Examples of org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant

• org.apache.cxf.rs.security.oauth2.common.ClientAccessToken
  The Authorization Code Grant representation visible to the server

     */
    protected Response startAuthorization(MultivaluedMap<String, String> params) {
        // Make sure the end user has authenticated, check if HTTPS is used
        SecurityContext sc = getAndValidateSecurityContext();

        Client client = getClient(params);

        // Validate the provided request URI, if any, against the ones Client provided
        // during the registration
        String redirectUri = validateRedirectUri(client, params.getFirst(OAuthConstants.REDIRECT_URI));

            throw ExceptionUtils.toBadRequestException(null, null);
        }
        //TODO: additionally we can check that the Principal that got authenticated
        // in startAuthorization is the same that got authenticated in completeAuthorization

        Client client = getClient(params);
        String redirectUri = validateRedirectUri(client, params.getFirst(OAuthConstants.REDIRECT_URI));

        // Get the end user decision value
        String decision = params.getFirst(OAuthConstants.AUTHORIZATION_DECISION_KEY);
        boolean allow = OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision);

        // Return the error if denied
        if (!allow) {
            return createErrorResponse(params, redirectUri, OAuthConstants.ACCESS_DENIED);
        }

        // Check if the end user may have had a chance to down-scope the requested scopes
        List<String> requestedScope = OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE));
        List<String> approvedScope = new LinkedList<String>();
        for (String rScope : requestedScope) {
            String param = params.getFirst(rScope + "_status");
            if (param != null && OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(param)) {
                approvedScope.add(rScope);
            }
        }
        if (!requestedScope.containsAll(approvedScope)
            || !OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
                                         partialMatchScopeValidation)) {
            return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
        }
        UserSubject userSubject = createUserSubject(securityContext);

     * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found,
     *         the error is returned directly to the end user without
     *         following the redirect URI if any
     */
    protected Client getClient(MultivaluedMap<String, String> params) {
        Client client = null;

        try {
            client = getValidClient(params);
        } catch (OAuthServiceException ex) {
            if (ex.getError() != null) {

        SelfSignInfo signInfo = new SelfSignInfo(crypto, "alice", "password");

        String assertion =  SAMLUtils.createAssertion(new SamlCallbackHandler(),
                                                      signInfo).assertionToString();
        Saml2BearerGrant grant = new Saml2BearerGrant(assertion);
        ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
                                        new OAuthClientUtils.Consumer("alice", "alice"),
                                        grant,
                                        false);
        assertNotNull(at.getTokenKey());
    }

        Map<String, String> extraParams = new HashMap<String, String>();
        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE, Constants.CLIENT_AUTH_SAML2_BEARER);
        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, encodedAssertion);

        ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
                                                               new CustomGrant(),
                                                               extraParams);
        assertNotNull(at.getTokenKey());
    }

    @Test
    public void testSAML2BearerAuthenticationInterceptor() throws Exception {
        String address = "https://localhost:" + PORT + "/oauth2-auth/token";
        WebClient wc = createWebClientWithProps(address);

        ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
                                                               new CustomGrant());
        assertNotNull(at.getTokenKey());
    }

        throws IOException, WebApplicationException {
        Map<String, String> params = readJSONResponse(is);
        if (Map.class.isAssignableFrom(cls)) {
            return params;
        }
        ClientAccessToken token = OAuthClientUtils.fromMapToClientToken(params);
        if (token == null) {
            throw new WebApplicationException(500);
        } else {
            return token;
        }

        if (serverToken == null) {
            return createErrorResponse(params, OAuthConstants.INVALID_GRANT);
        }

        // Extract the information to be of use for the client
        ClientAccessToken clientToken = new ClientAccessToken(serverToken.getTokenType(),
                                                              serverToken.getTokenKey());
        clientToken.setRefreshToken(serverToken.getRefreshToken());
        if (isWriteOptionalParameters()) {
            clientToken.setExpiresIn(serverToken.getExpiresIn());
            List<OAuthPermission> perms = serverToken.getScopes();
            if (!perms.isEmpty()) {
                clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms));
            }
            clientToken.setParameters(serverToken.getParameters());
        }

        // Return it to the client
        return Response.ok(clientToken)
                       .header(HttpHeaders.CACHE_CONTROL, "no-store")

            map = new OAuthJSONProvider().readJSONResponse((InputStream)response.getEntity());
        } catch (IOException ex) {
            throw new ClientException(ex);
        }
        if (200 == response.getStatus()) {
            ClientAccessToken token = fromMapToClientToken(map, defaultTokenType);
            if (token == null) {
                throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
            } else {
                return token;
            }

            String tokenType = map.remove(OAuthConstants.ACCESS_TOKEN_TYPE);
            if (tokenType == null) {
                tokenType = defaultTokenType;
            }
            if (tokenType != null) {
                ClientAccessToken token = new ClientAccessToken(
                                              tokenType,
                                              map.remove(OAuthConstants.ACCESS_TOKEN));

                String refreshToken = map.remove(OAuthConstants.REFRESH_TOKEN);
                if (refreshToken != null) {
                    token.setRefreshToken(refreshToken);
                }
                String expiresInStr = map.remove(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN);
                if (expiresInStr != null) {
                    token.setExpiresIn(Long.valueOf(expiresInStr));
                }
                String issuedAtStr = map.remove(OAuthConstants.ACCESS_TOKEN_ISSUED_AT);
                token.setIssuedAt(issuedAtStr != null ? Long.valueOf(issuedAtStr)
                                                      : System.currentTimeMillis() / 1000);
                String scope = map.remove(OAuthConstants.SCOPE);
                if (scope != null) {
                    token.setApprovedScope(scope);
                }

                token.setParameters(map);
                return token;
            }
        }

        return null;