public class SimpleOAuthValidator extends java.lang.Object implements OAuthValidator
This implementation is less than industrial strength:
Modifier and Type | Class and Description |
---|---|
private static class |
SimpleOAuthValidator.UsedNonce
Selected parameters from an OAuth request, in a form suitable for
detecting duplicate requests.
|
Modifier and Type | Field and Description |
---|---|
static long |
DEFAULT_MAX_TIMESTAMP_AGE
The default maximum age of timestamps is 5 minutes.
|
static long |
DEFAULT_TIMESTAMP_WINDOW |
protected long |
maxTimestampAgeMsec |
protected double |
maxVersion |
protected double |
minVersion |
static java.util.Set<java.lang.String> |
SINGLE_PARAMETERS
Names of parameters that may not appear twice in a valid message.
|
private java.util.Set<SimpleOAuthValidator.UsedNonce> |
usedNonces |
Constructor and Description |
---|
SimpleOAuthValidator()
Construct a validator that rejects messages more than five minutes old or
with a OAuth version other than 1.0.
|
SimpleOAuthValidator(long maxTimestampAgeMsec,
double maxVersion)
Public constructor.
|
Modifier and Type | Method and Description |
---|---|
protected void |
checkSingleParameters(OAuthMessage message)
Throw an exception if any SINGLE_PARAMETERS occur repeatedly.
|
private static java.util.Set<java.lang.String> |
constructSingleParameters() |
protected long |
currentTimeMsec()
Get the number of milliseconds since midnight, January 1, 1970 UTC.
|
java.util.Date |
releaseGarbage()
Allow objects that are no longer useful to become garbage.
|
private java.util.Date |
removeOldNonces(long currentTimeMsec)
Remove usedNonces with timestamps that are too old to be valid.
|
void |
validateMessage(OAuthMessage message,
OAuthAccessor accessor) |
protected java.util.Date |
validateNonce(OAuthMessage message,
long timestamp,
long currentTimeMsec)
Throw an exception if the nonce has been validated previously.
|
protected void |
validateSignature(OAuthMessage message,
OAuthAccessor accessor) |
protected void |
validateTimestamp(OAuthMessage message,
long timestamp,
long currentTimeMsec)
Throw an exception if the timestamp [sec] is out of range.
|
protected void |
validateTimestampAndNonce(OAuthMessage message)
Throw an exception if the timestamp is out of range or the nonce has been
validated previously.
|
protected void |
validateVersion(OAuthMessage message) |
public static final long DEFAULT_MAX_TIMESTAMP_AGE
public static final long DEFAULT_TIMESTAMP_WINDOW
public static final java.util.Set<java.lang.String> SINGLE_PARAMETERS
protected final double minVersion
protected final double maxVersion
protected final long maxTimestampAgeMsec
private final java.util.Set<SimpleOAuthValidator.UsedNonce> usedNonces
public SimpleOAuthValidator()
public SimpleOAuthValidator(long maxTimestampAgeMsec, double maxVersion)
maxTimestampAgeMsec
- the range of valid timestamps, in milliseconds into the past
or future. So the total range of valid timestamps is twice
this value, rounded to the nearest second.maxVersion
- the maximum valid oauth_versionprivate static java.util.Set<java.lang.String> constructSingleParameters()
public java.util.Date releaseGarbage()
private java.util.Date removeOldNonces(long currentTimeMsec)
public void validateMessage(OAuthMessage message, OAuthAccessor accessor) throws OAuthException, java.io.IOException, java.net.URISyntaxException
validateMessage
in interface OAuthValidator
java.net.URISyntaxException
OAuthException
- the message doesn't conform to OAuth. The exception contains
information that conforms to the OAuth Problem
Reporting extension.java.io.IOException
- the message couldn't be read.protected void checkSingleParameters(OAuthMessage message) throws java.io.IOException, OAuthException
java.io.IOException
OAuthException
protected void validateVersion(OAuthMessage message) throws OAuthException, java.io.IOException
OAuthException
java.io.IOException
protected void validateTimestampAndNonce(OAuthMessage message) throws java.io.IOException, OAuthProblemException
java.io.IOException
OAuthProblemException
protected void validateTimestamp(OAuthMessage message, long timestamp, long currentTimeMsec) throws java.io.IOException, OAuthProblemException
java.io.IOException
OAuthProblemException
protected java.util.Date validateNonce(OAuthMessage message, long timestamp, long currentTimeMsec) throws java.io.IOException, OAuthProblemException
java.io.IOException
OAuthProblemException
protected void validateSignature(OAuthMessage message, OAuthAccessor accessor) throws OAuthException, java.io.IOException, java.net.URISyntaxException
OAuthException
java.io.IOException
java.net.URISyntaxException
protected long currentTimeMsec()