Search in sources :

Example 66 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class JCacheOAuthDataProvider method getJwtAccessTokens.

protected List<ServerAccessToken> getJwtAccessTokens(Client client, UserSubject sub) {
    final Set<String> toRemove = new HashSet<>();
    final List<ServerAccessToken> tokens = new ArrayList<>();
    for (Iterator<Cache.Entry<String, String>> it = jwtAccessTokenCache.iterator(); it.hasNext(); ) {
        Cache.Entry<String, String> entry = it.next();
        String jose = entry.getValue();
        JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer;
        ServerAccessToken token = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this, super.getJwtAccessTokenClaimMap());
        if (isExpired(token)) {
            toRemove.add(entry.getKey());
        } else if (isTokenMatched(token, client, sub)) {
            tokens.add(token);
        }
    }
    jwtAccessTokenCache.removeAll(toRemove);
    return tokens;
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) ArrayList(java.util.ArrayList) JoseJwtConsumer(org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer) HashSet(java.util.HashSet) Cache(javax.cache.Cache)

Example 67 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class JCacheOAuthDataProvider method getJwtAccessToken.

protected ServerAccessToken getJwtAccessToken(String key) {
    String jose = jwtAccessTokenCache.get(key);
    ServerAccessToken token = null;
    if (jose != null) {
        JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer;
        token = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this, super.getJwtAccessTokenClaimMap());
        if (isExpired(token)) {
            jwtAccessTokenCache.remove(key);
            token = null;
        }
    }
    return token;
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) JoseJwtConsumer(org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)

Example 68 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class JPAOAuthDataProvider method saveAccessToken.

protected void saveAccessToken(final ServerAccessToken serverToken) {
    executeInTransaction(em -> {
        List<OAuthPermission> perms = new LinkedList<>();
        for (OAuthPermission perm : serverToken.getScopes()) {
            OAuthPermission permSaved = em.find(OAuthPermission.class, perm.getPermission());
            if (permSaved != null) {
                perms.add(permSaved);
            } else {
                em.persist(perm);
                perms.add(perm);
            }
        }
        serverToken.setScopes(perms);
        if (serverToken.getSubject() != null) {
            UserSubject sub = em.find(UserSubject.class, serverToken.getSubject().getId());
            if (sub == null) {
                em.persist(serverToken.getSubject());
            } else {
                sub = em.merge(serverToken.getSubject());
                serverToken.setSubject(sub);
            }
        }
        // (needed for OpenJPA : InvalidStateException: Encountered unmanaged object)
        if (serverToken.getClient() != null) {
            serverToken.setClient(em.find(Client.class, serverToken.getClient().getClientId()));
        }
        em.persist(serverToken);
        return null;
    });
}
Also used : OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission) UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) Client(org.apache.cxf.rs.security.oauth2.common.Client) LinkedList(java.util.LinkedList)

Example 69 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class AbstractOAuthDataProvider method handleLinkedRefreshToken.

protected void handleLinkedRefreshToken(Client client, ServerAccessToken accessToken) {
    if (accessToken != null && accessToken.getRefreshToken() != null) {
        RefreshToken rt = getRefreshToken(accessToken.getRefreshToken());
        if (rt == null) {
            return;
        }
        unlinkRefreshAccessToken(rt, accessToken.getTokenKey());
        if (rt.getAccessTokens().isEmpty()) {
            revokeRefreshToken(client, rt.getTokenKey());
        } else {
            saveRefreshToken(rt);
        }
    }
}
Also used : RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)

Example 70 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class AbstractOAuthDataProvider method refreshAccessToken.

@Override
public ServerAccessToken refreshAccessToken(Client client, String refreshTokenKey, List<String> restrictedScopes) throws OAuthServiceException {
    RefreshToken currentRefreshToken = recycleRefreshTokens ? revokeRefreshToken(client, refreshTokenKey) : getRefreshToken(refreshTokenKey);
    if (currentRefreshToken == null) {
        throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
    }
    if (OAuthUtils.isExpired(currentRefreshToken.getIssuedAt(), currentRefreshToken.getExpiresIn())) {
        if (!recycleRefreshTokens) {
            revokeRefreshToken(client, refreshTokenKey);
        }
        throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
    }
    if (recycleRefreshTokens) {
        revokeAccessTokens(client, currentRefreshToken);
    }
    ServerAccessToken at = doRefreshAccessToken(client, currentRefreshToken, restrictedScopes);
    saveAccessToken(at);
    if (recycleRefreshTokens) {
        createNewRefreshToken(at);
    } else {
        updateExistingRefreshToken(currentRefreshToken, at);
    }
    return at;
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)

Aggregations

ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)54 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)24 Client (org.apache.cxf.rs.security.oauth2.common.Client)24 Test (org.junit.Test)21 OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)15 RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)15 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)12 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)11 BearerAccessToken (org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)7 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)6 ServerAuthorizationCodeGrant (org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)6 JoseJwtConsumer (org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)5 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)5 ArrayList (java.util.ArrayList)4 ByteArrayInputStream (java.io.ByteArrayInputStream)3 LinkedList (java.util.LinkedList)3 Map (java.util.Map)3 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)3 Ignore (org.junit.Ignore)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2