Example 71 with Client
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class DynamicRegistrationService method createNewClient.
protected Client createNewClient(ClientRegistration request) {
// Client ID
String clientId = generateClientId();
// Client Name
String clientName = request.getClientName();
if (StringUtils.isEmpty(clientName)) {
clientName = clientId;
}
List<String> grantTypes = request.getGrantTypes();
if (grantTypes == null) {
grantTypes = Collections.singletonList(OAuthConstants.AUTHORIZATION_CODE_GRANT);
}
String tokenEndpointAuthMethod = request.getTokenEndpointAuthMethod();
// TODO: default is expected to be set to OAuthConstants.TOKEN_ENDPOINT_AUTH_BASIC
boolean passwordRequired = isPasswordRequired(grantTypes, tokenEndpointAuthMethod);
// Application Type
// https://tools.ietf.org/html/rfc7591 has no this property but
// but http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata does
String appType = request.getApplicationType();
if (appType == null) {
appType = DEFAULT_APPLICATION_TYPE;
}
boolean isConfidential = DEFAULT_APPLICATION_TYPE.equals(appType) && (passwordRequired || OAuthConstants.TOKEN_ENDPOINT_AUTH_TLS.equals(tokenEndpointAuthMethod));
// Client Secret
String clientSecret = passwordRequired ? generateClientSecret(request) : null;
Client newClient = new Client(clientId, clientSecret, isConfidential, clientName);
newClient.setAllowedGrantTypes(grantTypes);
newClient.setTokenEndpointAuthMethod(tokenEndpointAuthMethod);
if (OAuthConstants.TOKEN_ENDPOINT_AUTH_TLS.equals(tokenEndpointAuthMethod)) {
String subjectDn = (String) request.getProperty(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN);
if (subjectDn != null) {
newClient.getProperties().put(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN, subjectDn);
}
String issuerDn = (String) request.getProperty(OAuthConstants.TLS_CLIENT_AUTH_ISSUER_DN);
if (issuerDn != null) {
newClient.getProperties().put(OAuthConstants.TLS_CLIENT_AUTH_ISSUER_DN, issuerDn);
}
}
// Client Registration Time
newClient.setRegisteredAt(System.currentTimeMillis() / 1000L);
fromClientRegistrationToClient(request, newClient);
SecurityContext sc = mc.getSecurityContext();
if (sc != null && sc.getUserPrincipal() != null && sc.getUserPrincipal().getName() != null) {
UserSubject subject = new UserSubject(sc.getUserPrincipal().getName());
newClient.setResourceOwnerSubject(subject);
}
newClient.setRegisteredDynamically(true);
return newClient;
}
Also used :
UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject)
SecurityContext(javax.ws.rs.core.SecurityContext)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
Example 72 with Client
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class DynamicRegistrationService method fromClientRegistrationToClient.
protected void fromClientRegistrationToClient(ClientRegistration request, Client client) {
final List<String> grantTypes = client.getAllowedGrantTypes();
// Client Redirect URIs
List<String> redirectUris = request.getRedirectUris();
if (redirectUris != null) {
String appType = request.getApplicationType();
if (appType == null) {
appType = DEFAULT_APPLICATION_TYPE;
}
for (String uri : redirectUris) {
validateRequestUri(uri, appType, grantTypes);
}
client.setRedirectUris(redirectUris);
}
if (client.getRedirectUris().isEmpty() && (grantTypes.contains(OAuthConstants.AUTHORIZATION_CODE_GRANT) || grantTypes.contains(OAuthConstants.IMPLICIT_GRANT))) {
// Throw an error as we need a redirect URI for these grants.
OAuthError error = new OAuthError(OAuthConstants.INVALID_REQUEST, "A Redirection URI is required");
reportInvalidRequestError(error);
}
// Client Resource Audience URIs
List<String> resourceUris = request.getResourceUris();
if (resourceUris != null) {
client.setRegisteredAudiences(resourceUris);
}
// Client Scopes
String scope = request.getScope();
if (!StringUtils.isEmpty(scope)) {
client.setRegisteredScopes(OAuthUtils.parseScope(scope));
}
// Client Application URI
String clientUri = request.getClientUri();
if (clientUri != null) {
client.setApplicationWebUri(clientUri);
}
// Client Logo URI
String clientLogoUri = request.getLogoUri();
if (clientLogoUri != null) {
client.setApplicationLogoUri(clientLogoUri);
}
// TODO: check other properties
// Add more typed properties like tosUri, policyUri, etc to Client
// or set them as Client extra properties
}
Also used :
OAuthError(org.apache.cxf.rs.security.oauth2.common.OAuthError)
Example 73 with Client
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class DynamicRegistrationService method register.
@POST
@Consumes("application/json")
@Produces("application/json")
public Response register(ClientRegistration request) {
checkInitialAuthentication();
Client client = createNewClient(request);
createRegAccessToken(client);
clientProvider.setClient(client);
return Response.status(201).entity(fromClientToRegistrationResponse(client)).build();
}Example 74 with Client
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class DynamicRegistrationService method updateClientRegistration.
@PUT
@Path("{clientId}")
@Consumes("application/json")
@Produces("application/json")
public ClientRegistration updateClientRegistration(@PathParam("clientId") String clientId, ClientRegistration request) {
Client client = readClient(clientId);
fromClientRegistrationToClient(request, client);
clientProvider.setClient(client);
return fromClientToClientRegistration(client);
}Example 75 with Client
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class OidcHybridService method prepareRedirectResponse.
@Override
protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) {
ServerAuthorizationCodeGrant codeGrant = prepareHybrideCode(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
StringBuilder sb = super.prepareRedirectResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
if (codeGrant != null) {
sb.append('&');
sb.append(OAuthConstants.AUTHORIZATION_CODE_VALUE).append('=').append(codeGrant.getCode());
}
return sb;
}
Also used :
ServerAuthorizationCodeGrant(org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)
Aggregations
WebClient (org.apache.cxf.jaxrs.client.WebClient)112
ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)100
Response (javax.ws.rs.core.Response)79
Client (org.apache.cxf.rs.security.oauth2.common.Client)75
Form (javax.ws.rs.core.Form)64
URL (java.net.URL)59
OAuthAuthorizationData (org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData)36
ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)36
Test (org.junit.Test)35
OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)27
UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)25
AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)22
OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)21
JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)16
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)15
ArrayList (java.util.ArrayList)13
TokenIntrospection (org.apache.cxf.rs.security.oauth2.common.TokenIntrospection)12
RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)12
Book (org.apache.cxf.systest.jaxrs.security.Book)11
Consumes (javax.ws.rs.Consumes)8
