Examples with OAuthPermission org.apache.cxf.rs.security.oauth2.common.OAuthPermission used on opensource projects

Search in sources :

Example 6 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class AuthorizationCodeGrantService method createAuthorizationData.

@Override
protected OAuthAuthorizationData createAuthorizationData(Client client, MultivaluedMap<String, String> params, String redirectUri, UserSubject subject, List<OAuthPermission> requestedPerms, List<OAuthPermission> alreadyAuthorizedPerms, boolean authorizationCanBeSkipped) {
    OAuthAuthorizationData data = super.createAuthorizationData(client, params, redirectUri, subject, requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped);
    setCodeChallenge(data, params);
    return data;
}
Also used : OAuthAuthorizationData(org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData)

Example 7 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class RedirectionBasedGrantService method startAuthorization.

protected Response startAuthorization(MultivaluedMap<String, String> params, UserSubject userSubject, Client client, String redirectUri) {
    // Enforce the client confidentiality requirements
    if (!OAuthUtils.isGrantSupportedForClient(client, canSupportPublicClient(client), supportedGrantType)) {
        LOG.fine("The grant type is not supported");
        return createErrorResponse(params, redirectUri, OAuthConstants.UNAUTHORIZED_CLIENT);
    }
    // Check response_type
    String responseType = params.getFirst(OAuthConstants.RESPONSE_TYPE);
    if (responseType == null || !getSupportedResponseTypes().contains(responseType)) {
        LOG.fine("The response type is null or not supported");
        return createErrorResponse(params, redirectUri, OAuthConstants.UNSUPPORTED_RESPONSE_TYPE);
    }
    // Get the requested scopes
    String providedScope = params.getFirst(OAuthConstants.SCOPE);
    List<String> requestedScope = null;
    List<OAuthPermission> requestedPermissions = null;
    try {
        requestedScope = OAuthUtils.getRequestedScopes(client, providedScope, useAllClientScopes, partialMatchScopeValidation);
        requestedPermissions = getDataProvider().convertScopeToPermissions(client, requestedScope);
    } catch (OAuthServiceException ex) {
        LOG.log(Level.FINE, "Error processing scopes", ex);
        return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
    }
    // Validate the audience
    String clientAudience = params.getFirst(OAuthConstants.CLIENT_AUDIENCE);
    // in the list of Client audiences set at the Client registration time.
    if (!OAuthUtils.validateAudience(clientAudience, client.getRegisteredAudiences())) {
        LOG.fine("Error validating audience parameter");
        return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_REQUEST);
    }
    // Request a new grant only if no pre-authorized token is available
    ServerAccessToken preAuthorizedToken = null;
    if (canAccessTokenBeReturned(responseType)) {
        preAuthorizedToken = getDataProvider().getPreauthorizedToken(client, requestedScope, userSubject, supportedGrantType);
    }
    List<OAuthPermission> alreadyAuthorizedPerms = null;
    boolean preAuthorizationComplete = false;
    if (preAuthorizedToken != null) {
        alreadyAuthorizedPerms = preAuthorizedToken.getScopes();
        preAuthorizationComplete = OAuthUtils.convertPermissionsToScopeList(alreadyAuthorizedPerms).containsAll(requestedScope);
    }
    Response finalResponse = null;
    try {
        final boolean authorizationCanBeSkipped = preAuthorizationComplete || canAuthorizationBeSkipped(params, client, userSubject, requestedScope, requestedPermissions);
        // Populate the authorization challenge data
        OAuthAuthorizationData data = createAuthorizationData(client, params, redirectUri, userSubject, requestedPermissions, alreadyAuthorizedPerms, authorizationCanBeSkipped);
        if (authorizationCanBeSkipped) {
            getMessageContext().put(AUTHORIZATION_REQUEST_PARAMETERS, params);
            List<OAuthPermission> approvedScopes = preAuthorizationComplete ? preAuthorizedToken.getScopes() : requestedPermissions;
            finalResponse = createGrant(data, client, requestedScope, OAuthUtils.convertPermissionsToScopeList(approvedScopes), userSubject, preAuthorizedToken);
        } else {
            if (preAuthorizedToken != null) {
                data.setPreauthorizedTokenKey(preAuthorizedToken.getTokenKey());
            }
            finalResponse = Response.ok(data).build();
        }
    } catch (OAuthServiceException ex) {
        finalResponse = createErrorResponse(params, redirectUri, ex.getError().getError());
    }
    return finalResponse;
}
Also used : Response(javax.ws.rs.core.Response) OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) OAuthAuthorizationData(org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData)

Example 8 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class ModelEncryptionSupport method tokenizeServerToken.

private static String tokenizeServerToken(ServerAccessToken token) {
    StringBuilder state = new StringBuilder();
    // 0: key
    state.append(tokenizeString(token.getTokenKey()));
    // 1: type
    state.append(SEP);
    state.append(tokenizeString(token.getTokenType()));
    // 2: expiresIn
    state.append(SEP);
    state.append(token.getExpiresIn());
    // 3: issuedAt
    state.append(SEP);
    state.append(token.getIssuedAt());
    // 4: client id
    state.append(SEP);
    state.append(tokenizeString(token.getClient().getClientId()));
    // 5: refresh token
    state.append(SEP);
    state.append(tokenizeString(token.getRefreshToken()));
    // 6: grant type
    state.append(SEP);
    state.append(tokenizeString(token.getGrantType()));
    // 7: audience
    state.append(SEP);
    state.append(token.getAudiences().toString());
    // 8: other parameters
    state.append(SEP);
    // {key=value, key=value}
    state.append(token.getParameters().toString());
    // 9: permissions
    state.append(SEP);
    if (token.getScopes().isEmpty()) {
        state.append(" ");
    } else {
        for (OAuthPermission p : token.getScopes()) {
            // 9.1
            state.append(tokenizeString(p.getPermission()));
            state.append(".");
            // 9.2
            state.append(tokenizeString(p.getDescription()));
            state.append(".");
            // 9.3
            state.append(p.isDefaultPermission());
            state.append(".");
            // 9.4
            state.append(p.getHttpVerbs().toString());
            state.append(".");
            // 9.5
            state.append(p.getUris().toString());
        }
    }
    state.append(SEP);
    // 10: code verifier
    state.append(tokenizeString(token.getClientCodeVerifier()));
    state.append(SEP);
    // 11: user subject
    tokenizeUserSubject(state, token.getSubject());
    // 13: extra properties
    state.append(SEP);
    // {key=value, key=value}
    state.append(token.getExtraProperties().toString());
    return state.toString();
}
Also used : OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission)

Example 9 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class JCacheOAuthDataProviderTest method testAddGetDeleteAccessToken.

@Ignore
@Test
public void testAddGetDeleteAccessToken() {
    Client c = addClient("101", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Collections.singletonList("a"));
    atr.setSubject(c.getResourceOwnerSubject());
    ServerAccessToken at = provider.createAccessToken(atr);
    ServerAccessToken at2 = provider.getAccessToken(at.getTokenKey());
    assertEquals(at.getTokenKey(), at2.getTokenKey());
    List<OAuthPermission> scopes = at2.getScopes();
    assertNotNull(scopes);
    assertEquals(1, scopes.size());
    OAuthPermission perm = scopes.get(0);
    assertEquals("a", perm.getPermission());
    List<ServerAccessToken> tokens = provider.getAccessTokens(c, c.getResourceOwnerSubject());
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
    tokens = provider.getAccessTokens(c, null);
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
    tokens = provider.getAccessTokens(null, c.getResourceOwnerSubject());
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
    tokens = provider.getAccessTokens(null, null);
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
    provider.revokeToken(c, at.getTokenKey(), OAuthConstants.ACCESS_TOKEN);
    assertNull(provider.getAccessToken(at.getTokenKey()));
}
Also used : OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 10 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class JCacheOAuthDataProviderTest method testAddGetDeleteRefreshToken.

@Ignore
@Test
public void testAddGetDeleteRefreshToken() {
    Client c = addClient("101", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Arrays.asList("a", "refreshToken"));
    atr.setSubject(c.getResourceOwnerSubject());
    ServerAccessToken at = provider.createAccessToken(atr);
    ServerAccessToken at2 = provider.getAccessToken(at.getTokenKey());
    assertEquals(at.getTokenKey(), at2.getTokenKey());
    List<OAuthPermission> scopes = at2.getScopes();
    assertNotNull(scopes);
    assertEquals(2, scopes.size());
    OAuthPermission perm = scopes.get(0);
    assertEquals("a", perm.getPermission());
    OAuthPermission perm2 = scopes.get(1);
    assertEquals("refreshToken", perm2.getPermission());
    RefreshToken rt = provider.getRefreshToken(at2.getRefreshToken());
    assertNotNull(rt);
    assertEquals(at2.getTokenKey(), rt.getAccessTokens().get(0));
    List<RefreshToken> tokens = provider.getRefreshTokens(c, c.getResourceOwnerSubject());
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(rt.getTokenKey(), tokens.get(0).getTokenKey());
    provider.revokeToken(c, rt.getTokenKey(), OAuthConstants.REFRESH_TOKEN);
    assertNull(provider.getRefreshToken(rt.getTokenKey()));
}
Also used : OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Ignore(org.junit.Ignore) Test(org.junit.Test)

Aggregations

OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)22 ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)8 LinkedList (java.util.LinkedList)6 Client (org.apache.cxf.rs.security.oauth2.common.Client)6 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)4 OAuthAuthorizationData (org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData)4 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)4 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)4 RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)4 Test (org.junit.Test)4 ArrayList (java.util.ArrayList)3 AccessTokenValidation (org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation)3 Instant (java.time.Instant)2 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)2 OAuthContext (org.apache.cxf.rs.security.oauth2.common.OAuthContext)2 OAuthError (org.apache.cxf.rs.security.oauth2.common.OAuthError)2 BearerAccessToken (org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)2 Ignore (org.junit.Ignore)2 X509Certificate (java.security.cert.X509Certificate)1 HashMap (java.util.HashMap)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial