Examples with UserSubject org.apache.cxf.rs.security.oauth.data.UserSubject used on opensource projects

Search in sources :

Example 1 with UserSubject

use of org.apache.cxf.rs.security.oauth.data.UserSubject in project cxf by apache.

the class AbstractAuthFilter method createSecurityContext.

protected SecurityContext createSecurityContext(HttpServletRequest request, final OAuthInfo info) {
    // TODO:
    // This custom parameter is only needed by the "oauth"
    // demo shipped in the distribution; needs to be removed.
    request.setAttribute("oauth_authorities", info.getRoles());
    UserSubject subject = info.getToken().getSubject();
    final UserSubject theSubject = subject;
    return new SecurityContext() {

        public Principal getUserPrincipal() {
            String login = AbstractAuthFilter.this.useUserSubject ? (theSubject != null ? theSubject.getLogin() : null) : info.getToken().getClient().getLoginName();
            return new SimplePrincipal(login);
        }

        public boolean isUserInRole(String role) {
            List<String> roles = null;
            if (AbstractAuthFilter.this.useUserSubject && theSubject != null) {
                roles = theSubject.getRoles();
            } else {
                roles = info.getRoles();
            }
            return roles.contains(role);
        }
    };
}
Also used : UserSubject(org.apache.cxf.rs.security.oauth.data.UserSubject) SecurityContext(org.apache.cxf.security.SecurityContext) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)

Example 2 with UserSubject

use of org.apache.cxf.rs.security.oauth.data.UserSubject in project cxf by apache.

the class AuthorizationRequestHandler method handle.

public Response handle(MessageContext mc, OAuthDataProvider dataProvider) {
    HttpServletRequest request = mc.getHttpServletRequest();
    try {
        OAuthMessage oAuthMessage = OAuthUtils.getOAuthMessage(mc, request, REQUIRED_PARAMETERS);
        new DefaultOAuthValidator().checkSingleParameter(oAuthMessage);
        RequestToken token = dataProvider.getRequestToken(oAuthMessage.getToken());
        if (token == null) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
        String decision = oAuthMessage.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
        OAuthAuthorizationData secData = new OAuthAuthorizationData();
        if (!compareRequestSessionTokens(request, oAuthMessage)) {
            if (decision != null) {
                // this is a user decision request, the session has expired or been possibly hijacked
                LOG.warning("Session authenticity token is missing or invalid");
                throw ExceptionUtils.toBadRequestException(null, null);
            }
            // assume it is an initial authorization request
            addAuthenticityTokenToSession(secData, request);
            return Response.ok(addAdditionalParams(secData, dataProvider, token)).build();
        }
        boolean allow = OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision);
        Map<String, String> queryParams = new HashMap<>();
        if (allow) {
            SecurityContext sc = (SecurityContext) mc.get(SecurityContext.class.getName());
            List<String> roleNames = Collections.emptyList();
            if (sc instanceof LoginSecurityContext) {
                roleNames = new ArrayList<>();
                Set<Principal> roles = ((LoginSecurityContext) sc).getUserRoles();
                for (Principal p : roles) {
                    roleNames.add(p.getName());
                }
            }
            token.setSubject(new UserSubject(sc.getUserPrincipal() == null ? null : sc.getUserPrincipal().getName(), roleNames));
            AuthorizationInput input = new AuthorizationInput();
            input.setToken(token);
            Set<OAuthPermission> approvedScopesSet = new HashSet<>();
            List<OAuthPermission> originalScopes = token.getScopes();
            for (OAuthPermission perm : originalScopes) {
                String param = oAuthMessage.getParameter(perm.getPermission() + "_status");
                if (param != null && OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(param)) {
                    approvedScopesSet.add(perm);
                }
            }
            List<OAuthPermission> approvedScopes = new LinkedList<OAuthPermission>(approvedScopesSet);
            if (approvedScopes.isEmpty()) {
                approvedScopes = originalScopes;
            } else if (approvedScopes.size() < originalScopes.size()) {
                for (OAuthPermission perm : originalScopes) {
                    if (perm.isDefault() && !approvedScopes.contains(perm)) {
                        approvedScopes.add(perm);
                    }
                }
            }
            input.setApprovedScopes(approvedScopes);
            String verifier = dataProvider.finalizeAuthorization(input);
            queryParams.put(OAuth.OAUTH_VERIFIER, verifier);
        } else {
            dataProvider.removeToken(token);
        }
        queryParams.put(OAuth.OAUTH_TOKEN, token.getTokenKey());
        if (token.getState() != null) {
            queryParams.put(OAuthConstants.X_OAUTH_STATE, token.getState());
        }
        String callbackValue = getCallbackValue(token);
        if (OAuthConstants.OAUTH_CALLBACK_OOB.equals(callbackValue)) {
            OOBAuthorizationResponse bean = convertQueryParamsToOOB(queryParams);
            return Response.ok().entity(bean).build();
        }
        URI callbackURI = buildCallbackURI(callbackValue, queryParams);
        return Response.seeOther(callbackURI).build();
    } catch (OAuthProblemException e) {
        LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[] { e.fillInStackTrace() });
        int code = e.getHttpStatusCode();
        if (code == HttpServletResponse.SC_OK) {
            code = e.getProblem() == OAuth.Problems.CONSUMER_KEY_UNKNOWN ? 401 : 400;
        }
        return OAuthUtils.handleException(mc, e, code);
    } catch (OAuthServiceException e) {
        return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_BAD_REQUEST);
    } catch (Exception e) {
        LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}", new Object[] { e.fillInStackTrace() });
        return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    }
}
Also used : OAuthPermission(org.apache.cxf.rs.security.oauth.data.OAuthPermission) HashMap(java.util.HashMap) OAuthServiceException(org.apache.cxf.rs.security.oauth.provider.OAuthServiceException) LoginSecurityContext(org.apache.cxf.security.LoginSecurityContext) AuthorizationInput(org.apache.cxf.rs.security.oauth.data.AuthorizationInput) URI(java.net.URI) HttpServletRequest(javax.servlet.http.HttpServletRequest) UserSubject(org.apache.cxf.rs.security.oauth.data.UserSubject) RequestToken(org.apache.cxf.rs.security.oauth.data.RequestToken) HashSet(java.util.HashSet) OAuthMessage(net.oauth.OAuthMessage) LinkedList(java.util.LinkedList) OAuthProblemException(net.oauth.OAuthProblemException) OAuthServiceException(org.apache.cxf.rs.security.oauth.provider.OAuthServiceException) IOException(java.io.IOException) OAuthProblemException(net.oauth.OAuthProblemException) SecurityContext(org.apache.cxf.security.SecurityContext) LoginSecurityContext(org.apache.cxf.security.LoginSecurityContext) DefaultOAuthValidator(org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator) OAuthAuthorizationData(org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData) Principal(java.security.Principal)

Aggregations

UserSubject (org.apache.cxf.rs.security.oauth.data.UserSubject)2 SecurityContext (org.apache.cxf.security.SecurityContext)2 IOException (java.io.IOException)1 URI (java.net.URI)1 Principal (java.security.Principal)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 LinkedList (java.util.LinkedList)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 OAuthMessage (net.oauth.OAuthMessage)1 OAuthProblemException (net.oauth.OAuthProblemException)1 SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)1 AuthorizationInput (org.apache.cxf.rs.security.oauth.data.AuthorizationInput)1 OAuthAuthorizationData (org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData)1 OAuthPermission (org.apache.cxf.rs.security.oauth.data.OAuthPermission)1 RequestToken (org.apache.cxf.rs.security.oauth.data.RequestToken)1 DefaultOAuthValidator (org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator)1 OAuthServiceException (org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)1 LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial