Examples with OAuthPermission org.apache.cxf.rs.security.oauth2.common.OAuthPermission used on opensource projects

Example 1 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class AccessTokenIntrospectionClient method convertIntrospectionToValidation.

private AccessTokenValidation convertIntrospectionToValidation(TokenIntrospection response) {
    AccessTokenValidation atv = new AccessTokenValidation();
    atv.setInitialValidationSuccessful(response.isActive());
    if (response.getClientId() != null) {
        atv.setClientId(response.getClientId());
    }
    if (response.getIat() != null) {
        atv.setTokenIssuedAt(response.getIat());
    } else {
        Instant now = Instant.now();
        atv.setTokenIssuedAt(now.toEpochMilli());
    }
    if (response.getExp() != null) {
        atv.setTokenLifetime(response.getExp() - atv.getTokenIssuedAt());
    }
    if (!StringUtils.isEmpty(response.getAud())) {
        atv.setAudiences(response.getAud());
    }
    if (response.getIss() != null) {
        atv.setTokenIssuer(response.getIss());
    }
    if (response.getScope() != null) {
        String[] scopes = response.getScope().split(" ");
        List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
        for (String s : scopes) {
            if (!StringUtils.isEmpty(s)) {
                perms.add(new OAuthPermission(s.trim()));
            }
        }
        atv.setTokenScopes(perms);
    }
    if (response.getUsername() != null) {
        atv.setTokenSubject(new UserSubject(response.getUsername()));
    }
    atv.getExtraProps().putAll(response.getExtensions());
    return atv;
}

Example 2 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class OAuthScopesFilter method checkScopes.

protected void checkScopes(Method m) {
    List<String> methodScopes = scopesMap.get(m.getName());
    if (methodScopes == null) {
        return;
    }
    boolean matchAll = scopesMatchAllMap.get(m.getName());
    OAuthContext context = OAuthContextUtils.getContext(mc);
    List<String> requestScopes = new LinkedList<String>();
    for (OAuthPermission perm : context.getPermissions()) {
        if (matchAll) {
            requestScopes.add(perm.getPermission());
        } else if (methodScopes.contains(perm.getPermission())) {
            return;
        }
    }
    if (!requestScopes.containsAll(methodScopes)) {
        LOG.warning("Scopes do not match");
        throw ExceptionUtils.toForbiddenException(null, null);
    }
}

Example 3 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class AbstractOAuthDataProvider method doRefreshAccessToken.

protected ServerAccessToken doRefreshAccessToken(Client client, RefreshToken oldRefreshToken, List<String> restrictedScopes) {
    ServerAccessToken at = createNewAccessToken(client, oldRefreshToken.getSubject());
    at.setAudiences(oldRefreshToken.getAudiences() != null ? new ArrayList<String>(oldRefreshToken.getAudiences()) : null);
    at.setGrantType(oldRefreshToken.getGrantType());
    at.setGrantCode(oldRefreshToken.getGrantCode());
    at.setSubject(oldRefreshToken.getSubject());
    at.setNonce(oldRefreshToken.getNonce());
    at.setClientCodeVerifier(oldRefreshToken.getClientCodeVerifier());
    if (restrictedScopes.isEmpty()) {
        at.setScopes(oldRefreshToken.getScopes() != null ? new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null);
    } else {
        List<OAuthPermission> theNewScopes = convertScopeToPermissions(client, restrictedScopes);
        if (oldRefreshToken.getScopes().containsAll(theNewScopes)) {
            at.setScopes(theNewScopes);
        } else {
            throw new OAuthServiceException("Invalid scopes");
        }
    }
    return at;
}

Example 4 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class AbstractOAuthDataProvider method setSupportedScopes.

public void setSupportedScopes(Map<String, String> scopes) {
    for (Map.Entry<String, String> entry : scopes.entrySet()) {
        OAuthPermission permission = new OAuthPermission(entry.getKey(), entry.getValue());
        permissionMap.put(entry.getKey(), permission);
    }
}

Example 5 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class AbstractOAuthDataProvider method doCreateAccessToken.

protected ServerAccessToken doCreateAccessToken(AccessTokenRegistration atReg) {
    ServerAccessToken at = createNewAccessToken(atReg.getClient(), atReg.getSubject());
    at.setAudiences(atReg.getAudiences());
    at.setGrantType(atReg.getGrantType());
    List<String> theScopes = atReg.getApprovedScope();
    List<OAuthPermission> thePermissions = convertScopeToPermissions(atReg.getClient(), theScopes);
    at.setScopes(thePermissions);
    at.setSubject(atReg.getSubject());
    at.setClientCodeVerifier(atReg.getClientCodeVerifier());
    at.setNonce(atReg.getNonce());
    at.setResponseType(atReg.getResponseType());
    at.setGrantCode(atReg.getGrantCode());
    at.getExtraProperties().putAll(atReg.getExtraProperties());
    if (messageContext != null) {
        String certCnf = (String) messageContext.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256);
        if (certCnf != null) {
            // At a later stage we will likely introduce a dedicate Confirmation bean (as it is used in POP etc)
            at.getExtraProperties().put(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, certCnf);
        }
    }
    if (isUseJwtFormatForAccessTokens()) {
        JwtClaims claims = createJwtAccessToken(at);
        String jose = processJwtAccessToken(claims);
        at.setTokenKey(jose);
    }
    return at;
}