Examples with Client org.apache.cxf.rs.security.oauth2.common.Client used on opensource projects

Search in sources :

Example 66 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class AuthorizationCodeGrantHandler method doCreateAccessToken.

private ServerAccessToken doCreateAccessToken(Client client, ServerAuthorizationCodeGrant grant, String requestedGrant, String codeVerifier, List<String> audiences) {
    if (grant.isPreauthorizedTokenAvailable()) {
        ServerAccessToken token = getPreAuthorizedToken(client, grant.getSubject(), requestedGrant, grant.getRequestedScopes(), getAudiences(client, grant.getAudience()));
        if (token != null) {
            if (grant.getNonce() != null) {
                JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, grant.getNonce());
            }
            return token;
        }
        // creating a completely new token can be wrong - though this needs to be reviewed
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    if (!client.getAllowedGrantTypes().isEmpty() && !client.getAllowedGrantTypes().contains(requestedGrant)) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    // Delegate to the data provider to create the one
    AccessTokenRegistration reg = new AccessTokenRegistration();
    reg.setGrantCode(grant.getCode());
    reg.setClient(client);
    reg.setGrantType(requestedGrant);
    reg.setSubject(grant.getSubject());
    reg.setRequestedScope(grant.getRequestedScopes());
    reg.setNonce(grant.getNonce());
    if (grant.getApprovedScopes() != null) {
        reg.setApprovedScope(grant.getApprovedScopes());
    } else {
        reg.setApprovedScope(Collections.emptyList());
    }
    reg.setAudiences(audiences);
    reg.setResponseType(grant.getResponseType());
    reg.setClientCodeVerifier(codeVerifier);
    reg.getExtraProperties().putAll(grant.getExtraProperties());
    return getDataProvider().createAccessToken(reg);
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)

Example 67 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class AuthorizationCodeGrantHandler method createAccessToken.

public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
    // Get the grant representation from the provider
    String codeValue = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
    ServerAuthorizationCodeGrant grant = ((AuthorizationCodeDataProvider) getDataProvider()).removeCodeGrant(codeValue);
    if (grant == null) {
        return null;
    }
    // check it has not expired, the client ids are the same
    if (OAuthUtils.isExpired(grant.getIssuedAt(), grant.getExpiresIn())) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    if (!grant.getClient().getClientId().equals(client.getClientId())) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    // redirect URIs must match too
    String expectedRedirectUri = grant.getRedirectUri();
    String providedRedirectUri = params.getFirst(OAuthConstants.REDIRECT_URI);
    if (providedRedirectUri != null) {
        if (!providedRedirectUri.equals(expectedRedirectUri)) {
            throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
        }
    } else if (expectedRedirectUri == null && !isCanSupportPublicClients() || expectedRedirectUri != null && (client.getRedirectUris().size() != 1 || !client.getRedirectUris().contains(expectedRedirectUri))) {
        throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
    }
    String clientCodeVerifier = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
    String clientCodeChallenge = grant.getClientCodeChallenge();
    String clientCodeChallengeMethod = grant.getClientCodeChallengeMethod();
    if (!compareCodeVerifierWithChallenge(client, clientCodeVerifier, clientCodeChallenge, clientCodeChallengeMethod)) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    List<String> audiences = getAudiences(client, params, grant.getAudience());
    return doCreateAccessToken(client, grant, getSingleGrantType(), clientCodeVerifier, audiences);
}
Also used : OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)

Example 68 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class AuthorizationCodeGrantService method getGrantRepresentation.

public ServerAuthorizationCodeGrant getGrantRepresentation(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preauthorizedToken) {
    AuthorizationCodeRegistration codeReg = createCodeRegistration(state, client, requestedScope, approvedScope, userSubject, preauthorizedToken);
    ServerAuthorizationCodeGrant grant = ((AuthorizationCodeDataProvider) getDataProvider()).createCodeGrant(codeReg);
    if (grant.getExpiresIn() > RECOMMENDED_CODE_EXPIRY_TIME_SECS) {
        LOG.warning("Code expiry time exceeds 10 minutes");
    }
    return grant;
}
Also used : AuthorizationCodeRegistration(org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration) AuthorizationCodeDataProvider(org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider) ServerAuthorizationCodeGrant(org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)

Example 69 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class AuthorizationCodeGrantService method createCodeRegistration.

protected AuthorizationCodeRegistration createCodeRegistration(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preauthorizedToken) {
    AuthorizationCodeRegistration codeReg = new AuthorizationCodeRegistration();
    codeReg.setPreauthorizedTokenAvailable(preauthorizedToken != null);
    codeReg.setClient(client);
    codeReg.setRedirectUri(state.getRedirectUri());
    codeReg.setRequestedScope(requestedScope);
    codeReg.setResponseType(state.getResponseType());
    codeReg.setApprovedScope(getApprovedScope(requestedScope, approvedScope));
    codeReg.setSubject(userSubject);
    codeReg.setAudience(state.getAudience());
    codeReg.setNonce(state.getNonce());
    codeReg.setClientCodeChallenge(state.getClientCodeChallenge());
    codeReg.setClientCodeChallengeMethod(state.getClientCodeChallengeMethod());
    codeReg.getExtraProperties().putAll(state.getExtraProperties());
    return codeReg;
}
Also used : AuthorizationCodeRegistration(org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration)

Example 70 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class DynamicRegistrationService method readClient.

protected Client readClient(String clientId) {
    String accessToken = getRequestAccessToken();
    Client c = clientProvider.getClient(clientId);
    if (c == null) {
        throw ExceptionUtils.toNotAuthorizedException(null, null);
    }
    checkRegistrationAccessToken(c, accessToken);
    return c;
}
Also used : Client(org.apache.cxf.rs.security.oauth2.common.Client)

Aggregations

WebClient (org.apache.cxf.jaxrs.client.WebClient)112 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)100 Response (javax.ws.rs.core.Response)79 Client (org.apache.cxf.rs.security.oauth2.common.Client)75 Form (javax.ws.rs.core.Form)64 URL (java.net.URL)59 OAuthAuthorizationData (org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData)36 ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)36 Test (org.junit.Test)35 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)27 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)25 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)22 OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)21 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)16 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)15 ArrayList (java.util.ArrayList)13 TokenIntrospection (org.apache.cxf.rs.security.oauth2.common.TokenIntrospection)12 RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)12 Book (org.apache.cxf.systest.jaxrs.security.Book)11 Consumes (javax.ws.rs.Consumes)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial