Package org.apache.cxf.rs.security.oauth2.jwt

Examples of org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders


        }
    }
   
    public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
        // Get the access token
        ServerAccessToken accessToken = getAccessToken();
       
        // Find the scopes which match the current request
       
        List<OAuthPermission> permissions = accessToken.getScopes();
        List<OAuthPermission> matchingPermissions = new ArrayList<OAuthPermission>();
       
        HttpServletRequest req = mc.getHttpServletRequest();
        for (OAuthPermission perm : permissions) {
            boolean uriOK = checkRequestURI(req, perm.getUris());
            boolean verbOK = checkHttpVerb(req, perm.getHttpVerbs());
            if (uriOK && verbOK) {
                matchingPermissions.add(perm);
            }
        }
       
        if (permissions.size() > 0 && matchingPermissions.isEmpty()) {
            String message = "Client has no valid permissions";
            LOG.warning(message);
            throw new WebApplicationException(403);
        }
     
        // Create the security context and make it available on the message
        SecurityContext sc = createSecurityContext(req, accessToken);
        m.put(SecurityContext.class, sc);
       
        // Also set the OAuthContext
        m.setContent(OAuthContext.class, new OAuthContext(accessToken.getSubject(),
                                                          matchingPermissions,
                                                          accessToken.getGrantType()));
       
        return null;
    }
View Full Code Here


   
    /**
     * Get the access token
     */
    protected ServerAccessToken getAccessToken() {
        ServerAccessToken accessToken = null;
        if (dataProvider == null && tokenHandlers.isEmpty()) {
            throw new WebApplicationException(500);
        }
       
        // Get the scheme and its data, Bearer only is supported by default
        // WWW-Authenticate with the list of supported schemes will be sent back
        // if the scheme is not accepted
        String[] authParts = AuthorizationUtils.getAuthorizationParts(mc, supportedSchemes);
        String authScheme = authParts[0];
        String authSchemeData = authParts[1];
       
        // Get the registered handler capable of processing the token
        AccessTokenValidator handler = findTokenHandler(authScheme);
        if (handler != null) {
            try {
                // Convert the HTTP Authorization scheme data into a token
                accessToken = handler.getAccessToken(authSchemeData);
            } catch (OAuthServiceException ex) {
                AuthorizationUtils.throwAuthorizationFailure(
                    Collections.singleton(authScheme));
            }
        }
        // Default processing if no registered providers available
        if (accessToken == null && authScheme.equals(DEFAULT_AUTH_SCHEME)) {
            try {
                accessToken = dataProvider.getAccessToken(authSchemeData);
            } catch (OAuthServiceException ex) {
                AuthorizationUtils.throwAuthorizationFailure(
                    Collections.singleton(authScheme));
            }
        }
        if (accessToken == null) {
            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
        }
        // Check if token is still valid
        if (OAuthUtils.isExpired(accessToken.getIssuedAt(), accessToken.getLifetime())) {
            dataProvider.removeAccessToken(accessToken);
            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
        }
        return accessToken;
    }
View Full Code Here

            AssertionWrapper assertionWrapper = new AssertionWrapper(token);
           
            Message message = PhaseInterceptorChain.getCurrentMessage();
   
            validateToken(message, assertionWrapper);
            UserSubject grantSubject = getGrantSubject(message, assertionWrapper);
           
            return doCreateAccessToken(client,
                                       grantSubject,
                                       Constants.SAML2_BEARER_GRANT,
                                       OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));
View Full Code Here

            }
            return new SamlUserSubject(jaxrsSc.getUserPrincipal().getName(),
                                       roles,
                                       jaxrsSc.getClaims());
        } else {
            return new UserSubject(sc.getUserPrincipal().getName());
        }
       
    }
View Full Code Here

    }
   
   
    protected SecurityContext createSecurityContext(HttpServletRequest request,
                                                    AccessTokenValidation accessTokenV) {
        UserSubject resourceOwnerSubject = accessTokenV.getTokenSubject();
        UserSubject clientSubject = accessTokenV.getClientSubject();

        final UserSubject theSubject =
            OAuthRequestFilter.this.useUserSubject ? resourceOwnerSubject : clientSubject;
                   
        return new SecurityContext() {

            public Principal getUserPrincipal() {
                return theSubject != null ? new SimplePrincipal(theSubject.getLogin()) : null;
            }

            public boolean isUserInRole(String role) {
                if (theSubject == null) {
                    return false;
                }
                return theSubject.getRoles().contains(role);
            }
        };
    }
View Full Code Here

            return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
        }
       
       
        // Create a UserSubject representing the end user
        UserSubject userSubject = createUserSubject(sc);
       
        // Request a new grant only if no pre-authorized token is available
        ServerAccessToken preauthorizedToken = getDataProvider().getPreauthorizedToken(
            client, requestedScope, userSubject, supportedGrantType);
        if (preauthorizedToken != null) {
View Full Code Here

        if (!requestedScope.containsAll(approvedScope)
            || !OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
                                         partialMatchScopeValidation)) {
            return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
        }
        UserSubject userSubject = createUserSubject(securityContext);
       
        // Request a new grant
        return createGrant(params,
                           client,
                           redirectUri,
View Full Code Here

    public void setSubjectCreator(SubjectCreator creator) {
        this.subjectCreator = creator;
    }
   
    protected UserSubject createUserSubject(SecurityContext securityContext) {
        UserSubject subject = null;
        if (subjectCreator != null) {
            subject = subjectCreator.createUserSubject(getMessageContext());
            if (subject != null) {
                return subject;
            }
View Full Code Here

        return accessToken;
    }
   
    protected SecurityContext createSecurityContext(HttpServletRequest request,
                                                    ServerAccessToken token) {
        UserSubject endUserSubject = token.getSubject();
        UserSubject clientSubject = token.getClient().getSubject();

        final UserSubject theSubject =
            OAuthRequestFilter.this.useUserSubject ? endUserSubject : clientSubject;
                   
        return new SecurityContext() {

            public Principal getUserPrincipal() {
                return theSubject != null ? new SimplePrincipal(theSubject.getLogin()) : null;
            }

            public boolean isUserInRole(String role) {
                if (theSubject == null) {
                    return false;
                }
                return theSubject.getRoles().contains(role);
            }
        };
    }
View Full Code Here

                    return handler;
                }
            }
            // Lets try the default grant handler
            if (grantHandlers.size() == 0) {
                AuthorizationCodeGrantHandler handler = new AuthorizationCodeGrantHandler();
                if (handler.getSupportedGrantTypes().contains(grantType)) {
                    handler.setDataProvider(
                            (AuthorizationCodeDataProvider)super.getDataProvider());
                    return handler;
                }
            }
        }
View Full Code Here

TOP

Related Classes of org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.