add provider project source.

mifosng-provider/src/main/java/org/mifosng/oauth/CustomOAuthProviderTokenServices.java

@@ -0,0 +1,15 @@
+package org.mifosng.oauth;
+
+import org.springframework.security.oauth.provider.token.OAuthProviderToken;
+import org.springframework.security.oauth.provider.token.OAuthProviderTokenServices;
+
+/**
+ * This is just a temporary hack, should pass oauth access token, access secret, consumer key, consumer secret to get access to authenticated user permissions 
+ */
+public interface CustomOAuthProviderTokenServices extends OAuthProviderTokenServices {
+
+	OAuthProviderToken getTokenByNonEncodedKey(String oauthToken);
+
+	void removeTokenByNonEncodedKey(String oauthToken);
+
+}

mifosng-provider/src/main/java/org/mifosng/oauth/CustomProtectedResourceProcessingFilter.java

@@ -0,0 +1,154 @@
+package org.mifosng.oauth;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth.common.OAuthConsumerParameter;
+import org.springframework.security.oauth.common.OAuthException;
+import org.springframework.security.oauth.common.signature.OAuthSignatureMethod;
+import org.springframework.security.oauth.common.signature.SignatureSecret;
+import org.springframework.security.oauth.common.signature.UnsupportedSignatureMethodException;
+import org.springframework.security.oauth.provider.ConsumerAuthentication;
+import org.springframework.security.oauth.provider.ConsumerCredentials;
+import org.springframework.security.oauth.provider.ConsumerDetails;
+import org.springframework.security.oauth.provider.InvalidOAuthParametersException;
+import org.springframework.security.oauth.provider.filter.ProtectedResourceProcessingFilter;
+import org.springframework.security.oauth.provider.token.OAuthProviderToken;
+
+public class CustomProtectedResourceProcessingFilter extends
+		ProtectedResourceProcessingFilter {
+
+	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
+	    HttpServletRequest request = (HttpServletRequest) servletRequest;
+	    HttpServletResponse response = (HttpServletResponse) servletResponse;
+
+	    if (!skipProcessing(request)) {
+	      if (requiresAuthentication(request, response, chain)) {
+	        if (!allowMethod(request.getMethod().toUpperCase())) {
+
+	          response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+	          return;
+	        }
+
+	        try {
+	          Map<String, String> oauthParams = getProviderSupport().parseParameters(request);
+
+	          if (parametersAreAdequate(oauthParams)) {
+
+	            String consumerKey = oauthParams.get(OAuthConsumerParameter.oauth_consumer_key.toString());
+	            if (consumerKey == null) {
+	              throw new InvalidOAuthParametersException(messages.getMessage("OAuthProcessingFilter.missingConsumerKey", "Missing consumer key."));
+	            }
+
+	            //load the consumer details.
+	            ConsumerDetails consumerDetails = getConsumerDetailsService().loadConsumerByConsumerKey(consumerKey);
+
+	            //validate the parameters for the consumer.
+	            validateOAuthParams(consumerDetails, oauthParams);
+
+	            //extract the credentials.
+	            String token = oauthParams.get(OAuthConsumerParameter.oauth_token.toString());
+	            String signatureMethod = oauthParams.get(OAuthConsumerParameter.oauth_signature_method.toString());
+	            String signature = oauthParams.get(OAuthConsumerParameter.oauth_signature.toString());
+	            String signatureBaseString = getProviderSupport().getSignatureBaseString(request);
+	            ConsumerCredentials credentials = new ConsumerCredentials(consumerKey, signature, signatureMethod, signatureBaseString, token);
+
+	            //create an authentication request.
+	            ConsumerAuthentication authentication = new ConsumerAuthentication(consumerDetails, credentials, oauthParams);
+	            authentication.setDetails(createDetails(request, consumerDetails));
+
+	            Authentication previousAuthentication = SecurityContextHolder.getContext().getAuthentication();
+	            try {
+	              //set the authentication request (unauthenticated) into the context.
+	              SecurityContextHolder.getContext().setAuthentication(authentication);
+
+	              //validate the signature.
+	              if (token == null) {
+	            	  validateSignature(authentication);
+	              } else {
+	            	  if (!"OPTIONS".equalsIgnoreCase(request.getMethod().toUpperCase())) {
+		            	  validateSignature(authentication);
+		              }
+	              }
+
+	              //mark the authentication request as validated.
+	              authentication.setSignatureValidated(true);
+
+	              //mark that processing has been handled.
+	              request.setAttribute(OAUTH_PROCESSING_HANDLED, Boolean.TRUE);
+
+	              //go.
+	              onValidSignature(request, response, chain);
+	            }
+	            finally {
+	              //clear out the consumer authentication to make sure it doesn't get cached.
+	              resetPreviousAuthentication(previousAuthentication);
+	            }
+	          }
+	          else if (!isIgnoreInadequateCredentials()) {
+	            throw new InvalidOAuthParametersException(messages.getMessage("OAuthProcessingFilter.missingCredentials", "Inadequate OAuth consumer credentials."));
+	          }
+	          else {
+	            chain.doFilter(request, response);
+	          }
+	        }
+	        catch (AuthenticationException ae) {
+	          fail(request, response, ae);
+	        }
+	        catch (ServletException e) {
+	          if (e.getRootCause() instanceof AuthenticationException) {
+	            fail(request, response, (AuthenticationException) e.getRootCause());
+	          }
+	          else {
+	            throw e;
+	          }
+	        }
+	      }
+	      else {
+	        chain.doFilter(servletRequest, servletResponse);
+	      }
+	    }
+	    else {
+	      chain.doFilter(servletRequest, servletResponse);
+	    }
+	  }
+
+	@Override
+	protected void validateSignature(ConsumerAuthentication authentication)
+			throws AuthenticationException {
+		SignatureSecret secret = authentication.getConsumerDetails()
+				.getSignatureSecret();
+		String token = authentication.getConsumerCredentials().getToken();
+		OAuthProviderToken authToken = null;
+		if (token != null && !"".equals(token)) {
+			authToken = getTokenServices().getToken(token);
+		}
+
+		String signatureMethod = authentication.getConsumerCredentials()
+				.getSignatureMethod();
+		OAuthSignatureMethod method;
+		try {
+			method = getSignatureMethodFactory().getSignatureMethod(
+					signatureMethod, secret,
+					authToken != null ? authToken.getSecret() : null);
+		} catch (UnsupportedSignatureMethodException e) {
+			throw new OAuthException(e.getMessage(), e);
+		}
+
+		String signatureBaseString = authentication.getConsumerCredentials()
+				.getSignatureBaseString();
+		String signature = authentication.getConsumerCredentials()
+				.getSignature();
+		method.verify(signatureBaseString, signature);
+	}
+}

mifosng-provider/src/main/java/org/mifosng/oauth/CustomTokenServices.java

@@ -0,0 +1,63 @@
+package org.mifosng.oauth;
+
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth.provider.token.OAuthAccessProviderToken;
+import org.springframework.security.oauth.provider.token.OAuthProviderToken;
+import org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl;
+
+public class CustomTokenServices implements CustomOAuthProviderTokenServices {
+
+	private final ConcurrentHashMap<String, OAuthProviderTokenImpl> requestTokenStore = new ConcurrentHashMap<String, OAuthProviderTokenImpl>();
+	private final RemovableInMemoryProviderTokenServices delegate;
+
+	public CustomTokenServices(RemovableInMemoryProviderTokenServices delegate) {
+		this.delegate = delegate;
+	}
+
+	@Override
+	public OAuthProviderToken getToken(String token)
+			throws AuthenticationException {
+		return this.delegate.getToken(token);
+	}
+
+	@Override
+	public OAuthProviderToken createUnauthorizedRequestToken(
+			String consumerKey, String callbackUrl)
+			throws AuthenticationException {
+		return this.delegate.createUnauthorizedRequestToken(consumerKey, callbackUrl);
+	}
+
+	@Override
+	public void authorizeRequestToken(String requestToken, String verifier,
+			Authentication authentication) throws AuthenticationException {
+		this.delegate.authorizeRequestToken(requestToken, verifier, authentication);
+	}
+
+	@Override
+	public OAuthAccessProviderToken createAccessToken(String requestToken)
+			throws AuthenticationException {
+		OAuthProviderTokenImpl accessToken = (OAuthProviderTokenImpl)this.delegate.createAccessToken(requestToken);
+		this.requestTokenStore.put(requestToken, accessToken);
+		return accessToken;
+	}
+
+	@Override
+	public OAuthProviderToken getTokenByNonEncodedKey(String oauthToken) {
+		return this.requestTokenStore.get(oauthToken);
+	}
+
+	@Override
+	public void removeTokenByNonEncodedKey(String oauthToken) {
+		OAuthProviderTokenImpl accessToken = this.requestTokenStore.remove(oauthToken);
+		if (accessToken != null) {
+			String acccesTokenValue = accessToken.getValue();
+			this.delegate.removeAccessToken(acccesTokenValue);
+		} else {
+			this.delegate.removeAccessToken(oauthToken);
+		}
+	}
+
+}

mifosng-provider/src/main/java/org/mifosng/oauth/MifosNgConsumerDetailsService.java

@@ -0,0 +1,44 @@
+package org.mifosng.oauth;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.mifosng.platform.oauthconsumer.domain.OauthConsumerDetail;
+import org.mifosng.platform.oauthconsumer.domain.OauthConsumerDetailRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.oauth.common.OAuthException;
+import org.springframework.security.oauth.provider.ConsumerDetails;
+import org.springframework.security.oauth.provider.ConsumerDetailsService;
+import org.springframework.security.oauth.provider.InvalidOAuthParametersException;
+
+public class MifosNgConsumerDetailsService implements ConsumerDetailsService {
+
+	private Map<String, ConsumerDetails> consumerDetailsStore = new HashMap<String, ConsumerDetails>();
+
+	@Autowired
+	private OauthConsumerDetailRepository oauthConsumerDetailRepository;
+
+	/**
+	 * consumer service is used for by spring security oauth for all requests so makes sense to store consumer details in memory
+	 * rather than query the database based on each request. 
+	 */
+	@Override
+	public ConsumerDetails loadConsumerByConsumerKey(final String consumerKey)
+			throws OAuthException {
+
+	    ConsumerDetails detailsFromInMemoryStore = consumerDetailsStore.get(consumerKey);
+	    OauthConsumerDetail detailsFromDatabase = null;
+	    if (detailsFromInMemoryStore == null) {
+	    	detailsFromDatabase = this.oauthConsumerDetailRepository.findByConsumerKey(consumerKey);
+	    }
+
+	    ConsumerDetails consumerDetails = detailsFromInMemoryStore != null ? detailsFromInMemoryStore : detailsFromDatabase;
+
+		if (consumerDetails == null) {
+			throw new InvalidOAuthParametersException("Consumer not found: " + consumerKey);
+		} else {
+			consumerDetailsStore.put(consumerKey, detailsFromDatabase);
+		}
+		return consumerDetails;
+	}
+}

mifosng-provider/src/main/java/org/mifosng/oauth/OAuthParametersAwareSecurityContextPerRequestFilter.java

@@ -0,0 +1,82 @@
+package org.mifosng.oauth;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Map;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringUtils;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth.common.OAuthConsumerParameter;
+import org.springframework.security.oauth.provider.OAuthProviderSupport;
+import org.springframework.security.oauth.provider.filter.CoreOAuthProviderSupport;
+import org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl;
+import org.springframework.security.oauth.provider.token.OAuthProviderTokenServices;
+import org.springframework.web.filter.GenericFilterBean;
+
+public class OAuthParametersAwareSecurityContextPerRequestFilter extends
+		GenericFilterBean {
+
+	private OAuthProviderSupport providerSupport = new CoreOAuthProviderSupport();
+
+	private final OAuthProviderTokenServices tokenServices;
+
+	public OAuthParametersAwareSecurityContextPerRequestFilter(OAuthProviderTokenServices tokenServices) {
+		this.tokenServices = tokenServices;
+	}
+
+	@Override
+	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
+		HttpServletRequest request = (HttpServletRequest) req;
+		HttpServletResponse response = (HttpServletResponse) res;
+
+		Map<String, String> oauthParams = this.providerSupport.parseParameters(request);
+
+		String anonymousUserHash = "" + "anonymousUser".hashCode();
+		Collection<SimpleGrantedAuthority> authorities = Arrays.asList(new SimpleGrantedAuthority("ROLE_ANONYMOUS"));
+		Authentication authentication = new AnonymousAuthenticationToken(anonymousUserHash, "anonymousUser", authorities);
+
+		SecurityContext context = SecurityContextHolder.getContext();
+		context.setAuthentication(authentication);
+
+		if (oauthTokenExists(oauthParams)) {
+			String oauthToken = retrieveOAuthToken(oauthParams);
+			OAuthProviderTokenImpl token = (OAuthProviderTokenImpl) this.tokenServices.getToken(oauthToken);
+
+			if (token.getUserAuthentication() != null) {
+				context.setAuthentication(token.getUserAuthentication());
+			}
+		} else {
+			String requestToken = request.getParameter("requestToken");
+			if (StringUtils.isNotBlank(requestToken)) {
+				OAuthProviderTokenImpl token = (OAuthProviderTokenImpl) this.tokenServices.getToken(requestToken);
+
+				if (token.getUserAuthentication() != null) {
+					context.setAuthentication(token.getUserAuthentication());
+				}
+			}
+		}
+
+		chain.doFilter(request, response);
+	}
+
+	private String retrieveOAuthToken(Map<String, String> oauthParams) {
+		return oauthParams.get(OAuthConsumerParameter.oauth_token.toString());
+	}
+
+	private boolean oauthTokenExists(Map<String, String> oauthParams) {
+		return oauthParams.containsKey(OAuthConsumerParameter.oauth_token.toString());
+	}
+
+}

mifosng-provider/src/main/java/org/mifosng/oauth/RemovableInMemoryProviderTokenServices.java

@@ -0,0 +1,11 @@
+package org.mifosng.oauth;
+
+import org.springframework.security.oauth.provider.token.InMemoryProviderTokenServices;
+
+public class RemovableInMemoryProviderTokenServices extends
+		InMemoryProviderTokenServices {
+
+	public void removeAccessToken(String acccesTokenValue) {
+		super.removeToken(acccesTokenValue);
+	}
+}