Juan Carlos Picado Herrera avatar Juan Carlos Picado Herrera committed 0eb0671

Moved OAuth support to new module

Comments (0)

Files changed (18)

encuestame-business/src/main/java/org/encuestame/business/security/oauth/AppConnectionProviderToken.java

-/*
- ************************************************************************************
- * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
- * encuestame Development Team.
- * Licensed under the Apache Software License version 2.0
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
- * Unless required by applicable law or agreed to  in writing,  software  distributed
- * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
- * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
- * specific language governing permissions and limitations under the License.
- ************************************************************************************
- */
-package org.encuestame.business.security.oauth;
-
-import java.util.Collection;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.encuestame.persistence.dao.imp.AccountDaoImp;
-import org.encuestame.persistence.domain.application.ApplicationConnection;
-import org.encuestame.persistence.domain.security.UserAccount;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.oauth.provider.token.OAuthAccessProviderToken;
-
-/**
- * Implementation to a Spring Security {@link OAuthAccessProviderToken}.
- * @author Picado, Juan juanATencuestame.org
- * @since Dec 24, 2010 10:58:37 AM
- * @version $Id:$
- * @see OAuthSessionManagerProviderTokenServices
- */
-@SuppressWarnings("serial")
-public class AppConnectionProviderToken implements OAuthAccessProviderToken {
-
-    /** Log. **/
-    protected Log log = LogFactory.getLog(this.getClass());
-
-    /**
-     * Reference to {@link ApplicationConnection}.
-     */
-    private ApplicationConnection connection;
-
-    /**
-     * Account Dao.
-     * **/
-    @Autowired
-    private AccountDaoImp accountDaoImp;
-
-    /**
-     * Authentication.
-     * **/
-    private Authentication userAuthentication;
-
-    /**
-     * Constructor.
-     * @param connection application connection.
-     */
-    public AppConnectionProviderToken(ApplicationConnection connection) {
-        this.connection = connection;
-    }
-
-    /**
-     * Consumer Key.
-     * A value used by the Consumer to identify itself to the Service Provider.
-     */
-    public String getConsumerKey() {
-        return connection.getApiKey();
-    }
-
-    /**
-     * The value of the token.
-     *
-     * @return The value of the token.
-     */
-    public String getValue() {
-        return connection.getAccessToken();
-    }
-
-    /**
-     * The token secret.
-     *
-     * @return The token secret.
-     */
-    public String getSecret() {
-        return connection.getSecret();
-    }
-
-    /**
-     * The callback URL associated with this token.
-     *
-     * @return The callback URL associated with this token.
-     */
-    public String getCallbackUrl() {
-        return null;
-    }
-
-    /**
-     * The verifier string for this token.
-     *
-     * @return The verifier string for this token.
-     */
-    public String getVerifier() {
-        return null;
-    }
-
-    /**
-     * Whether this is an OAuth access token.
-     *
-     * @return Whether this is an OAuth access token.
-     */
-    public boolean isAccessToken() {
-        return true;
-    }
-
-    /**
-     * Get {@link UserAccount}. Authentication.
-     */
-    public Authentication getUserAuthentication() {
-        if (userAuthentication == null) {
-            UserAccount account = this.accountDaoImp.getUserAccountById(connection.getAccount().getUid());
-            log.debug("Get User Authentication "+account);
-            return this.authenticationTokenFor(account);
-        }
-        return userAuthentication;
-    }
-
-    /**
-     * Create Authentication.
-     * @param account {@link UserAccount}.
-     * @return
-     */
-    public Authentication authenticationTokenFor(final UserAccount account) {
-        //create traditional UserNamePasswordAuthentication.
-        return new UsernamePasswordAuthenticationToken(account, null, (Collection<GrantedAuthority>)null);
-    }
-
-}

encuestame-business/src/main/java/org/encuestame/business/security/oauth/ApplicationConsumerDetails.java

-/*
- ************************************************************************************
- * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
- * encuestame Development Team.
- * Licensed under the Apache Software License version 2.0
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
- * Unless required by applicable law or agreed to  in writing,  software  distributed
- * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
- * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
- * specific language governing permissions and limitations under the License.
- ************************************************************************************
- */
-package org.encuestame.business.security.oauth;
-
-import java.util.Collections;
-import java.util.List;
-
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.oauth.common.signature.SharedConsumerSecret;
-import org.springframework.security.oauth.common.signature.SignatureSecret;
-import org.springframework.security.oauth.provider.ConsumerDetails;
-import org.encuestame.persistence.domain.application.Application;
-
-/**
- * Implementation for OAuth Spring Security {@link ConsumerDetails}.
- * @author Picado, Juan juanATencuestame.org
- * @since Dec 23, 2010 11:10:54 AM
- * @version $Id:$
- */
-@SuppressWarnings("serial")
-public class ApplicationConsumerDetails implements ConsumerDetails {
-
-    /** Reference to {@link Application} . **/
-    private Application application;
-
-    /**
-     * Constructor.
-     * @param application {@link Application}.
-     */
-    public ApplicationConsumerDetails(Application application) {
-        this.application = application;
-    }
-
-    /*
-     * (non-Javadoc)
-     *
-     * @see
-     * org.springframework.security.oauth.provider.ConsumerDetails#getConsumerName
-     * ()
-     */
-    public String getConsumerName() {
-        return application.getName();
-    }
-
-    /*
-     * (non-Javadoc)
-     *
-     * @see
-     * org.springframework.security.oauth.provider.ConsumerDetails#getConsumerKey
-     * ()
-     */
-    public String getConsumerKey() {
-        return application.getApiKey();
-    }
-
-    /*
-     * (non-Javadoc)
-     *
-     * @see org.springframework.security.oauth.provider.ConsumerDetails#
-     * getSignatureSecret()
-     */
-    public SignatureSecret getSignatureSecret() {
-        return new SharedConsumerSecret(this.application.getSecret());
-    }
-
-    /*
-     * (non-Javadoc)
-     *
-     * @see
-     * org.springframework.security.oauth.provider.ConsumerDetails#getAuthorities
-     * ()
-     */
-    public List<GrantedAuthority> getAuthorities() {
-        return Collections.emptyList();
-    }
-}

encuestame-business/src/main/java/org/encuestame/business/security/oauth/ConcurrentMapOAuthSessionManager.java

-/*
- ************************************************************************************
- * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
- * encuestame Development Team.
- * Licensed under the Apache Software License version 2.0
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
- * Unless required by applicable law or agreed to  in writing,  software  distributed
- * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
- * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
- * specific language governing permissions and limitations under the License.
- ************************************************************************************
- */
-package org.encuestame.business.security.oauth;
-
-import java.util.concurrent.ConcurrentMap;
-import java.util.concurrent.TimeUnit;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.encuestame.persistence.dao.IApplicationDao;
-import org.encuestame.persistence.dao.imp.ApplicationDao;
-import org.encuestame.persistence.domain.application.ApplicationConnection;
-import org.encuestame.persistence.exception.EnMeNotValidKeyOAuthSecurityException;
-import org.encuestame.persistence.utils.SecureRandomStringKeyGenerator;
-import org.encuestame.utils.oauth.OAuthSession;
-import org.encuestame.utils.oauth.StandardOAuthSession;
-import org.springframework.beans.factory.annotation.Autowired;
-import com.google.common.collect.MapMaker;
-/**
- * Implementation to OAuth Session Manager.
- * @author Picado, Juan juanATencuestame.org
- * @since Dec 23, 2010 7:23:16 PM
- * @version $Id:$
- */
-public class ConcurrentMapOAuthSessionManager implements OAuthSessionManager {
-
-    /**
-     * Log.
-     */
-    protected Log log = LogFactory.getLog(this.getClass());
-
-    /**
-     * Map of Sessions.
-     */
-    private final ConcurrentMap<String, StandardOAuthSession> sessions;
-
-    /**
-     * Dao Application.
-     * **/
-    @Autowired
-    private IApplicationDao applicationDao;
-
-    /**
-     *  Key Generator.
-     * **/
-    private SecureRandomStringKeyGenerator keyGenerator = new SecureRandomStringKeyGenerator();
-
-    /**
-     * Constructor.
-     */
-    public ConcurrentMapOAuthSessionManager() {
-        sessions = new MapMaker().softValues().expiration(2, TimeUnit.MINUTES).makeMap();
-    }
-
-    /**
-     * New OAuth Session.
-     */
-    public OAuthSession newOAuthSession(String apiKey, String callbackUrl) {
-        final StandardOAuthSession session = new StandardOAuthSession(apiKey, callbackUrl, keyGenerator.generateKey(), keyGenerator.generateKey());
-        log.debug("New OAuth StandardOAuthSession"+session.getApiKey());
-        log.debug("New OAuth StandardOAuthSession"+session.getSecret());
-        log.debug("New OAuth StandardOAuthSession"+session.getVerifier());
-        log.debug("New OAuth StandardOAuthSession"+session.getCallbackUrl());
-        sessions.put(session.getRequestToken(), session);
-        return session;
-    }
-
-    /**
-     * Grant Access to App.
-     * @param requestToken
-     * @return
-     * @throws EnMeNotValidKeyOAuthSecurityException
-     */
-    public ApplicationConnection grantAccess(String requestToken) throws EnMeNotValidKeyOAuthSecurityException {
-        log.debug("Grant Access");
-        StandardOAuthSession session = getStandardSession(requestToken);
-        if (!session.authorized()) {
-            throw new IllegalStateException("OAuthSession is not yet authorized");
-        }
-        log.debug("Grant Access is authorized "+session.authorized());
-        try {
-            ApplicationConnection connection = this.applicationDao.connectApplication(
-                                  session.getAuthorizingAccountId(), session.getApiKey());
-            log.debug("Grant Access new connection "+connection.getConnectionId());
-            sessions.remove(requestToken);
-            return connection;
-        } catch (Exception e) {
-            throw new IllegalStateException("Unable to grant access due to session - have the App's key changed?", e);
-        }
-    }
-
-    /**
-     * Get Session.
-     */
-    public OAuthSession getSession(String requestToken)
-            throws EnMeNotValidKeyOAuthSecurityException {
-        OAuthSession session = sessions.get(requestToken);
-        log.debug("OAuth Session SE "+session.getSecret());
-        log.debug("OAuth Session AP "+session.getApiKey());
-        log.debug("OAuth Session RT "+session.getRequestToken());
-        if (session == null) {
-            log.error("OAuth Session is null");
-            throw new EnMeNotValidKeyOAuthSecurityException(requestToken);
-        }
-        return session;
-    }
-
-    /**
-     * Authorize application.
-     */
-    public OAuthSession authorize(String requestToken,
-            Long authorizingAccountId, String verifier)
-            throws EnMeNotValidKeyOAuthSecurityException {
-        final StandardOAuthSession session = getStandardSession(requestToken);
-        log.debug("Authorize session");
-        if (session.authorized()) {
-            throw new IllegalStateException("OAuthSession is already authorized");
-        }
-        log.debug("Authorize session RT "+session.getRequestToken());
-        session.authorize(authorizingAccountId, verifier);
-        return session;
-    }
-
-
-    /**
-     * Get Standard Session.
-     * @param requestToken
-     * @return
-     * @throws EnMeNotValidKeyOAuthSecurityException
-     */
-    private StandardOAuthSession getStandardSession(String requestToken)
-            throws EnMeNotValidKeyOAuthSecurityException {
-        return (StandardOAuthSession) this.getSession(requestToken);
-    }
-
-    /**
-     * @return the applicationDao
-     */
-    public IApplicationDao getApplicationDao() {
-        return applicationDao;
-    }
-
-    /**
-     * @param applicationDao the applicationDao to set
-     */
-    public void setApplicationDao(ApplicationDao applicationDao) {
-        this.applicationDao = applicationDao;
-    }
-}

encuestame-business/src/main/java/org/encuestame/business/security/oauth/EnMeConsumerDetailsService.java

-/*
- ************************************************************************************
- * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
- * encuestame Development Team.
- * Licensed under the Apache Software License version 2.0
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
- * Unless required by applicable law or agreed to  in writing,  software  distributed
- * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
- * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
- * specific language governing permissions and limitations under the License.
- ************************************************************************************
- */
-package org.encuestame.business.security.oauth;
-
-import org.encuestame.persistence.dao.imp.ApplicationDao;
-import org.encuestame.persistence.domain.application.Application;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.oauth.common.OAuthException;
-import org.springframework.security.oauth.provider.ConsumerDetails;
-import org.springframework.security.oauth.provider.ConsumerDetailsService;
-
-/**
- * Describe Consumer Details Services, implementes OAuth Security {@link ConsumerDetailsService}.
- * @author Picado, Juan juanATencuestame.org
- * @since Dec 23, 2010 11:06:54 AM
- * @version $Id:$
- */
-public class EnMeConsumerDetailsService implements ConsumerDetailsService {
-
-    /** {@link ApplicationDao}. **/
-    @Autowired
-    private ApplicationDao applicationDao;
-
-    /* (non-Javadoc)
-     * @see org.springframework.security.oauth.provider.ConsumerDetailsService#loadConsumerByConsumerKey(java.lang.String)
-     */
-    public ConsumerDetails loadConsumerByConsumerKey(String consumerKey)
-            throws OAuthException {
-       try {
-           return consumerDetailsFor(this.applicationDao.getApplicationByKey(consumerKey));
-       } catch (Exception e) {
-           throw new OAuthException("Invalid OAuth consumer key " + consumerKey, e);
-       }
-    }
-
-    /**
-     * Create new Application Consumer Details.
-     * @param application applications.
-     */
-    private ConsumerDetails consumerDetailsFor(Application application) {
-        return new ApplicationConsumerDetails(application);
-    }
-
-    /**
-     * @return the applicationDao
-     */
-    public ApplicationDao getApplicationDao() {
-        return applicationDao;
-    }
-
-    /**
-     * @param applicationDao the applicationDao to set
-     */
-    public void setApplicationDao(final ApplicationDao applicationDao) {
-        this.applicationDao = applicationDao;
-    }
-}

encuestame-business/src/main/java/org/encuestame/business/security/oauth/EnMeOAuthSessionManagerProviderTokenService.java

-/*
- ************************************************************************************
- * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
- * encuestame Development Team.
- * Licensed under the Apache Software License version 2.0
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
- * Unless required by applicable law or agreed to  in writing,  software  distributed
- * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
- * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
- * specific language governing permissions and limitations under the License.
- ************************************************************************************
- */
-package org.encuestame.business.security.oauth;
-
-import org.encuestame.persistence.dao.IApplicationDao;
-import org.encuestame.persistence.dao.imp.AccountDaoImp;
-import org.encuestame.persistence.dao.imp.ApplicationDao;
-import org.encuestame.persistence.domain.application.ApplicationConnection;
-import org.encuestame.persistence.domain.security.UserAccount;
-import org.encuestame.persistence.exception.EnMeNoResultsFoundException;
-import org.encuestame.persistence.exception.EnMeNotValidKeyOAuthSecurityException;
-import org.encuestame.utils.oauth.OAuthSession;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.oauth.provider.token.InvalidOAuthTokenException;
-import org.springframework.security.oauth.provider.token.OAuthAccessProviderToken;
-import org.springframework.security.oauth.provider.token.OAuthProviderToken;
-import org.springframework.security.oauth.provider.token.OAuthProviderTokenServices;
-
-/**
- * Adapts the {@link OAuthSessionManager} API to the Spring Security {@link OAuthProviderTokenServices}.
- * Allows for the {@link OAuthSessionManager} to be used with Spring Security OAuth-based Provider to store OAuth request state and establish OAuth connections.
- * @author Picado, Juan juanATencuestame.org
- * @since Dec 23, 2010 7:21:29 PM
- * @version $Id:$
- */
-public class EnMeOAuthSessionManagerProviderTokenService implements
-        OAuthProviderTokenServices {
-
-    /** Oauth session  manager. **/
-    @Autowired
-    private OAuthSessionManager sessionManager;
-
-    /** {@link AccountDaoImp}. **/
-    @Autowired
-    private AccountDaoImp accountDaoImp;
-
-    /** {@link ApplicationDao}. **/
-    @Autowired
-    private IApplicationDao applicationDao;
-
-    /* (non-Javadoc)
-     * @see org.springframework.security.oauth.provider.token.OAuthProviderTokenServices#getToken(java.lang.String)
-     */
-    public OAuthProviderToken getToken(String token)
-            throws AuthenticationException {
-        try {
-            return providerTokenFor(sessionManager.getSession(token));
-        } catch (EnMeNotValidKeyOAuthSecurityException e) {
-            try {
-                return providerTokenFor(this.applicationDao.findAppConnection(token));
-            } catch (EnMeNoResultsFoundException ex) {
-                throw new InvalidOAuthTokenException("Could not find OAuthSession or AppConnection for provided OAuth request token " + token);
-            }
-        }
-    }
-
-    /* (non-Javadoc)
-     * @see org.springframework.security.oauth.provider.token.OAuthProviderTokenServices#createUnauthorizedRequestToken(java.lang.String, java.lang.String)
-     */
-    public OAuthProviderToken createUnauthorizedRequestToken(
-            String consumerKey, String callbackUrl)
-            throws AuthenticationException {
-        return providerTokenFor(sessionManager.newOAuthSession(consumerKey, callbackUrl));
-    }
-
-    /* (non-Javadoc)
-     * @see org.springframework.security.oauth.provider.token.OAuthProviderTokenServices#authorizeRequestToken(java.lang.String, java.lang.String, org.springframework.security.core.Authentication)
-     */
-    public void authorizeRequestToken(String requestToken, String verifier,
-            Authentication authentication) throws AuthenticationException {
-        if (!(authentication.getPrincipal() instanceof UserAccount)) {
-            throw new IllegalArgumentException("Authenticated user principal is not of expected Account type");
-        }
-        try {
-            Long authorizingAccountId = ((UserAccount) authentication.getPrincipal()).getUid();
-            sessionManager.authorize(requestToken, authorizingAccountId, verifier);
-        } catch (EnMeNotValidKeyOAuthSecurityException e) {
-            throw new InvalidOAuthTokenException(e.getMessage());
-        }
-    }
-
-    /* (non-Javadoc)
-     * @see org.springframework.security.oauth.provider.token.OAuthProviderTokenServices#createAccessToken(java.lang.String)
-     */
-    public OAuthAccessProviderToken createAccessToken(String requestToken)
-            throws AuthenticationException {
-        try {
-            return providerTokenFor(sessionManager.grantAccess(requestToken));
-        } catch (EnMeNotValidKeyOAuthSecurityException e) {
-            throw new InvalidOAuthTokenException(e.getMessage());
-        }
-    }
-
-    private OAuthProviderToken providerTokenFor(OAuthSession session) {
-        return new OAuthSessionProviderToken(session);
-    }
-
-    private OAuthAccessProviderToken providerTokenFor(ApplicationConnection connection) {
-        return new AppConnectionProviderToken(connection);
-    }
-
-    /**
-     * @return the accountDaoImp
-     */
-    public AccountDaoImp getAccountDaoImp() {
-        return accountDaoImp;
-    }
-
-    /**
-     * @param accountDaoImp the accountDaoImp to set
-     */
-    public void setAccountDaoImp(final AccountDaoImp accountDaoImp) {
-        this.accountDaoImp = accountDaoImp;
-    }
-
-    /**
-     * @return the applicationDao
-     */
-    public IApplicationDao getApplicationDao() {
-        return applicationDao;
-    }
-
-    /**
-     * @param applicationDao the applicationDao to set
-     */
-    public void setApplicationDao(final IApplicationDao applicationDao) {
-        this.applicationDao = applicationDao;
-    }
-
-    /**
-     * @return the sessionManager
-     */
-    public OAuthSessionManager getSessionManager() {
-        return sessionManager;
-    }
-
-    /**
-     * @param sessionManager the sessionManager to set
-     */
-    public void setSessionManager(final OAuthSessionManager sessionManager) {
-        this.sessionManager = sessionManager;
-    }
-}

encuestame-business/src/main/java/org/encuestame/business/security/oauth/OAuthSessionManager.java

-/*
- ************************************************************************************
- * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
- * encuestame Development Team.
- * Licensed under the Apache Software License version 2.0
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
- * Unless required by applicable law or agreed to  in writing,  software  distributed
- * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
- * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
- * specific language governing permissions and limitations under the License.
- ************************************************************************************
- */
-package org.encuestame.business.security.oauth;
-
-import org.encuestame.persistence.domain.application.ApplicationConnection;
-import org.encuestame.persistence.exception.EnMeNotValidKeyOAuthSecurityException;
-import org.encuestame.utils.oauth.OAuthSession;
-/**
- * Implementation to manage OAuth Sessions
- * @author Picado, Juan juanATencuestame.org
- * @since Dec 23, 2010 7:23:39 PM
- * @version $Id:$
- */
-public interface OAuthSessionManager {
-
-    /**
-     * Create a new OAuth session for the application with the assigned api key.
-     * @param apiKey the api key, assumed to be valid by the time this method is invoked.
-     * @param callbackUrl the URL the client wants you to redirect the user to after he or she authorizes the connection
-     * @return a new OAuthSession containing an assigned request token
-     */
-    OAuthSession newOAuthSession(String apiKey, String callbackUrl);
-
-    /**
-     * Get the active OAuthSession indexed by the assigned request token.
-     * @param requestToken the request token
-     * @throws InvalidRequestTokenException if the request token is not valid; this could happen if the session has completed or expired.
-     */
-    OAuthSession getSession(String requestToken) throws EnMeNotValidKeyOAuthSecurityException;
-
-    /**
-     * Record that a user granted access to the application associated with the OAuthSession.
-     * @param requestToken the request token that identifies the OAuthSession
-     * @param authorizingAccountId the id of the user account that authorized the connection
-     * @param verifier the verifier token generated by the OAuthProvider; expected to be submitted by the client on the accessToken request that follows the callback redirect.
-     * @return the updated OAuthSession reflecting authorized() status
-     * @throws InvalidRequestTokenException if the request token is not valid; this could happen if the session has completed or expired.
-     * @throws EnMeNotValidKeyOAuthSecurityException
-     */
-    OAuthSession authorize(String requestToken, Long authorizingAccountId, String verifier) throws  EnMeNotValidKeyOAuthSecurityException;
-
-    /**
-     * For the OAuthSession identified by the requestToken, grant the application identified by the {@link OAuthSession#getApiKey()} access to the
-     * {@link OAuthSession#getAuthorizingAccountId() authorizing member account}.
-     * An access token will be assigned and returned in the AppConnection object.
-     * @throws InvalidRequestTokenException if the request token is not valid; this could happen if the session has completed or expired.
-     */
-    ApplicationConnection grantAccess(String requestToken) throws EnMeNotValidKeyOAuthSecurityException;
-
-}

encuestame-business/src/main/java/org/encuestame/business/security/oauth/OAuthSessionProviderToken.java

-/*
- ************************************************************************************
- * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
- * encuestame Development Team.
- * Licensed under the Apache Software License version 2.0
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
- * Unless required by applicable law or agreed to  in writing,  software  distributed
- * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
- * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
- * specific language governing permissions and limitations under the License.
- ************************************************************************************
- */
-package org.encuestame.business.security.oauth;
-
-import org.encuestame.utils.oauth.OAuthSession;
-import org.springframework.security.oauth.provider.token.OAuthProviderToken;
-
-/**
- * Adapts a {@link OAuthSession} returned by the {@link OAuthSessionManager} to a Spring Security {@link OAuthProviderToken}.
- * @author Picado, Juan juanATencuestame.org
- * @since Dec 24, 2010 3:57:14 PM
- * @version Id:
- */
-@SuppressWarnings("serial")
-class OAuthSessionProviderToken implements OAuthProviderToken {
-
-    private OAuthSession session;
-
-    public OAuthSessionProviderToken(OAuthSession session) {
-        this.session = session;
-    }
-
-    public String getConsumerKey() {
-        return session.getApiKey();
-    }
-
-    public String getValue() {
-        return session.getRequestToken();
-    }
-
-    public String getSecret() {
-        return session.getSecret();
-    }
-
-    public String getCallbackUrl() {
-        return session.getCallbackUrl();
-    }
-
-    public String getVerifier() {
-        return session.getVerifier();
-    }
-
-    public boolean isAccessToken() {
-        return false;
-    }
-}

encuestame-business/src/main/java/org/encuestame/business/security/oauth/package-info.java

-/**
- * OAuth Security Features.
- */
-package org.encuestame.business.security.oauth;

encuestame-business/src/main/resources/spring-test/encuestame-test-security-oauth-context.xml

     <!-- ConsumerDetailsService that constructs ConsumerDetails objects from Apps loaded by App Dao. -->
     <bean id="oauthConsumerDetails"
           autowire="byName"
-          class="org.encuestame.business.security.oauth.EnMeConsumerDetailsService" />
+          class="org.encuestame.oauth.security.EnMeConsumerDetailsService" />
 
     <!-- OAuthProviderTokenServices that uses a OAuthSessionManager to manage OAuthSession storage -->
     <bean id="oauthProviderTokenServices"
           autowire="byName"
-          class="org.encuestame.business.security.oauth.EnMeOAuthSessionManagerProviderTokenService">
+          class="org.encuestame.oauth.security.EnMeOAuthSessionManagerProviderTokenService">
     </bean>
 
     <!-- Stores OAuthSessions in a ConcurrentMap with soft values and 2 minutes time idle -->
     <bean id="oauthSessionManager"
           autowire="byName"
-          class="org.encuestame.business.security.oauth.ConcurrentMapOAuthSessionManager" />
+          class="org.encuestame.oauth.security.ConcurrentMapOAuthSessionManager" />
 
     <!-- Sends a UNAUTHORIZED response back to clients attempting to access protected resources but who have not yet authenticated via OAuth -->
     <bean id="oauthAuthenticationEntryPoint" autowire="byName"

encuestame-oauth/pom.xml

                <groupId>com.google.api.client</groupId>
                <artifactId>google-api-client</artifactId>
           </dependency>
+          <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+        </dependency>
     </dependencies>
     <build>
         <filters>

encuestame-oauth/src/main/java/org/encuestame/oauth/security/AppConnectionProviderToken.java

+/*
+ ************************************************************************************
+ * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
+ * encuestame Development Team.
+ * Licensed under the Apache Software License version 2.0
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to  in writing,  software  distributed
+ * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
+ * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
+ * specific language governing permissions and limitations under the License.
+ ************************************************************************************
+ */
+package org.encuestame.oauth.security;
+
+import java.util.Collection;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.encuestame.persistence.dao.imp.AccountDaoImp;
+import org.encuestame.persistence.domain.application.ApplicationConnection;
+import org.encuestame.persistence.domain.security.UserAccount;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth.provider.token.OAuthAccessProviderToken;
+
+/**
+ * Implementation to a Spring Security {@link OAuthAccessProviderToken}.
+ * @author Picado, Juan juanATencuestame.org
+ * @since Dec 24, 2010 10:58:37 AM
+ * @version $Id:$
+ * @see OAuthSessionManagerProviderTokenServices
+ */
+@SuppressWarnings("serial")
+public class AppConnectionProviderToken implements OAuthAccessProviderToken {
+
+    /** Log. **/
+    protected Log log = LogFactory.getLog(this.getClass());
+
+    /**
+     * Reference to {@link ApplicationConnection}.
+     */
+    private ApplicationConnection connection;
+
+    /**
+     * Account Dao.
+     * **/
+    @Autowired
+    private AccountDaoImp accountDaoImp;
+
+    /**
+     * Authentication.
+     * **/
+    private Authentication userAuthentication;
+
+    /**
+     * Constructor.
+     * @param connection application connection.
+     */
+    public AppConnectionProviderToken(ApplicationConnection connection) {
+        this.connection = connection;
+    }
+
+    /**
+     * Consumer Key.
+     * A value used by the Consumer to identify itself to the Service Provider.
+     */
+    public String getConsumerKey() {
+        return connection.getApiKey();
+    }
+
+    /**
+     * The value of the token.
+     *
+     * @return The value of the token.
+     */
+    public String getValue() {
+        return connection.getAccessToken();
+    }
+
+    /**
+     * The token secret.
+     *
+     * @return The token secret.
+     */
+    public String getSecret() {
+        return connection.getSecret();
+    }
+
+    /**
+     * The callback URL associated with this token.
+     *
+     * @return The callback URL associated with this token.
+     */
+    public String getCallbackUrl() {
+        return null;
+    }
+
+    /**
+     * The verifier string for this token.
+     *
+     * @return The verifier string for this token.
+     */
+    public String getVerifier() {
+        return null;
+    }
+
+    /**
+     * Whether this is an OAuth access token.
+     *
+     * @return Whether this is an OAuth access token.
+     */
+    public boolean isAccessToken() {
+        return true;
+    }
+
+    /**
+     * Get {@link UserAccount}. Authentication.
+     */
+    public Authentication getUserAuthentication() {
+        if (userAuthentication == null) {
+            UserAccount account = this.accountDaoImp.getUserAccountById(connection.getAccount().getUid());
+            log.debug("Get User Authentication "+account);
+            return this.authenticationTokenFor(account);
+        }
+        return userAuthentication;
+    }
+
+    /**
+     * Create Authentication.
+     * @param account {@link UserAccount}.
+     * @return
+     */
+    public Authentication authenticationTokenFor(final UserAccount account) {
+        //create traditional UserNamePasswordAuthentication.
+        return new UsernamePasswordAuthenticationToken(account, null, (Collection<GrantedAuthority>)null);
+    }
+
+}

encuestame-oauth/src/main/java/org/encuestame/oauth/security/ApplicationConsumerDetails.java

+/*
+ ************************************************************************************
+ * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
+ * encuestame Development Team.
+ * Licensed under the Apache Software License version 2.0
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to  in writing,  software  distributed
+ * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
+ * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
+ * specific language governing permissions and limitations under the License.
+ ************************************************************************************
+ */
+package org.encuestame.oauth.security;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth.common.signature.SharedConsumerSecret;
+import org.springframework.security.oauth.common.signature.SignatureSecret;
+import org.springframework.security.oauth.provider.ConsumerDetails;
+import org.encuestame.persistence.domain.application.Application;
+
+/**
+ * Implementation for OAuth Spring Security {@link ConsumerDetails}.
+ * @author Picado, Juan juanATencuestame.org
+ * @since Dec 23, 2010 11:10:54 AM
+ * @version $Id:$
+ */
+@SuppressWarnings("serial")
+public class ApplicationConsumerDetails implements ConsumerDetails {
+
+    /** Reference to {@link Application} . **/
+    private Application application;
+
+    /**
+     * Constructor.
+     * @param application {@link Application}.
+     */
+    public ApplicationConsumerDetails(Application application) {
+        this.application = application;
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see
+     * org.springframework.security.oauth.provider.ConsumerDetails#getConsumerName
+     * ()
+     */
+    public String getConsumerName() {
+        return application.getName();
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see
+     * org.springframework.security.oauth.provider.ConsumerDetails#getConsumerKey
+     * ()
+     */
+    public String getConsumerKey() {
+        return application.getApiKey();
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.springframework.security.oauth.provider.ConsumerDetails#
+     * getSignatureSecret()
+     */
+    public SignatureSecret getSignatureSecret() {
+        return new SharedConsumerSecret(this.application.getSecret());
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see
+     * org.springframework.security.oauth.provider.ConsumerDetails#getAuthorities
+     * ()
+     */
+    public List<GrantedAuthority> getAuthorities() {
+        return Collections.emptyList();
+    }
+}

encuestame-oauth/src/main/java/org/encuestame/oauth/security/ConcurrentMapOAuthSessionManager.java

+/*
+ ************************************************************************************
+ * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
+ * encuestame Development Team.
+ * Licensed under the Apache Software License version 2.0
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to  in writing,  software  distributed
+ * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
+ * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
+ * specific language governing permissions and limitations under the License.
+ ************************************************************************************
+ */
+package org.encuestame.oauth.security;
+
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.encuestame.persistence.dao.IApplicationDao;
+import org.encuestame.persistence.dao.imp.ApplicationDao;
+import org.encuestame.persistence.domain.application.ApplicationConnection;
+import org.encuestame.persistence.exception.EnMeNotValidKeyOAuthSecurityException;
+import org.encuestame.persistence.utils.SecureRandomStringKeyGenerator;
+import org.encuestame.utils.oauth.OAuthSession;
+import org.encuestame.utils.oauth.StandardOAuthSession;
+import org.springframework.beans.factory.annotation.Autowired;
+import com.google.common.collect.MapMaker;
+/**
+ * Implementation to OAuth Session Manager.
+ * @author Picado, Juan juanATencuestame.org
+ * @since Dec 23, 2010 7:23:16 PM
+ * @version $Id:$
+ */
+public class ConcurrentMapOAuthSessionManager implements OAuthSessionManager {
+
+    /**
+     * Log.
+     */
+    protected Log log = LogFactory.getLog(this.getClass());
+
+    /**
+     * Map of Sessions.
+     */
+    private final ConcurrentMap<String, StandardOAuthSession> sessions;
+
+    /**
+     * Dao Application.
+     * **/
+    @Autowired
+    private IApplicationDao applicationDao;
+
+    /**
+     *  Key Generator.
+     * **/
+    private SecureRandomStringKeyGenerator keyGenerator = new SecureRandomStringKeyGenerator();
+
+    /**
+     * Constructor.
+     */
+    public ConcurrentMapOAuthSessionManager() {
+        sessions = new MapMaker().softValues().expiration(2, TimeUnit.MINUTES).makeMap();
+    }
+
+    /**
+     * New OAuth Session.
+     */
+    public OAuthSession newOAuthSession(String apiKey, String callbackUrl) {
+        final StandardOAuthSession session = new StandardOAuthSession(apiKey, callbackUrl, keyGenerator.generateKey(), keyGenerator.generateKey());
+        log.debug("New OAuth StandardOAuthSession"+session.getApiKey());
+        log.debug("New OAuth StandardOAuthSession"+session.getSecret());
+        log.debug("New OAuth StandardOAuthSession"+session.getVerifier());
+        log.debug("New OAuth StandardOAuthSession"+session.getCallbackUrl());
+        sessions.put(session.getRequestToken(), session);
+        return session;
+    }
+
+    /**
+     * Grant Access to App.
+     * @param requestToken
+     * @return
+     * @throws EnMeNotValidKeyOAuthSecurityException
+     */
+    public ApplicationConnection grantAccess(String requestToken) throws EnMeNotValidKeyOAuthSecurityException {
+        log.debug("Grant Access");
+        StandardOAuthSession session = getStandardSession(requestToken);
+        if (!session.authorized()) {
+            throw new IllegalStateException("OAuthSession is not yet authorized");
+        }
+        log.debug("Grant Access is authorized "+session.authorized());
+        try {
+            ApplicationConnection connection = this.applicationDao.connectApplication(
+                                  session.getAuthorizingAccountId(), session.getApiKey());
+            log.debug("Grant Access new connection "+connection.getConnectionId());
+            sessions.remove(requestToken);
+            return connection;
+        } catch (Exception e) {
+            throw new IllegalStateException("Unable to grant access due to session - have the App's key changed?", e);
+        }
+    }
+
+    /**
+     * Get Session.
+     */
+    public OAuthSession getSession(String requestToken)
+            throws EnMeNotValidKeyOAuthSecurityException {
+        OAuthSession session = sessions.get(requestToken);
+        log.debug("OAuth Session SE "+session.getSecret());
+        log.debug("OAuth Session AP "+session.getApiKey());
+        log.debug("OAuth Session RT "+session.getRequestToken());
+        if (session == null) {
+            log.error("OAuth Session is null");
+            throw new EnMeNotValidKeyOAuthSecurityException(requestToken);
+        }
+        return session;
+    }
+
+    /**
+     * Authorize application.
+     */
+    public OAuthSession authorize(String requestToken,
+            Long authorizingAccountId, String verifier)
+            throws EnMeNotValidKeyOAuthSecurityException {
+        final StandardOAuthSession session = getStandardSession(requestToken);
+        log.debug("Authorize session");
+        if (session.authorized()) {
+            throw new IllegalStateException("OAuthSession is already authorized");
+        }
+        log.debug("Authorize session RT "+session.getRequestToken());
+        session.authorize(authorizingAccountId, verifier);
+        return session;
+    }
+
+
+    /**
+     * Get Standard Session.
+     * @param requestToken
+     * @return
+     * @throws EnMeNotValidKeyOAuthSecurityException
+     */
+    private StandardOAuthSession getStandardSession(String requestToken)
+            throws EnMeNotValidKeyOAuthSecurityException {
+        return (StandardOAuthSession) this.getSession(requestToken);
+    }
+
+    /**
+     * @return the applicationDao
+     */
+    public IApplicationDao getApplicationDao() {
+        return applicationDao;
+    }
+
+    /**
+     * @param applicationDao the applicationDao to set
+     */
+    public void setApplicationDao(ApplicationDao applicationDao) {
+        this.applicationDao = applicationDao;
+    }
+}

encuestame-oauth/src/main/java/org/encuestame/oauth/security/EnMeConsumerDetailsService.java

+/*
+ ************************************************************************************
+ * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
+ * encuestame Development Team.
+ * Licensed under the Apache Software License version 2.0
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to  in writing,  software  distributed
+ * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
+ * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
+ * specific language governing permissions and limitations under the License.
+ ************************************************************************************
+ */
+package org.encuestame.oauth.security;
+
+import org.encuestame.persistence.dao.imp.ApplicationDao;
+import org.encuestame.persistence.domain.application.Application;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.oauth.common.OAuthException;
+import org.springframework.security.oauth.provider.ConsumerDetails;
+import org.springframework.security.oauth.provider.ConsumerDetailsService;
+
+/**
+ * Describe Consumer Details Services, implementes OAuth Security {@link ConsumerDetailsService}.
+ * @author Picado, Juan juanATencuestame.org
+ * @since Dec 23, 2010 11:06:54 AM
+ * @version $Id:$
+ */
+public class EnMeConsumerDetailsService implements ConsumerDetailsService {
+
+    /** {@link ApplicationDao}. **/
+    @Autowired
+    private ApplicationDao applicationDao;
+
+    /* (non-Javadoc)
+     * @see org.springframework.security.oauth.provider.ConsumerDetailsService#loadConsumerByConsumerKey(java.lang.String)
+     */
+    public ConsumerDetails loadConsumerByConsumerKey(String consumerKey)
+            throws OAuthException {
+       try {
+           return consumerDetailsFor(this.applicationDao.getApplicationByKey(consumerKey));
+       } catch (Exception e) {
+           throw new OAuthException("Invalid OAuth consumer key " + consumerKey, e);
+       }
+    }
+
+    /**
+     * Create new Application Consumer Details.
+     * @param application applications.
+     */
+    private ConsumerDetails consumerDetailsFor(Application application) {
+        return new ApplicationConsumerDetails(application);
+    }
+
+    /**
+     * @return the applicationDao
+     */
+    public ApplicationDao getApplicationDao() {
+        return applicationDao;
+    }
+
+    /**
+     * @param applicationDao the applicationDao to set
+     */
+    public void setApplicationDao(final ApplicationDao applicationDao) {
+        this.applicationDao = applicationDao;
+    }
+}

encuestame-oauth/src/main/java/org/encuestame/oauth/security/EnMeOAuthSessionManagerProviderTokenService.java

+/*
+ ************************************************************************************
+ * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
+ * encuestame Development Team.
+ * Licensed under the Apache Software License version 2.0
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to  in writing,  software  distributed
+ * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
+ * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
+ * specific language governing permissions and limitations under the License.
+ ************************************************************************************
+ */
+package org.encuestame.oauth.security;
+
+import org.encuestame.persistence.dao.IApplicationDao;
+import org.encuestame.persistence.dao.imp.AccountDaoImp;
+import org.encuestame.persistence.dao.imp.ApplicationDao;
+import org.encuestame.persistence.domain.application.ApplicationConnection;
+import org.encuestame.persistence.domain.security.UserAccount;
+import org.encuestame.persistence.exception.EnMeNoResultsFoundException;
+import org.encuestame.persistence.exception.EnMeNotValidKeyOAuthSecurityException;
+import org.encuestame.utils.oauth.OAuthSession;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth.provider.token.InvalidOAuthTokenException;
+import org.springframework.security.oauth.provider.token.OAuthAccessProviderToken;
+import org.springframework.security.oauth.provider.token.OAuthProviderToken;
+import org.springframework.security.oauth.provider.token.OAuthProviderTokenServices;
+
+/**
+ * Adapts the {@link OAuthSessionManager} API to the Spring Security {@link OAuthProviderTokenServices}.
+ * Allows for the {@link OAuthSessionManager} to be used with Spring Security OAuth-based Provider to store OAuth request state and establish OAuth connections.
+ * @author Picado, Juan juanATencuestame.org
+ * @since Dec 23, 2010 7:21:29 PM
+ * @version $Id:$
+ */
+public class EnMeOAuthSessionManagerProviderTokenService implements
+        OAuthProviderTokenServices {
+
+    /** Oauth session  manager. **/
+    @Autowired
+    private OAuthSessionManager sessionManager;
+
+    /** {@link AccountDaoImp}. **/
+    @Autowired
+    private AccountDaoImp accountDaoImp;
+
+    /** {@link ApplicationDao}. **/
+    @Autowired
+    private IApplicationDao applicationDao;
+
+    /* (non-Javadoc)
+     * @see org.springframework.security.oauth.provider.token.OAuthProviderTokenServices#getToken(java.lang.String)
+     */
+    public OAuthProviderToken getToken(String token)
+            throws AuthenticationException {
+        try {
+            return providerTokenFor(sessionManager.getSession(token));
+        } catch (EnMeNotValidKeyOAuthSecurityException e) {
+            try {
+                return providerTokenFor(this.applicationDao.findAppConnection(token));
+            } catch (EnMeNoResultsFoundException ex) {
+                throw new InvalidOAuthTokenException("Could not find OAuthSession or AppConnection for provided OAuth request token " + token);
+            }
+        }
+    }
+
+    /* (non-Javadoc)
+     * @see org.springframework.security.oauth.provider.token.OAuthProviderTokenServices#createUnauthorizedRequestToken(java.lang.String, java.lang.String)
+     */
+    public OAuthProviderToken createUnauthorizedRequestToken(
+            String consumerKey, String callbackUrl)
+            throws AuthenticationException {
+        return providerTokenFor(sessionManager.newOAuthSession(consumerKey, callbackUrl));
+    }
+
+    /* (non-Javadoc)
+     * @see org.springframework.security.oauth.provider.token.OAuthProviderTokenServices#authorizeRequestToken(java.lang.String, java.lang.String, org.springframework.security.core.Authentication)
+     */
+    public void authorizeRequestToken(String requestToken, String verifier,
+            Authentication authentication) throws AuthenticationException {
+        if (!(authentication.getPrincipal() instanceof UserAccount)) {
+            throw new IllegalArgumentException("Authenticated user principal is not of expected Account type");
+        }
+        try {
+            Long authorizingAccountId = ((UserAccount) authentication.getPrincipal()).getUid();
+            sessionManager.authorize(requestToken, authorizingAccountId, verifier);
+        } catch (EnMeNotValidKeyOAuthSecurityException e) {
+            throw new InvalidOAuthTokenException(e.getMessage());
+        }
+    }
+
+    /* (non-Javadoc)
+     * @see org.springframework.security.oauth.provider.token.OAuthProviderTokenServices#createAccessToken(java.lang.String)
+     */
+    public OAuthAccessProviderToken createAccessToken(String requestToken)
+            throws AuthenticationException {
+        try {
+            return providerTokenFor(sessionManager.grantAccess(requestToken));
+        } catch (EnMeNotValidKeyOAuthSecurityException e) {
+            throw new InvalidOAuthTokenException(e.getMessage());
+        }
+    }
+
+    private OAuthProviderToken providerTokenFor(OAuthSession session) {
+        return new OAuthSessionProviderToken(session);
+    }
+
+    private OAuthAccessProviderToken providerTokenFor(ApplicationConnection connection) {
+        return new AppConnectionProviderToken(connection);
+    }
+
+    /**
+     * @return the accountDaoImp
+     */
+    public AccountDaoImp getAccountDaoImp() {
+        return accountDaoImp;
+    }
+
+    /**
+     * @param accountDaoImp the accountDaoImp to set
+     */
+    public void setAccountDaoImp(final AccountDaoImp accountDaoImp) {
+        this.accountDaoImp = accountDaoImp;
+    }
+
+    /**
+     * @return the applicationDao
+     */
+    public IApplicationDao getApplicationDao() {
+        return applicationDao;
+    }
+
+    /**
+     * @param applicationDao the applicationDao to set
+     */
+    public void setApplicationDao(final IApplicationDao applicationDao) {
+        this.applicationDao = applicationDao;
+    }
+
+    /**
+     * @return the sessionManager
+     */
+    public OAuthSessionManager getSessionManager() {
+        return sessionManager;
+    }
+
+    /**
+     * @param sessionManager the sessionManager to set
+     */
+    public void setSessionManager(final OAuthSessionManager sessionManager) {
+        this.sessionManager = sessionManager;
+    }
+}

encuestame-oauth/src/main/java/org/encuestame/oauth/security/OAuthSessionManager.java

+/*
+ ************************************************************************************
+ * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
+ * encuestame Development Team.
+ * Licensed under the Apache Software License version 2.0
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to  in writing,  software  distributed
+ * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
+ * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
+ * specific language governing permissions and limitations under the License.
+ ************************************************************************************
+ */
+package org.encuestame.oauth.security;
+
+import org.encuestame.persistence.domain.application.ApplicationConnection;
+import org.encuestame.persistence.exception.EnMeNotValidKeyOAuthSecurityException;
+import org.encuestame.utils.oauth.OAuthSession;
+/**
+ * Implementation to manage OAuth Sessions
+ * @author Picado, Juan juanATencuestame.org
+ * @since Dec 23, 2010 7:23:39 PM
+ * @version $Id:$
+ */
+public interface OAuthSessionManager {
+
+    /**
+     * Create a new OAuth session for the application with the assigned api key.
+     * @param apiKey the api key, assumed to be valid by the time this method is invoked.
+     * @param callbackUrl the URL the client wants you to redirect the user to after he or she authorizes the connection
+     * @return a new OAuthSession containing an assigned request token
+     */
+    OAuthSession newOAuthSession(String apiKey, String callbackUrl);
+
+    /**
+     * Get the active OAuthSession indexed by the assigned request token.
+     * @param requestToken the request token
+     * @throws InvalidRequestTokenException if the request token is not valid; this could happen if the session has completed or expired.
+     */
+    OAuthSession getSession(String requestToken) throws EnMeNotValidKeyOAuthSecurityException;
+
+    /**
+     * Record that a user granted access to the application associated with the OAuthSession.
+     * @param requestToken the request token that identifies the OAuthSession
+     * @param authorizingAccountId the id of the user account that authorized the connection
+     * @param verifier the verifier token generated by the OAuthProvider; expected to be submitted by the client on the accessToken request that follows the callback redirect.
+     * @return the updated OAuthSession reflecting authorized() status
+     * @throws InvalidRequestTokenException if the request token is not valid; this could happen if the session has completed or expired.
+     * @throws EnMeNotValidKeyOAuthSecurityException
+     */
+    OAuthSession authorize(String requestToken, Long authorizingAccountId, String verifier) throws  EnMeNotValidKeyOAuthSecurityException;
+
+    /**
+     * For the OAuthSession identified by the requestToken, grant the application identified by the {@link OAuthSession#getApiKey()} access to the
+     * {@link OAuthSession#getAuthorizingAccountId() authorizing member account}.
+     * An access token will be assigned and returned in the AppConnection object.
+     * @throws InvalidRequestTokenException if the request token is not valid; this could happen if the session has completed or expired.
+     */
+    ApplicationConnection grantAccess(String requestToken) throws EnMeNotValidKeyOAuthSecurityException;
+
+}

encuestame-oauth/src/main/java/org/encuestame/oauth/security/OAuthSessionProviderToken.java

+/*
+ ************************************************************************************
+ * Copyright (C) 2001-2010 encuestame: system online surveys Copyright (C) 2009
+ * encuestame Development Team.
+ * Licensed under the Apache Software License version 2.0
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to  in writing,  software  distributed
+ * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
+ * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
+ * specific language governing permissions and limitations under the License.
+ ************************************************************************************
+ */
+package org.encuestame.oauth.security;
+
+import org.encuestame.utils.oauth.OAuthSession;
+import org.springframework.security.oauth.provider.token.OAuthProviderToken;
+
+/**
+ * Adapts a {@link OAuthSession} returned by the {@link OAuthSessionManager} to a Spring Security {@link OAuthProviderToken}.
+ * @author Picado, Juan juanATencuestame.org
+ * @since Dec 24, 2010 3:57:14 PM
+ * @version Id:
+ */
+@SuppressWarnings("serial")
+class OAuthSessionProviderToken implements OAuthProviderToken {
+
+    private OAuthSession session;
+
+    public OAuthSessionProviderToken(OAuthSession session) {
+        this.session = session;
+    }
+
+    public String getConsumerKey() {
+        return session.getApiKey();
+    }
+
+    public String getValue() {
+        return session.getRequestToken();
+    }
+
+    public String getSecret() {
+        return session.getSecret();
+    }
+
+    public String getCallbackUrl() {
+        return session.getCallbackUrl();
+    }
+
+    public String getVerifier() {
+        return session.getVerifier();
+    }
+
+    public boolean isAccessToken() {
+        return false;
+    }
+}

encuestame-oauth/src/main/java/org/encuestame/oauth/security/package-info.java

+/**
+ * OAuth Security Features.
+ */
+package org.encuestame.oauth.security;
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.