Package org.apache.cxf.rs.security.oauth2.services

Examples of org.apache.cxf.rs.security.oauth2.services.AccessTokenService

141
142
143
144
145
146
147
148
149
150
151
        properties.put("ws-security.signature.username", "alice");
        properties.put("ws-security.signature.properties", CRYPTO_RESOURCE_PROPERTIES);
        properties.put("ws-security.self-sign-saml-assertion", "true");
        bean.setProperties(properties);
       
        bean.getOutInterceptors().add(new Saml2BearerAuthOutInterceptor());
       
        WebClient wc = bean.createWebClient();
        wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
        return wc;
    }
View Full Code Here
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
        String[] authParts = getAuthorizationParts(m);
        String authScheme = authParts[0];
        String authSchemeData = authParts[1];
       
        // Get the access token
        AccessTokenValidation accessTokenV = getAccessTokenValidation(authScheme, authSchemeData);
       
        // Find the scopes which match the current request
       
        List<OAuthPermission> permissions = accessTokenV.getTokenScopes();
        List<OAuthPermission> matchingPermissions = new ArrayList<OAuthPermission>();
       
        HttpServletRequest req = getMessageContext().getHttpServletRequest();
        for (OAuthPermission perm : permissions) {
            boolean uriOK = checkRequestURI(req, perm.getUris());
            boolean verbOK = checkHttpVerb(req, perm.getHttpVerbs());
            if (uriOK && verbOK) {
                matchingPermissions.add(perm);
            }
        }
       
        if (permissions.size() > 0 && matchingPermissions.isEmpty()) {
            String message = "Client has no valid permissions";
            LOG.warning(message);
            throw new WebApplicationException(403);
        }
     
        // Create the security context and make it available on the message
        SecurityContext sc = createSecurityContext(req, accessTokenV);
        m.put(SecurityContext.class, sc);
       
        // Also set the OAuthContext
        OAuthContext oauthContext = new OAuthContext(accessTokenV.getTokenSubject(),
                                                     accessTokenV.getClientSubject(),
                                                     matchingPermissions,
                                                     accessTokenV.getTokenGrantType());
       
        oauthContext.setClientId(accessTokenV.getClientId());
        oauthContext.setTokenKey(accessTokenV.getTokenKey());
        oauthContext.setTokenAudience(accessTokenV.getAudience());
       
        m.setContent(OAuthContext.class, oauthContext);
    }
View Full Code Here
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
   
    /**
     * Get the access token
     */
    protected AccessTokenValidation getAccessTokenValidation(String authScheme, String authSchemeData) {
        AccessTokenValidation accessTokenV = null;
        if (dataProvider == null && tokenHandlers.isEmpty()) {
            throw ExceptionUtils.toInternalServerErrorException(null, null);
        }
       
        // Get the registered handler capable of processing the token
        AccessTokenValidator handler = findTokenValidator(authScheme);
        if (handler != null) {
            try {
                // Convert the HTTP Authorization scheme data into a token
                accessTokenV = handler.validateAccessToken(getMessageContext(), authScheme, authSchemeData);
            } catch (OAuthServiceException ex) {
                AuthorizationUtils.throwAuthorizationFailure(
                    Collections.singleton(authScheme), realm);
            }
        }
        // Default processing if no registered providers available
        ServerAccessToken localAccessToken = null;
        if (accessTokenV == null && dataProvider != null && authScheme.equals(DEFAULT_AUTH_SCHEME)) {
            try {
                localAccessToken = dataProvider.getAccessToken(authSchemeData);
            } catch (OAuthServiceException ex) {
                // to be handled next
            }
            if (localAccessToken == null) {
                AuthorizationUtils.throwAuthorizationFailure(
                    Collections.singleton(authScheme), realm);
            }
            accessTokenV = new AccessTokenValidation(localAccessToken);
        }
        if (accessTokenV == null) {
            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
        }
        // Check if token is still valid
        if (OAuthUtils.isExpired(accessTokenV.getTokenIssuedAt(), accessTokenV.getTokenLifetime())) {
            if (localAccessToken != null) {
                dataProvider.removeAccessToken(localAccessToken);
            }
            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
        }
       
        // Check audiences
        if (!validateAudience(accessTokenV.getAudience())) {
            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
        }
       
        return accessTokenV;
    }
View Full Code Here
33
34
35
36
37
38
39
40
41
42
public class OAuthDataProviderImpl implements OAuthDataProvider {

    @Override
    public Client getClient(String clientId) throws OAuthServiceException {
        Client client = new Client("alice", "alice", true);
        client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT);
        client.getAllowedGrantTypes().add("custom_grant");
        return client;
    }
View Full Code Here
32
33
34
35
36
37
38
public class OAuthDataProviderImpl implements OAuthDataProvider {

    @Override
    public Client getClient(String clientId) throws OAuthServiceException {
        return new Client("alice", "alice", true);
    }
View Full Code Here
90
91
92
93
94
95
96
97
98
99
100
    @Consumes("application/x-www-form-urlencoded")
    @Produces("application/json")
    public Response handleTokenRequest(MultivaluedMap<String, String> params) {
       
        // Make sure the client is authenticated
        Client client = authenticateClientIfNeeded(params);
       
        if (!OAuthUtils.isGrantSupportedForClient(client,
                                                  isCanSupportPublicClients(),
                                                  params.getFirst(OAuthConstants.GRANT_TYPE))) {
            return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT);   
View Full Code Here
149
150
151
152
153
154
155
156
157
158
159
   
    /**
     * Make sure the client is authenticated
     */
    private Client authenticateClientIfNeeded(MultivaluedMap<String, String> params) {
        Client client = null;
        SecurityContext sc = getMessageContext().getSecurityContext();
       
        if (params.containsKey(OAuthConstants.CLIENT_ID)) {
            // both client_id and client_secret are expected in the form payload
            client = getAndValidateClient(params.getFirst(OAuthConstants.CLIENT_ID),
View Full Code Here
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
        return client;
    }
   
    // Get the Client and check the id and secret
    private Client getAndValidateClient(String clientId, String clientSecret) {
        Client client = getClient(clientId);
        if (canSupportPublicClients
            && !client.isConfidential()
            && client.getClientSecret() == null
            && clientSecret == null) {
            return client;
        }
        if (clientSecret == null || client.getClientSecret() == null
            || !client.getClientId().equals(clientId)
            || !client.getClientSecret().equals(clientSecret)) {
            throw ExceptionUtils.toNotAuthorizedException(null, null);
        }
        return client;
    }
View Full Code Here
277
278
279
280
281
282
283
284
285
286
287
    protected Client getClient(String clientId) {
        if (clientId == null) {
            reportInvalidRequestError("Client ID is null");
            return null;
        }
        Client client = null;
        try {
            client = getValidClient(clientId);
        } catch (OAuthServiceException ex) {
            if (ex.getError() != null) {
                reportInvalidClient(ex.getError());
View Full Code Here
82
83
84
85
86
87
88
89
90
91
92
     * @param clientId the provided client id
     * @return Client the client reference
     * @throws {@link OAuthServiceExcepption} if no matching Client is found
     */
    protected Client getValidClient(String clientId) throws OAuthServiceException {
        Client client = null;
       
        if (clientId != null) {
            client = dataProvider.getClient(clientId);
        }
        return client;
View Full Code Here
TOP

Related Classes of org.apache.cxf.rs.security.oauth2.services.AccessTokenService

  • net.sf.ehcache.Element
  • org.apache.cxf.Bus
  • org.apache.cxf.common.i18n.Message
  • org.apache.cxf.common.security.SimplePrincipal
  • org.apache.cxf.jaxrs.client.WebClient
  • org.apache.cxf.jaxrs.ext.form.Form
  • org.apache.cxf.jaxrs.model.URITemplate
  • org.apache.cxf.message.Message
  • org.apache.cxf.rs.security.common.CryptoLoader
  • org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.