Examples with ServerAccessToken org.apache.cxf.rs.security.oauth2.common.ServerAccessToken used on opensource projects

Example 56 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class DirectAuthorizationService method authorize.

@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("text/html")
public Response authorize(MultivaluedMap<String, String> params) {
    SecurityContext sc = getAndValidateSecurityContext(params);
    Client client = getClient(params);
    // Create a UserSubject representing the end user
    UserSubject userSubject = createUserSubject(sc, params);
    AccessTokenRegistration reg = new AccessTokenRegistration();
    reg.setClient(client);
    reg.setGrantType(OAuthConstants.DIRECT_TOKEN_GRANT);
    reg.setSubject(userSubject);
    String providedScope = params.getFirst(OAuthConstants.SCOPE);
    List<String> requestedScope = OAuthUtils.getRequestedScopes(client, providedScope, useAllClientScopes, partialMatchScopeValidation);
    reg.setRequestedScope(requestedScope);
    reg.setApprovedScope(requestedScope);
    ServerAccessToken token = getDataProvider().createAccessToken(reg);
    ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters());
    return Response.ok(clientToken).build();
}

Example 57 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class HawkAccessTokenValidator method getAccessTokenValidation.

protected AccessTokenValidation getAccessTokenValidation(MessageContext mc, String authScheme, String authSchemeData, MultivaluedMap<String, String> extraProps, Map<String, String> schemeParams) {
    String macKey = schemeParams.get(OAuthConstants.HAWK_TOKEN_ID);
    ServerAccessToken accessToken = dataProvider.getAccessToken(macKey);
    if (!(accessToken instanceof HawkAccessToken)) {
        throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
    }
    HawkAccessToken macAccessToken = (HawkAccessToken) accessToken;
    AccessTokenValidation atv = new AccessTokenValidation(macAccessToken);
    // OAuth2 Pop token introspection will likely support returning a JWE-encrypted key
    if (!isRemoteSignatureValidation() || mc.getSecurityContext().isSecure()) {
        atv.getExtraProps().put(OAuthConstants.HAWK_TOKEN_KEY, macAccessToken.getMacKey());
        atv.getExtraProps().put(OAuthConstants.HAWK_TOKEN_ALGORITHM, macAccessToken.getMacAlgorithm());
    }
    return atv;
}

Example 58 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class JwtTokenUtils method createAccessTokenFromJwt.

public static ServerAccessToken createAccessTokenFromJwt(JoseJwtConsumer consumer, String jose, ClientRegistrationProvider clientProvider, Map<String, String> claimsMap) {
    JwtClaims claims = consumer.getJwtToken(jose).getClaims();
    // 'client_id' or 'cid', default client_id
    String clientIdClaimName = JwtTokenUtils.getClaimName(OAuthConstants.CLIENT_ID, OAuthConstants.CLIENT_ID, claimsMap);
    String clientId = claims.getStringProperty(clientIdClaimName);
    Client c = clientProvider.getClient(clientId);
    long issuedAt = claims.getIssuedAt();
    long lifetime = claims.getExpiryTime() - issuedAt;
    BearerAccessToken at = new BearerAccessToken(c, jose, lifetime, issuedAt);
    List<String> audiences = claims.getAudiences();
    if (audiences != null && !audiences.isEmpty()) {
        at.setAudiences(claims.getAudiences());
    }
    String issuer = claims.getIssuer();
    if (issuer != null) {
        at.setIssuer(issuer);
    }
    Object scope = claims.getClaim(OAuthConstants.SCOPE);
    if (scope != null) {
        String[] scopes = scope instanceof String ? scope.toString().split(" ") : CastUtils.cast((List<?>) scope).toArray(new String[] {});
        List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
        for (String s : scopes) {
            if (!StringUtils.isEmpty(s)) {
                perms.add(new OAuthPermission(s.trim()));
            }
        }
        at.setScopes(perms);
    }
    final String usernameProp = "username";
    String usernameClaimName = JwtTokenUtils.getClaimName(usernameProp, usernameProp, claimsMap);
    String username = claims.getStringProperty(usernameClaimName);
    String subject = claims.getSubject();
    if (username != null) {
        UserSubject userSubject = new UserSubject(username);
        if (subject != null) {
            userSubject.setId(subject);
        }
        at.setSubject(userSubject);
    } else if (subject != null) {
        at.setSubject(new UserSubject(subject));
    }
    String grantType = claims.getStringProperty(OAuthConstants.GRANT_TYPE);
    if (grantType != null) {
        at.setGrantType(grantType);
    }
    String grantCode = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_GRANT);
    if (grantCode != null) {
        at.setGrantCode(grantCode);
    }
    String codeVerifier = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
    if (codeVerifier != null) {
        at.setClientCodeVerifier(codeVerifier);
    }
    String nonce = claims.getStringProperty(OAuthConstants.NONCE);
    if (nonce != null) {
        at.setNonce(nonce);
    }
    Map<String, String> extraProperties = CastUtils.cast((Map<?, ?>) claims.getClaim("extra_properties"));
    if (extraProperties != null) {
        at.getExtraProperties().putAll(extraProperties);
        Map<String, Object> cnfClaim = CastUtils.cast((Map<?, ?>) claims.getClaim(JwtConstants.CLAIM_CONFIRMATION));
        if (cnfClaim != null) {
            Object certCnf = cnfClaim.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256);
            if (certCnf != null) {
                at.getExtraProperties().put(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, certCnf.toString());
            }
        }
    }
    return at;
}

Example 59 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class OAuthUtils method toClientAccessToken.

public static ClientAccessToken toClientAccessToken(ServerAccessToken serverToken, boolean supportOptionalParams) {
    ClientAccessToken clientToken = new ClientAccessToken(serverToken.getTokenType(), serverToken.getTokenKey());
    clientToken.setRefreshToken(serverToken.getRefreshToken());
    if (supportOptionalParams) {
        clientToken.setExpiresIn(serverToken.getExpiresIn());
        List<OAuthPermission> perms = serverToken.getScopes();
        String scopeString = OAuthUtils.convertPermissionsToScope(perms);
        if (!StringUtils.isEmpty(scopeString)) {
            clientToken.setApprovedScope(scopeString);
        }
        clientToken.setParameters(new HashMap<String, String>(serverToken.getParameters()));
    }
    return clientToken;
}

Example 60 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class ModelEncryptionSupport method recreateRefreshToken.

public static RefreshToken recreateRefreshToken(OAuthDataProvider provider, String newTokenKey, String decryptedSequence) throws SecurityException {
    String[] parts = getParts(decryptedSequence);
    ServerAccessToken token = recreateAccessToken(provider, newTokenKey, parts);
    return new RefreshToken(token, newTokenKey, parseSimpleList(parts[parts.length - 1]));
}