Search in sources :

Example 46 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class AbstractOAuthDataProvider method removeClientTokens.

protected void removeClientTokens(Client c) {
    List<RefreshToken> refreshTokens = getRefreshTokens(c, null);
    if (refreshTokens != null) {
        for (RefreshToken rt : refreshTokens) {
            revokeRefreshToken(rt.getTokenKey());
        }
    }
    List<ServerAccessToken> accessTokens = getAccessTokens(c, null);
    if (accessTokens != null) {
        for (ServerAccessToken at : accessTokens) {
            revokeAccessToken(at.getTokenKey());
        }
    }
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)

Example 47 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class AbstractOAuthDataProvider method handleLinkedRefreshToken.

protected void handleLinkedRefreshToken(ServerAccessToken accessToken) {
    if (accessToken != null && accessToken.getRefreshToken() != null) {
        RefreshToken rt = getRefreshToken(accessToken.getRefreshToken());
        if (rt == null) {
            return;
        }
        unlinkRefreshAccessToken(rt, accessToken.getTokenKey());
        if (rt.getAccessTokens().isEmpty()) {
            revokeRefreshToken(rt.getTokenKey());
        } else {
            saveRefreshToken(rt);
        }
    }
}
Also used : RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)

Example 48 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class AbstractOAuthDataProvider method createAccessToken.

@Override
public ServerAccessToken createAccessToken(AccessTokenRegistration reg) throws OAuthServiceException {
    ServerAccessToken at = doCreateAccessToken(reg);
    saveAccessToken(at);
    if (isRefreshTokenSupported(reg.getApprovedScope())) {
        createNewRefreshToken(at);
    }
    return at;
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)

Example 49 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class AbstractOAuthDataProvider method refreshAccessToken.

@Override
public ServerAccessToken refreshAccessToken(Client client, String refreshTokenKey, List<String> restrictedScopes) throws OAuthServiceException {
    RefreshToken currentRefreshToken = recycleRefreshTokens ? revokeRefreshToken(refreshTokenKey) : getRefreshToken(refreshTokenKey);
    if (currentRefreshToken == null) {
        throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
    }
    if (OAuthUtils.isExpired(currentRefreshToken.getIssuedAt(), currentRefreshToken.getExpiresIn())) {
        if (!recycleRefreshTokens) {
            revokeRefreshToken(refreshTokenKey);
        }
        throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
    }
    if (recycleRefreshTokens) {
        revokeAccessTokens(currentRefreshToken);
    }
    ServerAccessToken at = doRefreshAccessToken(client, currentRefreshToken, restrictedScopes);
    saveAccessToken(at);
    if (recycleRefreshTokens) {
        createNewRefreshToken(at);
    } else {
        updateExistingRefreshToken(currentRefreshToken, at);
    }
    return at;
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)

Example 50 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class JCacheOAuthDataProvider method getJwtAccessTokens.

protected List<ServerAccessToken> getJwtAccessTokens(Client client, UserSubject sub) {
    final Set<String> toRemove = new HashSet<>();
    final List<ServerAccessToken> tokens = new ArrayList<>();
    for (Iterator<Cache.Entry<String, String>> it = jwtAccessTokenCache.iterator(); it.hasNext(); ) {
        Cache.Entry<String, String> entry = it.next();
        String jose = entry.getValue();
        JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer;
        ServerAccessToken token = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this, super.getJwtAccessTokenClaimMap());
        if (isExpired(token)) {
            toRemove.add(entry.getKey());
        } else if (isTokenMatched(token, client, sub)) {
            tokens.add(token);
        }
    }
    jwtAccessTokenCache.removeAll(toRemove);
    return tokens;
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) ArrayList(java.util.ArrayList) JoseJwtConsumer(org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer) HashSet(java.util.HashSet) Cache(javax.cache.Cache)

Aggregations

ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)41 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)19 Client (org.apache.cxf.rs.security.oauth2.common.Client)16 Test (org.junit.Test)16 OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)13 RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)12 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)10 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)9 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)6 ServerAuthorizationCodeGrant (org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)6 BearerAccessToken (org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)6 ByteArrayInputStream (java.io.ByteArrayInputStream)3 ArrayList (java.util.ArrayList)3 LinkedList (java.util.LinkedList)3 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3 Produces (javax.ws.rs.Produces)3 JoseJwtConsumer (org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)3 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)3 Ignore (org.junit.Ignore)3