Examples with OAuthPermission org.apache.cxf.rs.security.oauth2.common.OAuthPermission used on opensource projects

Example 21 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class AbstractOAuthDataProvider method convertSingleScopeToPermission.

protected void convertSingleScopeToPermission(Client client, String scope, List<OAuthPermission> perms) {
    OAuthPermission permission = permissionMap.get(scope);
    if (permission == null) {
        throw new OAuthServiceException("Unexpected scope: " + scope);
    }
    perms.add(permission);
}

Example 22 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class ImplicitGrantService method createAuthorizationData.

@Override
protected OAuthAuthorizationData createAuthorizationData(Client client, MultivaluedMap<String, String> params, String redirectUri, UserSubject subject, List<OAuthPermission> requestedPerms, List<OAuthPermission> alreadyAuthorizedPerms, boolean authorizationCanBeSkipped) {
    OAuthAuthorizationData data = super.createAuthorizationData(client, params, redirectUri, subject, requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped);
    data.setImplicitFlow(true);
    return data;
}

Example 23 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class RedirectionBasedGrantService method createAuthorizationData.

/**
 * Create the authorization challenge data
 */
protected OAuthAuthorizationData createAuthorizationData(Client client, MultivaluedMap<String, String> params, String redirectUri, UserSubject subject, List<OAuthPermission> requestedPerms, List<OAuthPermission> alreadyAuthorizedPerms, boolean authorizationCanBeSkipped) {
    OAuthAuthorizationData secData = new OAuthAuthorizationData();
    secData.setState(params.getFirst(OAuthConstants.STATE));
    secData.setRedirectUri(redirectUri);
    secData.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
    secData.setNonce(params.getFirst(OAuthConstants.NONCE));
    secData.setClientId(client.getClientId());
    secData.setResponseType(params.getFirst(OAuthConstants.RESPONSE_TYPE));
    if (requestedPerms != null && !requestedPerms.isEmpty()) {
        StringBuilder builder = new StringBuilder();
        for (OAuthPermission perm : requestedPerms) {
            builder.append(perm.getPermission() + " ");
        }
        secData.setProposedScope(builder.toString().trim());
    }
    if (!authorizationCanBeSkipped) {
        secData.setPermissions(requestedPerms);
        secData.setAlreadyAuthorizedPermissions(alreadyAuthorizedPerms);
        secData.setHidePreauthorizedScopesInForm(hidePreauthorizedScopesInForm);
        secData.setApplicationName(client.getApplicationName());
        secData.setApplicationWebUri(client.getApplicationWebUri());
        secData.setApplicationDescription(client.getApplicationDescription());
        secData.setApplicationLogoUri(client.getApplicationLogoUri());
        secData.setApplicationCertificates(client.getApplicationCertificates());
        Map<String, String> extraProperties = client.getProperties();
        secData.setExtraApplicationProperties(extraProperties);
        secData.setApplicationRegisteredDynamically(client.isRegisteredDynamically());
        secData.setSupportSinglePageApplications(supportSinglePageApplications);
        String replyTo = getMessageContext().getUriInfo().getAbsolutePathBuilder().path("decision").build().toString();
        secData.setReplyTo(replyTo);
        personalizeData(secData, subject);
        addAuthenticityTokenToSession(secData, params, subject);
    }
    return secData;
}

Example 24 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class JwtTokenUtils method createAccessTokenFromJwt.

public static ServerAccessToken createAccessTokenFromJwt(JoseJwtConsumer consumer, String jose, ClientRegistrationProvider clientProvider, Map<String, String> claimsMap) {
    JwtClaims claims = consumer.getJwtToken(jose).getClaims();
    // 'client_id' or 'cid', default client_id
    String clientIdClaimName = JwtTokenUtils.getClaimName(OAuthConstants.CLIENT_ID, OAuthConstants.CLIENT_ID, claimsMap);
    String clientId = claims.getStringProperty(clientIdClaimName);
    Client c = clientProvider.getClient(clientId);
    long issuedAt = claims.getIssuedAt();
    long lifetime = claims.getExpiryTime() - issuedAt;
    BearerAccessToken at = new BearerAccessToken(c, jose, lifetime, issuedAt);
    List<String> audiences = claims.getAudiences();
    if (audiences != null && !audiences.isEmpty()) {
        at.setAudiences(claims.getAudiences());
    }
    String issuer = claims.getIssuer();
    if (issuer != null) {
        at.setIssuer(issuer);
    }
    Object scope = claims.getClaim(OAuthConstants.SCOPE);
    if (scope != null) {
        String[] scopes = scope instanceof String ? scope.toString().split(" ") : CastUtils.cast((List<?>) scope).toArray(new String[] {});
        List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
        for (String s : scopes) {
            if (!StringUtils.isEmpty(s)) {
                perms.add(new OAuthPermission(s.trim()));
            }
        }
        at.setScopes(perms);
    }
    final String usernameProp = "username";
    String usernameClaimName = JwtTokenUtils.getClaimName(usernameProp, usernameProp, claimsMap);
    String username = claims.getStringProperty(usernameClaimName);
    String subject = claims.getSubject();
    if (username != null) {
        UserSubject userSubject = new UserSubject(username);
        if (subject != null) {
            userSubject.setId(subject);
        }
        at.setSubject(userSubject);
    } else if (subject != null) {
        at.setSubject(new UserSubject(subject));
    }
    String grantType = claims.getStringProperty(OAuthConstants.GRANT_TYPE);
    if (grantType != null) {
        at.setGrantType(grantType);
    }
    String grantCode = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_GRANT);
    if (grantCode != null) {
        at.setGrantCode(grantCode);
    }
    String codeVerifier = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
    if (codeVerifier != null) {
        at.setClientCodeVerifier(codeVerifier);
    }
    String nonce = claims.getStringProperty(OAuthConstants.NONCE);
    if (nonce != null) {
        at.setNonce(nonce);
    }
    Map<String, String> extraProperties = CastUtils.cast((Map<?, ?>) claims.getClaim("extra_properties"));
    if (extraProperties != null) {
        at.getExtraProperties().putAll(extraProperties);
        Map<String, Object> cnfClaim = CastUtils.cast((Map<?, ?>) claims.getClaim(JwtConstants.CLAIM_CONFIRMATION));
        if (cnfClaim != null) {
            Object certCnf = cnfClaim.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256);
            if (certCnf != null) {
                at.getExtraProperties().put(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, certCnf.toString());
            }
        }
    }
    return at;
}

Example 25 with OAuthPermission

use of org.apache.cxf.rs.security.oauth2.common.OAuthPermission in project cxf by apache.

the class OAuthUtils method toClientAccessToken.

public static ClientAccessToken toClientAccessToken(ServerAccessToken serverToken, boolean supportOptionalParams) {
    ClientAccessToken clientToken = new ClientAccessToken(serverToken.getTokenType(), serverToken.getTokenKey());
    clientToken.setRefreshToken(serverToken.getRefreshToken());
    if (supportOptionalParams) {
        clientToken.setExpiresIn(serverToken.getExpiresIn());
        List<OAuthPermission> perms = serverToken.getScopes();
        String scopeString = OAuthUtils.convertPermissionsToScope(perms);
        if (!StringUtils.isEmpty(scopeString)) {
            clientToken.setApprovedScope(scopeString);
        }
        clientToken.setParameters(new HashMap<String, String>(serverToken.getParameters()));
    }
    return clientToken;
}