Search in sources :

Example 1 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class DefaultEHCacheOAuthDataProvider method getAccessTokens.

@Override
public List<ServerAccessToken> getAccessTokens(Client c, UserSubject sub) {
    List<String> keys = CastUtils.cast(accessTokenCache.getKeys());
    List<ServerAccessToken> tokens = new ArrayList<>(keys.size());
    for (String key : keys) {
        ServerAccessToken token = getAccessToken(key);
        if (isTokenMatched(token, c, sub)) {
            tokens.add(token);
        }
    }
    return tokens;
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) ArrayList(java.util.ArrayList)

Example 2 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class DefaultEHCacheOAuthDataProvider method getAccessToken.

@Override
public ServerAccessToken getAccessToken(String accessToken) throws OAuthServiceException {
    ServerAccessToken at = null;
    if (isUseJwtFormatForAccessTokens() && isStoreJwtTokenKeyOnly()) {
        String jose = getCacheValue(accessTokenCache, accessToken, String.class);
        if (jose != null) {
            JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer;
            at = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this, super.getJwtAccessTokenClaimMap());
        }
    } else {
        at = getCacheValue(accessTokenCache, accessToken, ServerAccessToken.class);
    }
    return at;
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) JoseJwtConsumer(org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)

Example 3 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class JCacheOAuthDataProviderTest method testAddGetDeleteAccessToken.

@Ignore
@Test
public void testAddGetDeleteAccessToken() {
    Client c = addClient("101", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Collections.singletonList("a"));
    atr.setSubject(c.getResourceOwnerSubject());
    ServerAccessToken at = provider.createAccessToken(atr);
    ServerAccessToken at2 = provider.getAccessToken(at.getTokenKey());
    assertEquals(at.getTokenKey(), at2.getTokenKey());
    List<OAuthPermission> scopes = at2.getScopes();
    assertNotNull(scopes);
    assertEquals(1, scopes.size());
    OAuthPermission perm = scopes.get(0);
    assertEquals("a", perm.getPermission());
    List<ServerAccessToken> tokens = provider.getAccessTokens(c, c.getResourceOwnerSubject());
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
    tokens = provider.getAccessTokens(c, null);
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
    tokens = provider.getAccessTokens(null, c.getResourceOwnerSubject());
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
    tokens = provider.getAccessTokens(null, null);
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
    provider.revokeToken(c, at.getTokenKey(), OAuthConstants.ACCESS_TOKEN);
    assertNull(provider.getAccessToken(at.getTokenKey()));
}
Also used : OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 4 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class JCacheOAuthDataProviderTest method testAddGetDeleteAccessToken2.

@Ignore
@Test
public void testAddGetDeleteAccessToken2() {
    Client c = addClient("102", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Collections.singletonList("a"));
    atr.setSubject(c.getResourceOwnerSubject());
    provider.createAccessToken(atr);
    List<ServerAccessToken> tokens = provider.getAccessTokens(c, null);
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    provider.removeClient(c.getClientId());
    tokens = provider.getAccessTokens(c, null);
    assertNotNull(tokens);
    assertEquals(0, tokens.size());
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 5 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class JCacheOAuthDataProviderTest method testAddGetDeleteRefreshToken.

@Ignore
@Test
public void testAddGetDeleteRefreshToken() {
    Client c = addClient("101", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Arrays.asList("a", "refreshToken"));
    atr.setSubject(c.getResourceOwnerSubject());
    ServerAccessToken at = provider.createAccessToken(atr);
    ServerAccessToken at2 = provider.getAccessToken(at.getTokenKey());
    assertEquals(at.getTokenKey(), at2.getTokenKey());
    List<OAuthPermission> scopes = at2.getScopes();
    assertNotNull(scopes);
    assertEquals(2, scopes.size());
    OAuthPermission perm = scopes.get(0);
    assertEquals("a", perm.getPermission());
    OAuthPermission perm2 = scopes.get(1);
    assertEquals("refreshToken", perm2.getPermission());
    RefreshToken rt = provider.getRefreshToken(at2.getRefreshToken());
    assertNotNull(rt);
    assertEquals(at2.getTokenKey(), rt.getAccessTokens().get(0));
    List<RefreshToken> tokens = provider.getRefreshTokens(c, c.getResourceOwnerSubject());
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(rt.getTokenKey(), tokens.get(0).getTokenKey());
    provider.revokeToken(c, rt.getTokenKey(), OAuthConstants.REFRESH_TOKEN);
    assertNull(provider.getRefreshToken(rt.getTokenKey()));
}
Also used : OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Ignore(org.junit.Ignore) Test(org.junit.Test)

Aggregations

ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)54 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)24 Client (org.apache.cxf.rs.security.oauth2.common.Client)24 Test (org.junit.Test)21 OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)15 RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)15 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)12 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)11 BearerAccessToken (org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)7 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)6 ServerAuthorizationCodeGrant (org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)6 JoseJwtConsumer (org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)5 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)5 ArrayList (java.util.ArrayList)4 ByteArrayInputStream (java.io.ByteArrayInputStream)3 LinkedList (java.util.LinkedList)3 Map (java.util.Map)3 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)3 Ignore (org.junit.Ignore)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2