Example 6 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class JPAOAuthDataProviderTest method testAddGetDeleteAccessToken2.
@Test
public void testAddGetDeleteAccessToken2() {
Client c = addClient("102", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Collections.singletonList("a"));
atr.setSubject(c.getResourceOwnerSubject());
getProvider().createAccessToken(atr);
List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
getProvider().removeClient(c.getClientId());
tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(0, tokens.size());
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)
Test(org.junit.Test)
Example 7 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project meecrowave by apache.
the class JCacheConfigurer method doSetup.
public void doSetup(final OAuth2Options options) {
if (!options.getProvider().startsWith("jcache")) {
return;
}
provider = Caching.getCachingProvider();
final File file = new File(options.getJcacheConfigUri());
URI configFileURI = file.isFile() ? file.toURI() : null;
if (configFileURI == null) {
try {
configFileURI = getClasspathResourceURL(options.getJcacheConfigUri(), JCacheOAuthDataProvider.class, bus).toURI();
} catch (final Exception ex) {
configFileURI = provider.getDefaultURI();
}
}
cacheManager = provider.getCacheManager(configFileURI, Thread.currentThread().getContextClassLoader());
try {
cacheManager.createCache(JCacheOAuthDataProvider.CLIENT_CACHE_KEY, configure(new MutableConfiguration<String, Client>().setTypes(String.class, Client.class), options));
if (!options.isJcacheStoreJwtKeyOnly()) /* && options.isUseJwtFormatForAccessTokens()*/
{
cacheManager.createCache(JCacheOAuthDataProvider.ACCESS_TOKEN_CACHE_KEY, configure(new MutableConfiguration<String, ServerAccessToken>().setTypes(String.class, ServerAccessToken.class), options));
} else {
cacheManager.createCache(JCacheOAuthDataProvider.ACCESS_TOKEN_CACHE_KEY, configure(new MutableConfiguration<String, String>().setTypes(String.class, String.class), options));
}
cacheManager.createCache(JCacheOAuthDataProvider.REFRESH_TOKEN_CACHE_KEY, configure(new MutableConfiguration<String, RefreshToken>().setTypes(String.class, RefreshToken.class), options));
if (options.isAuthorizationCodeSupport()) {
cacheManager.createCache(JCacheCodeDataProvider.CODE_GRANT_CACHE_KEY, configure(new MutableConfiguration<String, ServerAuthorizationCodeGrant>().setTypes(String.class, ServerAuthorizationCodeGrant.class), options));
}
} catch (final CacheException ce) {
// already created
}
}
Also used :
CacheException(javax.cache.CacheException)
URI(java.net.URI)
CacheException(javax.cache.CacheException)
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)
ServerAuthorizationCodeGrant(org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
File(java.io.File)
Example 8 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class AbstractAccessTokenValidator method getAccessTokenValidation.
/**
* Get the access token
*/
protected AccessTokenValidation getAccessTokenValidation(String authScheme, String authSchemeData, MultivaluedMap<String, String> extraProps) {
if (dataProvider == null && tokenHandlers.isEmpty()) {
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
AccessTokenValidation accessTokenV = null;
if (maxValidationDataCacheSize > 0) {
accessTokenV = accessTokenValidations.get(authSchemeData);
}
ServerAccessToken localAccessToken = null;
if (accessTokenV == null) {
// Get the registered handler capable of processing the token
AccessTokenValidator handler = findTokenValidator(authScheme);
if (handler != null) {
try {
// Convert the HTTP Authorization scheme data into a token
accessTokenV = handler.validateAccessToken(getMessageContext(), authScheme, authSchemeData, extraProps);
} catch (RuntimeException ex) {
AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme), realm);
}
}
// Default processing if no registered providers available
if (accessTokenV == null && dataProvider != null && authScheme.equals(DEFAULT_AUTH_SCHEME)) {
try {
String cacheKey = authSchemeData;
if (!persistJwtEncoding) {
JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer;
JwtToken token = theConsumer.getJwtToken(authSchemeData);
cacheKey = token.getClaims().getTokenId();
}
localAccessToken = dataProvider.getAccessToken(cacheKey);
} catch (JwtException | OAuthServiceException ex) {
// to be handled next
}
if (localAccessToken == null) {
AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme), realm);
}
accessTokenV = new AccessTokenValidation(localAccessToken);
}
}
if (accessTokenV == null) {
AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
}
// Check if token is still valid
if (OAuthUtils.isExpired(accessTokenV.getTokenIssuedAt(), accessTokenV.getTokenLifetime())) {
if (localAccessToken != null) {
removeAccessToken(localAccessToken);
} else if (maxValidationDataCacheSize > 0) {
accessTokenValidations.remove(authSchemeData);
}
AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
}
// Check nbf property
if (accessTokenV.getTokenNotBefore() > 0 && accessTokenV.getTokenNotBefore() > System.currentTimeMillis() / 1000L) {
AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
}
if (maxValidationDataCacheSize > 0) {
if (accessTokenValidations.size() >= maxValidationDataCacheSize) {
// or delete the ones expiring sooner than others, etc
accessTokenValidations.clear();
}
accessTokenValidations.put(authSchemeData, accessTokenV);
}
return accessTokenV;
}
Also used :
AccessTokenValidator(org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator)
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
AccessTokenValidation(org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation)
JwtException(org.apache.cxf.rs.security.jose.jwt.JwtException)
JoseJwtConsumer(org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)
Example 9 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class AccessTokenService method handleTokenRequest.
/**
* Processes an access token request
* @param params the form parameters representing the access token grant
* @return Access Token or the error
*/
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("application/json")
public Response handleTokenRequest(MultivaluedMap<String, String> params) {
// Make sure the client is authenticated
Client client = authenticateClientIfNeeded(params);
if (!OAuthUtils.isGrantSupportedForClient(client, isCanSupportPublicClients(), params.getFirst(OAuthConstants.GRANT_TYPE))) {
LOG.log(Level.FINE, "The grant type {} is not supported for the client", params.getFirst(OAuthConstants.GRANT_TYPE));
return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT);
}
try {
checkAudience(client, params);
} catch (OAuthServiceException ex) {
return super.createErrorResponseFromBean(ex.getError());
}
// Find the grant handler
AccessTokenGrantHandler handler = findGrantHandler(params);
if (handler == null) {
LOG.fine("No Grant Handler found");
return createErrorResponse(params, OAuthConstants.UNSUPPORTED_GRANT_TYPE);
}
// Create the access token
final ServerAccessToken serverToken;
try {
serverToken = handler.createAccessToken(client, params);
} catch (WebApplicationException ex) {
throw ex;
} catch (RuntimeException ex) {
LOG.log(Level.FINE, "Error creating the access token", ex);
// This is done to bypass a Check-Style
// restriction on a number of return statements
OAuthServiceException oauthEx = ex instanceof OAuthServiceException ? (OAuthServiceException) ex : new OAuthServiceException(ex);
return handleException(oauthEx, OAuthConstants.INVALID_GRANT);
}
if (serverToken == null) {
LOG.fine("No access token was created");
return createErrorResponse(params, OAuthConstants.INVALID_GRANT);
}
// Extract the information to be of use for the client
ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(serverToken, isWriteOptionalParameters());
processClientAccessToken(clientToken, serverToken);
// Return it to the client
return Response.ok(clientToken).header(HttpHeaders.CACHE_CONTROL, "no-store").header("Pragma", "no-cache").build();
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
WebApplicationException(javax.ws.rs.WebApplicationException)
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
AccessTokenGrantHandler(org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler)
ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Example 10 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class TokenGrantHandlerTest method testComplexGrantSupported.
@Test
public void testComplexGrantSupported() {
ComplexGrantHandler handler = new ComplexGrantHandler(Arrays.asList("a", "b"));
handler.setDataProvider(new OAuthDataProviderImpl());
ServerAccessToken t = handler.createAccessToken(createClient("a"), createMap("a"));
assertTrue(t instanceof BearerAccessToken);
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
BearerAccessToken(org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)
Test(org.junit.Test)
Aggregations
ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)54
AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)24
Client (org.apache.cxf.rs.security.oauth2.common.Client)24
Test (org.junit.Test)21
OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)15
RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)15
UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)12
OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)11
BearerAccessToken (org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)7
ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)6
ServerAuthorizationCodeGrant (org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)6
JoseJwtConsumer (org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)5
JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)5
ArrayList (java.util.ArrayList)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
LinkedList (java.util.LinkedList)3
Map (java.util.Map)3
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)3
Ignore (org.junit.Ignore)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
