_TWITTER_ACCESS_TOKEN_SECRET, false);
}
@Override
public void revokeToken(TwitterAccessTokenContext accessToken) {
// TODO: (if it's possible with Twitter... Maybe it's noop)
}
}