camel-2.8.x/examples/camel-example-gauth/src/main/java/org/apache/camel/example/gauth/TutorialController.java - camel - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.camel.example.gauth;


 import java.util.List;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import com.google.gdata.util.AuthenticationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;

 /**
  * Single controller for the demo application that handles GET requests. Obtains OAuth access
  * token and access token secret from cookies and uses them to obtain calendar names from the
  * Google Calendar API. If the interaction with the calendar API fails due to invalid or non-
  * existing OAuth tokens an error message is displayed in authorize.jsp. If it succeeds the
  * calendar names are displayed in calendar.jsp.
  * <p>
  * In production systems it is <em>not</em> recommended to store access tokens in cookies. The
  * recommended approach is to store them in a database. The demo application is only doing that
  * to keep the example as simple as possible. However, an attacker could not use an access token
  * alone to get access to a user's calendar data because the application's consumer secret is
  * necessary for that as well. The consumer secret never leaves the demo application.
  */
 @Controller
 @RequestMapping("/calendar")
 public class TutorialController {

     @Autowired
     private TutorialService service;

     @RequestMapping(method = RequestMethod.GET)
     public String handleGet(
             HttpServletRequest request,
             HttpServletResponse response,
             ModelMap model) throws Exception {

         List<String> calendarNames = null;

         // Get OAuth tokens from cookies
         String accessToken = getAccessToken(request);
         String accessTokenSecret = getAccessTokenSecret(request);

         if (accessToken == null) {
             model.put("message", "No OAuth access token available");
             return "/WEB-INF/jsp/authorize.jsp";
         }

         try {
             // Get calendar names from Google Calendar API
             calendarNames = service.getCalendarNames(accessToken, accessTokenSecret);
         } catch (AuthenticationException e) {
             model.put("message", "OAuth access token invalid");
             return "/WEB-INF/jsp/authorize.jsp";
         }

         model.put("calendarNames", calendarNames);
         return "/WEB-INF/jsp/calendar.jsp";
     }

     private static String getAccessToken(HttpServletRequest request) {
         return getCookieValue(request.getCookies(), "TUTORIAL-ACCESS-TOKEN");
     }

     private static String getAccessTokenSecret(HttpServletRequest request) {
         return getCookieValue(request.getCookies(), "TUTORIAL-ACCESS-TOKEN-SECRET");
     }

     private static String getCookieValue(Cookie[] cookies, String name) {
         if (cookies == null) {
             return null;
         }
         for (Cookie cookie : cookies) {
             if (name.equals(cookie.getName())) {
                 return cookie.getValue();
             }
         }
         return null;
     }

 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.camel.example.gauth;


	import java.util.List;
	import javax.servlet.http.Cookie;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;

	import com.google.gdata.util.AuthenticationException;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.stereotype.Controller;
	import org.springframework.ui.ModelMap;
	import org.springframework.web.bind.annotation.RequestMapping;
	import org.springframework.web.bind.annotation.RequestMethod;

	/**
	* Single controller for the demo application that handles GET requests. Obtains OAuth access
	* token and access token secret from cookies and uses them to obtain calendar names from the
	* Google Calendar API. If the interaction with the calendar API fails due to invalid or non-
	* existing OAuth tokens an error message is displayed in authorize.jsp. If it succeeds the
	* calendar names are displayed in calendar.jsp.
	* <p>
	* In production systems it is <em>not</em> recommended to store access tokens in cookies. The
	* recommended approach is to store them in a database. The demo application is only doing that
	* to keep the example as simple as possible. However, an attacker could not use an access token
	* alone to get access to a user's calendar data because the application's consumer secret is
	* necessary for that as well. The consumer secret never leaves the demo application.
	*/
	@Controller
	@RequestMapping("/calendar")
	public class TutorialController {

	@Autowired
	private TutorialService service;

	@RequestMapping(method = RequestMethod.GET)
	public String handleGet(
	HttpServletRequest request,
	HttpServletResponse response,
	ModelMap model) throws Exception {

	List<String> calendarNames = null;

	// Get OAuth tokens from cookies
	String accessToken = getAccessToken(request);
	String accessTokenSecret = getAccessTokenSecret(request);

	if (accessToken == null) {
	model.put("message", "No OAuth access token available");
	return "/WEB-INF/jsp/authorize.jsp";
	}

	try {
	// Get calendar names from Google Calendar API
	calendarNames = service.getCalendarNames(accessToken, accessTokenSecret);
	} catch (AuthenticationException e) {
	model.put("message", "OAuth access token invalid");
	return "/WEB-INF/jsp/authorize.jsp";
	}

	model.put("calendarNames", calendarNames);
	return "/WEB-INF/jsp/calendar.jsp";
	}

	private static String getAccessToken(HttpServletRequest request) {
	return getCookieValue(request.getCookies(), "TUTORIAL-ACCESS-TOKEN");
	}

	private static String getAccessTokenSecret(HttpServletRequest request) {
	return getCookieValue(request.getCookies(), "TUTORIAL-ACCESS-TOKEN-SECRET");
	}

	private static String getCookieValue(Cookie[] cookies, String name) {
	if (cookies == null) {
	return null;
	}
	for (Cookie cookie : cookies) {
	if (name.equals(cookie.getName())) {
	return cookie.getValue();
	}
	}
	return null;
	}

	}