use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class AccessTokenValidatorClient method validateAccessToken.
public AccessTokenValidation validateAccessToken(MessageContext mc, String authScheme, String authSchemeData, MultivaluedMap<String, String> extraProps) throws OAuthServiceException {
WebClient client = WebClient.fromClient(tokenValidatorClient, true);
MultivaluedMap<String, String> props = new MetadataMap<>();
props.putSingle(OAuthConstants.AUTHORIZATION_SCHEME_TYPE, authScheme);
props.putSingle(OAuthConstants.AUTHORIZATION_SCHEME_DATA, authSchemeData);
if (extraProps != null) {
props.putAll(extraProps);
}
try {
return client.post(props, AccessTokenValidation.class);
} catch (WebApplicationException ex) {
throw new OAuthServiceException(ex);
}
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class AbstractTokenService method authenticateClientIfNeeded.
/**
* Make sure the client is authenticated
*/
protected Client authenticateClientIfNeeded(MultivaluedMap<String, String> params) {
Client client = null;
SecurityContext sc = getMessageContext().getSecurityContext();
Principal principal = sc.getUserPrincipal();
String clientId = retrieveClientId(params);
if (principal == null) {
if (clientId != null) {
String clientSecret = params.getFirst(OAuthConstants.CLIENT_SECRET);
if (clientSecret != null) {
client = getAndValidateClientFromIdAndSecret(clientId, clientSecret, params);
validateClientAuthenticationMethod(client, OAuthConstants.TOKEN_ENDPOINT_AUTH_POST);
} else if (OAuthUtils.isMutualTls(sc, getTlsSessionInfo())) {
client = getClient(clientId, params);
checkCertificateBinding(client, getTlsSessionInfo());
validateClientAuthenticationMethod(client, OAuthConstants.TOKEN_ENDPOINT_AUTH_TLS);
} else if (canSupportPublicClients) {
client = getValidClient(clientId, params);
if (!isValidPublicClient(client, clientId)) {
client = null;
} else {
validateClientAuthenticationMethod(client, OAuthConstants.TOKEN_ENDPOINT_AUTH_NONE);
}
}
}
} else {
if (clientId != null) {
if (!clientId.equals(principal.getName())) {
reportInvalidClient();
}
client = (Client) getMessageContext().get(Client.class.getName());
if (client == null) {
client = getClient(clientId, params);
}
} else if (principal.getName() != null) {
client = getClient(principal.getName(), params);
}
}
if (client == null) {
client = getClientFromTLSCertificates(sc, getTlsSessionInfo(), params);
if (client == null) {
// Basic Authentication is expected by default
client = getClientFromBasicAuthScheme(params);
}
}
if (client == null) {
reportInvalidClient();
}
return client;
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class AbstractOAuthDataProviderTest method testAddGetDeleteAccessToken2.
@Test
public void testAddGetDeleteAccessToken2() {
Client c = addClient("102", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Collections.singletonList("a"));
atr.setSubject(c.getResourceOwnerSubject());
getProvider().createAccessToken(atr);
List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
validateAccessToken(tokens.get(0));
getProvider().removeClient(c.getClientId());
tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(0, tokens.size());
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class AbstractOAuthDataProviderTest method testAddGetDeleteClient.
@Test
public void testAddGetDeleteClient() {
Client c = addClient("12345", "alice");
Client c2 = getProvider().getClient(c.getClientId());
compareClients(c, c2);
c2.setClientSecret("567");
getProvider().setClient(c2);
Client c22 = getProvider().getClient(c.getClientId());
compareClients(c2, c22);
getProvider().removeClient(c.getClientId());
Client c3 = getProvider().getClient(c.getClientId());
assertNull(c3);
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class AbstractOAuthDataProviderTest method testAddGetDeleteAccessTokenWithNullSubject.
@Test
public void testAddGetDeleteAccessTokenWithNullSubject() {
Client c = addClient("102", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Collections.singletonList("a"));
atr.setSubject(null);
getProvider().createAccessToken(atr);
List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
validateAccessToken(tokens.get(0));
getProvider().removeClient(c.getClientId());
tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(0, tokens.size());
}
Aggregations