Examples with Client - org.apache.cxf.rs.security.oauth.data.Client

Example 6 with Client

use of org.apache.cxf.rs.security.oauth.data.Client in project cxf by apache.

the class MemoryOAuthDataProvider method createAccessToken.

public AccessToken createAccessToken(AccessTokenRegistration reg) throws OAuthServiceException {
    RequestToken requestToken = reg.getRequestToken();
    Client client = requestToken.getClient();
    requestToken = getRequestToken(requestToken.getTokenKey());
    String accessTokenString = generateToken();
    String tokenSecretString = generateToken();
    AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString, 3600, System.currentTimeMillis() / 1000);
    accessToken.setScopes(requestToken.getScopes());
    synchronized (oauthTokens) {
        oauthTokens.remove(requestToken.getTokenKey());
        oauthTokens.put(accessTokenString, accessToken);
        synchronized (userAuthorizedClients) {
            userAuthorizedClients.add(client.getConsumerKey(), client.getConsumerKey());
        }
    }
    return accessToken;
}

Also used : RequestToken(org.apache.cxf.rs.security.oauth.data.RequestToken) AccessToken(org.apache.cxf.rs.security.oauth.data.AccessToken) Client(org.apache.cxf.rs.security.oauth.data.Client)

Example 7 with Client

use of org.apache.cxf.rs.security.oauth.data.Client in project cxf by apache.

the class AbstractAuthFilter method handleOAuthRequest.

/**
 * Authenticates the third-party consumer and returns
 * {@link OAuthInfo} bean capturing the information about the request.
 * @param req http request
 * @return OAuth info
 * @see OAuthInfo
 * @throws Exception
 * @throws OAuthProblemException
 */
protected OAuthInfo handleOAuthRequest(HttpServletRequest req) throws Exception, OAuthProblemException {
    if (LOG.isLoggable(Level.FINE)) {
        LOG.log(Level.FINE, "OAuth security filter for url: {0}", req.getRequestURL());
    }
    AccessToken accessToken = null;
    Client client = null;
    OAuthMessage oAuthMessage = OAuthServlet.getMessage(new CustomHttpServletWrapper(req), OAuthServlet.getRequestURL(req));
    if (oAuthMessage.getParameter(OAuth.OAUTH_TOKEN) != null) {
        oAuthMessage.requireParameters(REQUIRED_PARAMETERS);
        accessToken = dataProvider.getAccessToken(oAuthMessage.getToken());
        // check if access token is not null
        if (accessToken == null) {
            LOG.warning("Access token is unavailable");
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
        client = accessToken.getClient();
        OAuthUtils.validateMessage(oAuthMessage, client, accessToken, dataProvider, validator);
    } else {
        String consumerKey = null;
        String consumerSecret = null;
        String authHeader = oAuthMessage.getHeader("Authorization");
        if (authHeader != null) {
            if (authHeader.startsWith("OAuth")) {
                consumerKey = oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY);
                consumerSecret = oAuthMessage.getParameter(OAuthConstants.OAUTH_CONSUMER_SECRET);
            } else if (authHeader.startsWith("Basic")) {
                AuthorizationPolicy policy = getAuthorizationPolicy(authHeader);
                if (policy != null) {
                    consumerKey = policy.getUserName();
                    consumerSecret = policy.getPassword();
                }
            }
        }
        if (consumerKey != null) {
            client = dataProvider.getClient(consumerKey);
        }
        if (client == null) {
            LOG.warning("Client is invalid");
            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
        }
        if (consumerSecret != null && !consumerSecret.equals(client.getSecretKey())) {
            LOG.warning("Client secret is invalid");
            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
        }
        OAuthUtils.validateMessage(oAuthMessage, client, null, dataProvider, validator);
        accessToken = client.getPreAuthorizedToken();
        if (accessToken == null || !accessToken.isPreAuthorized()) {
            LOG.warning("Preauthorized access token is unavailable");
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
    }
    List<OAuthPermission> permissions = accessToken.getScopes();
    List<OAuthPermission> matchingPermissions = new ArrayList<>();
    for (OAuthPermission perm : permissions) {
        boolean uriOK = checkRequestURI(req, perm.getUris());
        boolean verbOK = checkHttpVerb(req, perm.getHttpVerbs());
        if (uriOK && verbOK) {
            matchingPermissions.add(perm);
        }
    }
    if (!permissions.isEmpty() && matchingPermissions.isEmpty()) {
        String message = "Client has no valid permissions";
        LOG.warning(message);
        throw new OAuthProblemException(message);
    }
    return new OAuthInfo(accessToken, matchingPermissions);
}

Also used : OAuthProblemException(net.oauth.OAuthProblemException) AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy) OAuthPermission(org.apache.cxf.rs.security.oauth.data.OAuthPermission) OAuthMessage(net.oauth.OAuthMessage) AccessToken(org.apache.cxf.rs.security.oauth.data.AccessToken) ArrayList(java.util.ArrayList) Client(org.apache.cxf.rs.security.oauth.data.Client)

Example 8 with Client

use of org.apache.cxf.rs.security.oauth.data.Client in project cxf by apache.

the class RequestTokenHandler method handle.

public Response handle(MessageContext mc, OAuthDataProvider dataProvider, OAuthValidator validator) {
    try {
        OAuthMessage oAuthMessage = OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);
        Client client = dataProvider.getClient(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));
        // client credentials not found
        if (client == null) {
            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
        }
        OAuthUtils.validateMessage(oAuthMessage, client, null, dataProvider, validator);
        String callback = oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK);
        validateCallbackURL(client, callback);
        List<String> scopes = OAuthUtils.parseParamValue(oAuthMessage.getParameter(OAuthConstants.X_OAUTH_SCOPE), defaultScope);
        RequestTokenRegistration reg = new RequestTokenRegistration();
        reg.setClient(client);
        reg.setCallback(callback);
        reg.setState(oAuthMessage.getParameter(OAuthConstants.X_OAUTH_STATE));
        reg.setScopes(scopes);
        reg.setLifetime(tokenLifetime);
        reg.setIssuedAt(System.currentTimeMillis() / 1000);
        RequestToken requestToken = dataProvider.createRequestToken(reg);
        if (LOG.isLoggable(Level.FINE)) {
            LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
        }
        // create response
        Map<String, Object> responseParams = new HashMap<>();
        responseParams.put(OAuth.OAUTH_TOKEN, requestToken.getTokenKey());
        responseParams.put(OAuth.OAUTH_TOKEN_SECRET, requestToken.getTokenSecret());
        responseParams.put(OAuth.OAUTH_CALLBACK_CONFIRMED, Boolean.TRUE);
        String responseBody = OAuth.formEncode(responseParams.entrySet());
        return Response.ok(responseBody).build();
    } catch (OAuthProblemException e) {
        LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] { e.fillInStackTrace() });
        int code = e.getHttpStatusCode();
        if (code == HttpServletResponse.SC_OK) {
            code = e.getProblem() == OAuth.Problems.CONSUMER_KEY_UNKNOWN ? 401 : 400;
        }
        return OAuthUtils.handleException(mc, e, code);
    } catch (OAuthServiceException e) {
        return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_BAD_REQUEST);
    } catch (Exception e) {
        LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}", new Object[] { e.fillInStackTrace() });
        return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    }
}

Also used : OAuthProblemException(net.oauth.OAuthProblemException) OAuthMessage(net.oauth.OAuthMessage) HashMap(java.util.HashMap) OAuthServiceException(org.apache.cxf.rs.security.oauth.provider.OAuthServiceException) RequestToken(org.apache.cxf.rs.security.oauth.data.RequestToken) Client(org.apache.cxf.rs.security.oauth.data.Client) OAuthProblemException(net.oauth.OAuthProblemException) OAuthServiceException(org.apache.cxf.rs.security.oauth.provider.OAuthServiceException) RequestTokenRegistration(org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration)

Aggregations

Client (org.apache.cxf.rs.security.oauth.data.Client)8 AccessToken (org.apache.cxf.rs.security.oauth.data.AccessToken)3 RequestToken (org.apache.cxf.rs.security.oauth.data.RequestToken)3 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)3 ModelAndView (org.springframework.web.servlet.ModelAndView)3 OAuthMessage (net.oauth.OAuthMessage)2 OAuthProblemException (net.oauth.OAuthProblemException)2 Principal (java.security.Principal)1 SecureRandom (java.security.SecureRandom)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 AuthorizationPolicy (org.apache.cxf.configuration.security.AuthorizationPolicy)1 OAuthPermission (org.apache.cxf.rs.security.oauth.data.OAuthPermission)1 RequestTokenRegistration (org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration)1 Token (org.apache.cxf.rs.security.oauth.data.Token)1 MD5SequenceGenerator (org.apache.cxf.rs.security.oauth.provider.MD5SequenceGenerator)1 OAuthServiceException (org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)1