1 | /* Copyright (c) 2009 Matthias Kaeppler
|
---|
2 | *
|
---|
3 | * Licensed under the Apache License, Version 2.0 (the "License");
|
---|
4 | * you may not use this file except in compliance with the License.
|
---|
5 | * You may obtain a copy of the License at
|
---|
6 | *
|
---|
7 | * http://www.apache.org/licenses/LICENSE-2.0
|
---|
8 | *
|
---|
9 | * Unless required by applicable law or agreed to in writing, software
|
---|
10 | * distributed under the License is distributed on an "AS IS" BASIS,
|
---|
11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
12 | * See the License for the specific language governing permissions and
|
---|
13 | * limitations under the License.
|
---|
14 | */
|
---|
15 | package oauth.signpost;
|
---|
16 |
|
---|
17 | import java.io.Serializable;
|
---|
18 |
|
---|
19 | import oauth.signpost.exception.OAuthCommunicationException;
|
---|
20 | import oauth.signpost.exception.OAuthExpectationFailedException;
|
---|
21 | import oauth.signpost.exception.OAuthMessageSignerException;
|
---|
22 | import oauth.signpost.http.HttpParameters;
|
---|
23 | import oauth.signpost.http.HttpRequest;
|
---|
24 | import oauth.signpost.signature.AuthorizationHeaderSigningStrategy;
|
---|
25 | import oauth.signpost.signature.HmacSha1MessageSigner;
|
---|
26 | import oauth.signpost.signature.OAuthMessageSigner;
|
---|
27 | import oauth.signpost.signature.PlainTextMessageSigner;
|
---|
28 | import oauth.signpost.signature.QueryStringSigningStrategy;
|
---|
29 | import oauth.signpost.signature.SigningStrategy;
|
---|
30 |
|
---|
31 | /**
|
---|
32 | * <p>
|
---|
33 | * Exposes a simple interface to sign HTTP requests using a given OAuth token
|
---|
34 | * and secret. Refer to {@link OAuthProvider} how to retrieve a valid token and
|
---|
35 | * token secret.
|
---|
36 | * </p>
|
---|
37 | * <p>
|
---|
38 | * HTTP messages are signed as follows:
|
---|
39 | * <p>
|
---|
40 | *
|
---|
41 | * <pre>
|
---|
42 | * // exchange the arguments with the actual token/secret pair
|
---|
43 | * OAuthConsumer consumer = new DefaultOAuthConsumer("1234", "5678");
|
---|
44 | *
|
---|
45 | * URL url = new URL("http://example.com/protected.xml");
|
---|
46 | * HttpURLConnection request = (HttpURLConnection) url.openConnection();
|
---|
47 | *
|
---|
48 | * consumer.sign(request);
|
---|
49 | *
|
---|
50 | * request.connect();
|
---|
51 | * </pre>
|
---|
52 | *
|
---|
53 | * </p>
|
---|
54 | * </p>
|
---|
55 | *
|
---|
56 | * @author Matthias Kaeppler
|
---|
57 | */
|
---|
58 | public interface OAuthConsumer extends Serializable {
|
---|
59 |
|
---|
60 | /**
|
---|
61 | * Sets the message signer that should be used to generate the OAuth
|
---|
62 | * signature.
|
---|
63 | *
|
---|
64 | * @param messageSigner
|
---|
65 | * the signer
|
---|
66 | * @see HmacSha1MessageSigner
|
---|
67 | * @see PlainTextMessageSigner
|
---|
68 | */
|
---|
69 | public void setMessageSigner(OAuthMessageSigner messageSigner);
|
---|
70 |
|
---|
71 | /**
|
---|
72 | * Allows you to add parameters (typically OAuth parameters such as
|
---|
73 | * oauth_callback or oauth_verifier) which will go directly into the signer,
|
---|
74 | * i.e. you don't have to put them into the request first. The consumer's
|
---|
75 | * {@link SigningStrategy} will then take care of writing them to the
|
---|
76 | * correct part of the request before it is sent. This is useful if you want
|
---|
77 | * to pre-set custom OAuth parameters. Note that these parameters are
|
---|
78 | * expected to already be percent encoded -- they will be simply merged
|
---|
79 | * as-is. <b>BE CAREFUL WITH THIS METHOD! Your service provider may decide
|
---|
80 | * to ignore any non-standard OAuth params when computing the signature.</b>
|
---|
81 | *
|
---|
82 | * @param additionalParameters
|
---|
83 | * the parameters
|
---|
84 | */
|
---|
85 | public void setAdditionalParameters(HttpParameters additionalParameters);
|
---|
86 |
|
---|
87 | /**
|
---|
88 | * Defines which strategy should be used to write a signature to an HTTP
|
---|
89 | * request.
|
---|
90 | *
|
---|
91 | * @param signingStrategy
|
---|
92 | * the strategy
|
---|
93 | * @see AuthorizationHeaderSigningStrategy
|
---|
94 | * @see QueryStringSigningStrategy
|
---|
95 | */
|
---|
96 | public void setSigningStrategy(SigningStrategy signingStrategy);
|
---|
97 |
|
---|
98 | /**
|
---|
99 | * <p>
|
---|
100 | * Causes the consumer to always include the oauth_token parameter to be
|
---|
101 | * sent, even if blank. If you're seeing 401s during calls to
|
---|
102 | * {@link OAuthProvider#retrieveRequestToken}, try setting this to true.
|
---|
103 | * </p>
|
---|
104 | *
|
---|
105 | * @param enable
|
---|
106 | * true or false
|
---|
107 | */
|
---|
108 | public void setSendEmptyTokens(boolean enable);
|
---|
109 |
|
---|
110 | /**
|
---|
111 | * Signs the given HTTP request by writing an OAuth signature (and other
|
---|
112 | * required OAuth parameters) to it. Where these parameters are written
|
---|
113 | * depends on the current {@link SigningStrategy}.
|
---|
114 | *
|
---|
115 | * @param request
|
---|
116 | * the request to sign
|
---|
117 | * @return the request object passed as an argument
|
---|
118 | * @throws OAuthMessageSignerException
|
---|
119 | * @throws OAuthExpectationFailedException
|
---|
120 | * @throws OAuthCommunicationException
|
---|
121 | */
|
---|
122 | public HttpRequest sign(HttpRequest request) throws OAuthMessageSignerException,
|
---|
123 | OAuthExpectationFailedException, OAuthCommunicationException;
|
---|
124 |
|
---|
125 | /**
|
---|
126 | * <p>
|
---|
127 | * Signs the given HTTP request by writing an OAuth signature (and other
|
---|
128 | * required OAuth parameters) to it. Where these parameters are written
|
---|
129 | * depends on the current {@link SigningStrategy}.
|
---|
130 | * </p>
|
---|
131 | * This method accepts HTTP library specific request objects; the consumer
|
---|
132 | * implementation must ensure that only those request types are passed which
|
---|
133 | * it supports.
|
---|
134 | *
|
---|
135 | * @param request
|
---|
136 | * the request to sign
|
---|
137 | * @return the request object passed as an argument
|
---|
138 | * @throws OAuthMessageSignerException
|
---|
139 | * @throws OAuthExpectationFailedException
|
---|
140 | * @throws OAuthCommunicationException
|
---|
141 | */
|
---|
142 | public HttpRequest sign(Object request) throws OAuthMessageSignerException,
|
---|
143 | OAuthExpectationFailedException, OAuthCommunicationException;
|
---|
144 |
|
---|
145 | /**
|
---|
146 | * <p>
|
---|
147 | * "Signs" the given URL by appending all OAuth parameters to it which are
|
---|
148 | * required for message signing. The assumed HTTP method is GET.
|
---|
149 | * Essentially, this is equivalent to signing an HTTP GET request, but it
|
---|
150 | * can be useful if your application requires clickable links to protected
|
---|
151 | * resources, i.e. when your application does not have access to the actual
|
---|
152 | * request that is being sent.
|
---|
153 | * </p>
|
---|
154 | *
|
---|
155 | * @param url
|
---|
156 | * the input URL. May have query parameters.
|
---|
157 | * @return the input URL, with all necessary OAuth parameters attached as a
|
---|
158 | * query string. Existing query parameters are preserved.
|
---|
159 | * @throws OAuthMessageSignerException
|
---|
160 | * @throws OAuthExpectationFailedException
|
---|
161 | * @throws OAuthCommunicationException
|
---|
162 | */
|
---|
163 | public String sign(String url) throws OAuthMessageSignerException,
|
---|
164 | OAuthExpectationFailedException, OAuthCommunicationException;
|
---|
165 |
|
---|
166 | /**
|
---|
167 | * Sets the OAuth token and token secret used for message signing.
|
---|
168 | *
|
---|
169 | * @param token
|
---|
170 | * the token
|
---|
171 | * @param tokenSecret
|
---|
172 | * the token secret
|
---|
173 | */
|
---|
174 | public void setTokenWithSecret(String token, String tokenSecret);
|
---|
175 |
|
---|
176 | public String getToken();
|
---|
177 |
|
---|
178 | public String getTokenSecret();
|
---|
179 |
|
---|
180 | public String getConsumerKey();
|
---|
181 |
|
---|
182 | public String getConsumerSecret();
|
---|
183 |
|
---|
184 | /**
|
---|
185 | * Returns all parameters collected from the HTTP request during message
|
---|
186 | * signing (this means the return value may be NULL before a call to
|
---|
187 | * {@link #sign}), plus all required OAuth parameters that were added
|
---|
188 | * because the request didn't contain them beforehand. In other words, this
|
---|
189 | * is the exact set of parameters that were used for creating the message
|
---|
190 | * signature.
|
---|
191 | *
|
---|
192 | * @return the request parameters used for message signing
|
---|
193 | */
|
---|
194 | public HttpParameters getRequestParameters();
|
---|
195 | }
|
---|