Search in sources :

Example 51 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class JCacheOAuthDataProvider method getJwtAccessToken.

protected ServerAccessToken getJwtAccessToken(String key) {
    String jose = jwtAccessTokenCache.get(key);
    ServerAccessToken token = null;
    if (jose != null) {
        JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer;
        token = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this, super.getJwtAccessTokenClaimMap());
        if (isExpired(token)) {
            jwtAccessTokenCache.remove(key);
            token = null;
        }
    }
    return token;
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) JoseJwtConsumer(org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)

Example 52 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class AbstractImplicitGrantService method getClientAccessToken.

protected ClientAccessToken getClientAccessToken(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) {
    ServerAccessToken token = null;
    if (preAuthorizedToken == null) {
        AccessTokenRegistration reg = createTokenRegistration(state, client, requestedScope, approvedScope, userSubject);
        token = getDataProvider().createAccessToken(reg);
    } else {
        token = preAuthorizedToken;
        if (state.getNonce() != null) {
            JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, state.getNonce());
        }
    }
    ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters());
    processClientAccessToken(clientToken, token);
    return clientToken;
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)

Example 53 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class AbstractImplicitGrantService method prepareFormResponse.

protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) {
    ClientAccessToken clientToken = getClientAccessToken(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
    FormTokenResponse bean = new FormTokenResponse();
    bean.setResponseType(OAuthConstants.TOKEN_RESPONSE_TYPE);
    bean.setRedirectUri(state.getRedirectUri());
    bean.setState(state.getState());
    bean.setAccessToken(clientToken.getTokenKey());
    bean.setAccessTokenType(clientToken.getTokenType());
    bean.setAccessTokenExpiresIn(clientToken.getExpiresIn());
    bean.getParameters().putAll(clientToken.getParameters());
    return bean;
}
Also used : FormTokenResponse(org.apache.cxf.rs.security.oauth2.common.FormTokenResponse) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)

Example 54 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class AbstractImplicitGrantService method prepareRedirectResponse.

protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) {
    ClientAccessToken clientToken = getClientAccessToken(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
    // return the token by appending it as a fragment parameter to the redirect URI
    StringBuilder sb = getUriWithFragment(state.getRedirectUri());
    sb.append(OAuthConstants.ACCESS_TOKEN).append("=").append(clientToken.getTokenKey());
    sb.append("&");
    sb.append(OAuthConstants.ACCESS_TOKEN_TYPE).append("=").append(clientToken.getTokenType());
    if (isWriteOptionalParameters()) {
        sb.append("&").append(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN).append("=").append(clientToken.getExpiresIn());
        if (!StringUtils.isEmpty(clientToken.getApprovedScope())) {
            sb.append("&").append(OAuthConstants.SCOPE).append("=").append(HttpUtils.queryEncode(clientToken.getApprovedScope()));
        }
        for (Map.Entry<String, String> entry : clientToken.getParameters().entrySet()) {
            sb.append("&").append(entry.getKey()).append("=").append(HttpUtils.queryEncode(entry.getValue()));
        }
    }
    if (clientToken.getRefreshToken() != null) {
        processRefreshToken(sb, clientToken.getRefreshToken());
    }
    finalizeResponse(sb, state);
    return sb;
}
Also used : ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) Map(java.util.Map)

Example 55 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class AuthorizationCodeGrantService method createGrant.

protected Response createGrant(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preauthorizedToken) {
    // in this flow the code is still created, the preauthorized token
    // will be retrieved by the authorization code grant handler
    ServerAuthorizationCodeGrant grant = null;
    try {
        grant = getGrantRepresentation(state, client, requestedScope, approvedScope, userSubject, preauthorizedToken);
    } catch (OAuthServiceException ex) {
        return createErrorResponse(state.getState(), state.getRedirectUri(), OAuthConstants.ACCESS_DENIED);
    }
    String grantCode = processCodeGrant(client, grant.getCode(), grant.getSubject());
    if (state.getRedirectUri() == null) {
        OOBAuthorizationResponse bean = new OOBAuthorizationResponse();
        bean.setClientId(client.getClientId());
        bean.setClientDescription(client.getApplicationDescription());
        bean.setAuthorizationCode(grantCode);
        bean.setUserId(userSubject.getLogin());
        bean.setExpiresIn(grant.getExpiresIn());
        return deliverOOBResponse(bean);
    } else if (isFormResponse(state)) {
        FormAuthorizationResponse bean = new FormAuthorizationResponse();
        bean.setAuthorizationCode(grantCode);
        bean.setExpiresIn(grant.getExpiresIn());
        bean.setState(state.getState());
        bean.setRedirectUri(state.getRedirectUri());
        return createHtmlResponse(bean);
    } else {
        // return the code by appending it as a query parameter to the redirect URI
        UriBuilder ub = getRedirectUriBuilder(state.getState(), state.getRedirectUri());
        ub.queryParam(OAuthConstants.AUTHORIZATION_CODE_VALUE, grantCode);
        return Response.seeOther(ub.build()).build();
    }
}
Also used : OOBAuthorizationResponse(org.apache.cxf.rs.security.oauth2.common.OOBAuthorizationResponse) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) ServerAuthorizationCodeGrant(org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant) FormAuthorizationResponse(org.apache.cxf.rs.security.oauth2.common.FormAuthorizationResponse) UriBuilder(javax.ws.rs.core.UriBuilder)

Aggregations

ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)41 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)19 Client (org.apache.cxf.rs.security.oauth2.common.Client)16 Test (org.junit.Test)16 OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)13 RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)12 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)10 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)9 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)6 ServerAuthorizationCodeGrant (org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)6 BearerAccessToken (org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)6 ByteArrayInputStream (java.io.ByteArrayInputStream)3 ArrayList (java.util.ArrayList)3 LinkedList (java.util.LinkedList)3 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3 Produces (javax.ws.rs.Produces)3 JoseJwtConsumer (org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)3 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)3 Ignore (org.junit.Ignore)3