Examples with OAuthContext org.apache.cxf.rs.security.oauth.data.OAuthContext used on opensource projects

Example 1 with OAuthContext

use of org.apache.cxf.rs.security.oauth.data.OAuthContext in project tesb-rt-se by Talend.

the class ThirdPartyAccessService method getUserCalendar.

@GET
public Calendar getUserCalendar() {
    OAuthContext oauth = getOAuthContext();
    String userName = oauth.getSubject().getLogin();
    return accounts.getAccount(userName).getCalendar();
}

Example 2 with OAuthContext

use of org.apache.cxf.rs.security.oauth.data.OAuthContext in project tesb-rt-se by Talend.

the class ThirdPartyAccessService method updateCalendar.

@POST
public void updateCalendar(@FormParam("hour") int hour, @FormParam("description") String description) {
    // This permission check can be done in a custom filter; it can be simpler to do
    // in the actual service code if the context data (such as an hour in this case)
    // are not available in the request URI but in the message payload
    OAuthContext oauth = getOAuthContext();
    List<OAuthPermission> perms = oauth.getPermissions();
    boolean checkPassed = false;
    for (OAuthPermission perm : perms) {
        if (perm.getPermission().startsWith(OAuthConstants.UPDATE_CALENDAR_SCOPE)) {
            int authorizedHour = Integer.valueOf(perm.getPermission().substring(OAuthConstants.UPDATE_CALENDAR_SCOPE.length()));
            if (authorizedHour == hour) {
                checkPassed = true;
            }
        }
    }
    if (!checkPassed) {
        throw new WebApplicationException(403);
    }
    // end of the check
    Calendar calendar = getUserCalendar();
    calendar.getEntry(hour).setEventDescription(description);
}