Search in sources :

Example 11 with OAuthAuthorizationData

use of org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData in project cxf by apache.

the class OIDCFiltersTest method makeAuthorizationCodeInvocation.

private String makeAuthorizationCodeInvocation(WebClient client) {
    // Make initial authorization request
    client.type("application/json").accept("application/json");
    Response response = client.get();
    OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
    // Now call "decision" to get the authorization code grant
    client.path("decision");
    client.type("application/x-www-form-urlencoded");
    Form form = new Form();
    form.param("session_authenticity_token", authzData.getAuthenticityToken());
    form.param("client_id", authzData.getClientId());
    form.param("redirect_uri", authzData.getRedirectUri());
    if (authzData.getProposedScope() != null) {
        form.param("scope", authzData.getProposedScope());
    }
    form.param("state", authzData.getState());
    form.param("oauthDecision", "allow");
    response = client.post(form);
    return response.getHeaderString("Location");
}
Also used : Response(javax.ws.rs.core.Response) Form(javax.ws.rs.core.Form) OAuthAuthorizationData(org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData)

Example 12 with OAuthAuthorizationData

use of org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData in project cxf by apache.

the class AuthorizationGrantTest method testImplicitGrant.

@org.junit.Test
public void testImplicitGrant() throws Exception {
    URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Access Token
    client.type("application/json").accept("application/json");
    client.query("client_id", "consumer-id");
    client.query("redirect_uri", "http://www.blah.apache.org");
    client.query("response_type", "token");
    client.path("authorize-implicit/");
    Response response = client.get();
    OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
    // Now call "decision" to get the access token
    client.path("decision");
    client.type("application/x-www-form-urlencoded");
    Form form = new Form();
    form.param("session_authenticity_token", authzData.getAuthenticityToken());
    form.param("client_id", authzData.getClientId());
    form.param("redirect_uri", authzData.getRedirectUri());
    form.param("oauthDecision", "allow");
    response = client.post(form);
    String location = response.getHeaderString("Location");
    String accessToken = OAuth2TestUtils.getSubstring(location, "access_token");
    assertNotNull(accessToken);
}
Also used : Response(javax.ws.rs.core.Response) Form(javax.ws.rs.core.Form) WebClient(org.apache.cxf.jaxrs.client.WebClient) OAuthAuthorizationData(org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData) URL(java.net.URL)

Example 13 with OAuthAuthorizationData

use of org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData in project cxf by apache.

the class ImplicitGrantService method createAuthorizationData.

@Override
protected OAuthAuthorizationData createAuthorizationData(Client client, MultivaluedMap<String, String> params, String redirectUri, UserSubject subject, List<OAuthPermission> requestedPerms, List<OAuthPermission> alreadyAuthorizedPerms, boolean authorizationCanBeSkipped) {
    OAuthAuthorizationData data = super.createAuthorizationData(client, params, redirectUri, subject, requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped);
    data.setImplicitFlow(true);
    return data;
}
Also used : OAuthAuthorizationData(org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData)

Example 14 with OAuthAuthorizationData

use of org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData in project cxf by apache.

the class RedirectionBasedGrantService method createAuthorizationData.

/**
 * Create the authorization challenge data
 */
protected OAuthAuthorizationData createAuthorizationData(Client client, MultivaluedMap<String, String> params, String redirectUri, UserSubject subject, List<OAuthPermission> requestedPerms, List<OAuthPermission> alreadyAuthorizedPerms, boolean authorizationCanBeSkipped) {
    OAuthAuthorizationData secData = new OAuthAuthorizationData();
    secData.setState(params.getFirst(OAuthConstants.STATE));
    secData.setRedirectUri(redirectUri);
    secData.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
    secData.setNonce(params.getFirst(OAuthConstants.NONCE));
    secData.setClientId(client.getClientId());
    secData.setResponseType(params.getFirst(OAuthConstants.RESPONSE_TYPE));
    if (requestedPerms != null && !requestedPerms.isEmpty()) {
        StringBuilder builder = new StringBuilder();
        for (OAuthPermission perm : requestedPerms) {
            builder.append(perm.getPermission() + " ");
        }
        secData.setProposedScope(builder.toString().trim());
    }
    if (!authorizationCanBeSkipped) {
        secData.setPermissions(requestedPerms);
        secData.setAlreadyAuthorizedPermissions(alreadyAuthorizedPerms);
        secData.setHidePreauthorizedScopesInForm(hidePreauthorizedScopesInForm);
        secData.setApplicationName(client.getApplicationName());
        secData.setApplicationWebUri(client.getApplicationWebUri());
        secData.setApplicationDescription(client.getApplicationDescription());
        secData.setApplicationLogoUri(client.getApplicationLogoUri());
        secData.setApplicationCertificates(client.getApplicationCertificates());
        Map<String, String> extraProperties = client.getProperties();
        secData.setExtraApplicationProperties(extraProperties);
        secData.setApplicationRegisteredDynamically(client.isRegisteredDynamically());
        secData.setSupportSinglePageApplications(supportSinglePageApplications);
        String replyTo = getMessageContext().getUriInfo().getAbsolutePathBuilder().path("decision").build().toString();
        secData.setReplyTo(replyTo);
        personalizeData(secData, subject);
        addAuthenticityTokenToSession(secData, params, subject);
    }
    return secData;
}
Also used : OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission) OAuthAuthorizationData(org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData)

Aggregations

OAuthAuthorizationData (org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData)14 Response (javax.ws.rs.core.Response)10 Form (javax.ws.rs.core.Form)9 URL (java.net.URL)5 WebClient (org.apache.cxf.jaxrs.client.WebClient)5 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)4 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)4 OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)2 OAuthJSONProvider (org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider)2 ArrayList (java.util.ArrayList)1 Client (javax.ws.rs.client.Client)1 WebTarget (javax.ws.rs.client.WebTarget)1 JSONProvider (org.apache.cxf.jaxrs.provider.json.JSONProvider)1 JsonMapObjectProvider (org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider)1 JsonWebKeysProvider (org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider)1 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)1 ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)1 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)1 Test (org.junit.Test)1