Examples with ClientAccessToken org.apache.cxf.rs.security.oauth2.common.ClientAccessToken used on opensource projects

Example 71 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class AbstractImplicitGrantService method prepareRedirectResponse.

protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) {
    ClientAccessToken clientToken = getClientAccessToken(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
    // return the token by appending it as a fragment parameter to the redirect URI
    StringBuilder sb = getUriWithFragment(state.getRedirectUri());
    sb.append(OAuthConstants.ACCESS_TOKEN).append("=").append(clientToken.getTokenKey());
    sb.append("&");
    sb.append(OAuthConstants.ACCESS_TOKEN_TYPE).append("=").append(clientToken.getTokenType());
    if (isWriteOptionalParameters()) {
        sb.append("&").append(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN).append("=").append(clientToken.getExpiresIn());
        if (!StringUtils.isEmpty(clientToken.getApprovedScope())) {
            sb.append("&").append(OAuthConstants.SCOPE).append("=").append(HttpUtils.queryEncode(clientToken.getApprovedScope()));
        }
        for (Map.Entry<String, String> entry : clientToken.getParameters().entrySet()) {
            sb.append("&").append(entry.getKey()).append("=").append(HttpUtils.queryEncode(entry.getValue()));
        }
    }
    if (clientToken.getRefreshToken() != null) {
        processRefreshToken(sb, clientToken.getRefreshToken());
    }
    finalizeResponse(sb, state);
    return sb;
}

Example 72 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class DirectAuthorizationService method authorize.

@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("text/html")
public Response authorize(MultivaluedMap<String, String> params) {
    SecurityContext sc = getAndValidateSecurityContext(params);
    Client client = getClient(params);
    // Create a UserSubject representing the end user
    UserSubject userSubject = createUserSubject(sc, params);
    AccessTokenRegistration reg = new AccessTokenRegistration();
    reg.setClient(client);
    reg.setGrantType(OAuthConstants.DIRECT_TOKEN_GRANT);
    reg.setSubject(userSubject);
    String providedScope = params.getFirst(OAuthConstants.SCOPE);
    List<String> requestedScope = OAuthUtils.getRequestedScopes(client, providedScope, useAllClientScopes, partialMatchScopeValidation);
    reg.setRequestedScope(requestedScope);
    reg.setApprovedScope(requestedScope);
    ServerAccessToken token = getDataProvider().createAccessToken(reg);
    ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters());
    return Response.ok(clientToken).build();
}

Example 73 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class OAuthUtils method toClientAccessToken.

public static ClientAccessToken toClientAccessToken(ServerAccessToken serverToken, boolean supportOptionalParams) {
    ClientAccessToken clientToken = new ClientAccessToken(serverToken.getTokenType(), serverToken.getTokenKey());
    clientToken.setRefreshToken(serverToken.getRefreshToken());
    if (supportOptionalParams) {
        clientToken.setExpiresIn(serverToken.getExpiresIn());
        List<OAuthPermission> perms = serverToken.getScopes();
        String scopeString = OAuthUtils.convertPermissionsToScope(perms);
        if (!StringUtils.isEmpty(scopeString)) {
            clientToken.setApprovedScope(scopeString);
        }
        clientToken.setParameters(new HashMap<String, String>(serverToken.getParameters()));
    }
    return clientToken;
}

Example 74 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class JAXRSOAuth2TlsTest method testTwoWayTLSClientIdIsSubjectDn.

@Test
public void testTwoWayTLSClientIdIsSubjectDn() throws Exception {
    String atServiceAddress = "https://localhost:" + PORT + "/oauth2/token";
    WebClient wc = createOAuth2WebClient(atServiceAddress);
    ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new CustomGrant());
    assertNotNull(at.getTokenKey());
    String protectedRsAddress = "https://localhost:" + PORT + "/rs/bookstore/books/123";
    WebClient wcRs = createRsWebClient(protectedRsAddress, at, "client.xml");
    Book book = wcRs.get(Book.class);
    assertEquals(123L, book.getId());
    String protectedRsAddress2 = "https://localhost:" + PORT + "/rs2/bookstore/books/123";
    WebClient wcRs2 = createRsWebClient(protectedRsAddress2, at, "client.xml");
    book = wcRs2.get(Book.class);
    assertEquals(123L, book.getId());
    String unprotectedRsAddress = "https://localhost:" + PORT + "/rsUnprotected/bookstore/books/123";
    WebClient wcRsDiffClientCert = createRsWebClient(unprotectedRsAddress, at, "client2.xml");
    // Unprotected resource
    book = wcRsDiffClientCert.get(Book.class);
    assertEquals(123L, book.getId());
    // Protected resource, access token was created with Morphit.jks key, RS is accessed with
    // Bethal.jks key, thus 401 is expected
    wcRsDiffClientCert = createRsWebClient(protectedRsAddress, at, "client2.xml");
    assertEquals(401, wcRsDiffClientCert.get().getStatus());
    wcRsDiffClientCert = createRsWebClient(protectedRsAddress2, at, "client2.xml");
    assertEquals(401, wcRsDiffClientCert.get().getStatus());
}

Example 75 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class JAXRSOAuth2TlsTest method doTestTwoWayTLSClientIdBoundJwt.

private void doTestTwoWayTLSClientIdBoundJwt(String clientId) throws Exception {
    String atServiceAddress = "https://localhost:" + PORT + "/oauth2Jwt/token";
    WebClient wc = createOAuth2WebClient(atServiceAddress);
    ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new Consumer(clientId), new CustomGrant());
    assertNotNull(at.getTokenKey());
    JwsJwtCompactConsumer c = new JwsJwtCompactConsumer(at.getTokenKey());
    JwtClaims claims = JwtUtils.jsonToClaims(c.getDecodedJwsPayload());
    Map<String, Object> cnfs = claims.getMapProperty(JwtConstants.CLAIM_CONFIRMATION);
    assertNotNull(cnfs);
    assertNotNull(cnfs.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256));
    String protectedRsAddress = "https://localhost:" + PORT + "/rsJwt/bookstore/books/123";
    WebClient wcRs = createRsWebClient(protectedRsAddress, at, "client.xml");
    Book book = wcRs.get(Book.class);
    assertEquals(123L, book.getId());
    String protectedRsAddress2 = "https://localhost:" + PORT + "/rsJwt2/bookstore/books/123";
    WebClient wcRs2 = createRsWebClient(protectedRsAddress2, at, "client.xml");
    book = wcRs2.get(Book.class);
    assertEquals(123L, book.getId());
    String unprotectedRsAddress = "https://localhost:" + PORT + "/rsUnprotected/bookstore/books/123";
    WebClient wcRsDiffClientCert = createRsWebClient(unprotectedRsAddress, at, "client2.xml");
    // Unprotected resource
    book = wcRsDiffClientCert.get(Book.class);
    assertEquals(123L, book.getId());
    // Protected resource, access token was created with Morphit.jks key, RS is accessed with
    // Bethal.jks key, thus 401 is expected
    wcRsDiffClientCert = createRsWebClient(protectedRsAddress, at, "client2.xml");
    assertEquals(401, wcRsDiffClientCert.get().getStatus());
    wcRsDiffClientCert = createRsWebClient(protectedRsAddress2, at, "client2.xml");
    assertEquals(401, wcRsDiffClientCert.get().getStatus());
}