Search in sources :

Example 6 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class JPAOAuthDataProviderTest method testAddGetDeleteAccessToken2.

@Test
public void testAddGetDeleteAccessToken2() {
    Client c = addClient("102", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Collections.singletonList("a"));
    atr.setSubject(c.getResourceOwnerSubject());
    getProvider().createAccessToken(atr);
    List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    getProvider().removeClient(c.getClientId());
    tokens = getProvider().getAccessTokens(c, null);
    assertNotNull(tokens);
    assertEquals(0, tokens.size());
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Test(org.junit.Test)

Example 7 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project meecrowave by apache.

the class JCacheConfigurer method doSetup.

public void doSetup(final OAuth2Options options) {
    if (!options.getProvider().startsWith("jcache")) {
        return;
    }
    provider = Caching.getCachingProvider();
    final File file = new File(options.getJcacheConfigUri());
    URI configFileURI = file.isFile() ? file.toURI() : null;
    if (configFileURI == null) {
        try {
            configFileURI = getClasspathResourceURL(options.getJcacheConfigUri(), JCacheOAuthDataProvider.class, bus).toURI();
        } catch (final Exception ex) {
            configFileURI = provider.getDefaultURI();
        }
    }
    cacheManager = provider.getCacheManager(configFileURI, Thread.currentThread().getContextClassLoader());
    try {
        cacheManager.createCache(JCacheOAuthDataProvider.CLIENT_CACHE_KEY, configure(new MutableConfiguration<String, Client>().setTypes(String.class, Client.class), options));
        if (!options.isJcacheStoreJwtKeyOnly()) /* && options.isUseJwtFormatForAccessTokens()*/
        {
            cacheManager.createCache(JCacheOAuthDataProvider.ACCESS_TOKEN_CACHE_KEY, configure(new MutableConfiguration<String, ServerAccessToken>().setTypes(String.class, ServerAccessToken.class), options));
        } else {
            cacheManager.createCache(JCacheOAuthDataProvider.ACCESS_TOKEN_CACHE_KEY, configure(new MutableConfiguration<String, String>().setTypes(String.class, String.class), options));
        }
        cacheManager.createCache(JCacheOAuthDataProvider.REFRESH_TOKEN_CACHE_KEY, configure(new MutableConfiguration<String, RefreshToken>().setTypes(String.class, RefreshToken.class), options));
        if (options.isAuthorizationCodeSupport()) {
            cacheManager.createCache(JCacheCodeDataProvider.CODE_GRANT_CACHE_KEY, configure(new MutableConfiguration<String, ServerAuthorizationCodeGrant>().setTypes(String.class, ServerAuthorizationCodeGrant.class), options));
        }
    } catch (final CacheException ce) {
    // already created
    }
}
Also used : CacheException(javax.cache.CacheException) URI(java.net.URI) CacheException(javax.cache.CacheException) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken) ServerAuthorizationCodeGrant(org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant) Client(org.apache.cxf.rs.security.oauth2.common.Client) File(java.io.File)

Example 8 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class AbstractAccessTokenValidator method getAccessTokenValidation.

/**
 * Get the access token
 */
protected AccessTokenValidation getAccessTokenValidation(String authScheme, String authSchemeData, MultivaluedMap<String, String> extraProps) {
    if (dataProvider == null && tokenHandlers.isEmpty()) {
        throw ExceptionUtils.toInternalServerErrorException(null, null);
    }
    AccessTokenValidation accessTokenV = null;
    if (maxValidationDataCacheSize > 0) {
        accessTokenV = accessTokenValidations.get(authSchemeData);
    }
    ServerAccessToken localAccessToken = null;
    if (accessTokenV == null) {
        // Get the registered handler capable of processing the token
        AccessTokenValidator handler = findTokenValidator(authScheme);
        if (handler != null) {
            try {
                // Convert the HTTP Authorization scheme data into a token
                accessTokenV = handler.validateAccessToken(getMessageContext(), authScheme, authSchemeData, extraProps);
            } catch (RuntimeException ex) {
                AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme), realm);
            }
        }
        // Default processing if no registered providers available
        if (accessTokenV == null && dataProvider != null && authScheme.equals(DEFAULT_AUTH_SCHEME)) {
            try {
                String cacheKey = authSchemeData;
                if (!persistJwtEncoding) {
                    JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer;
                    JwtToken token = theConsumer.getJwtToken(authSchemeData);
                    cacheKey = token.getClaims().getTokenId();
                }
                localAccessToken = dataProvider.getAccessToken(cacheKey);
            } catch (JwtException | OAuthServiceException ex) {
            // to be handled next
            }
            if (localAccessToken == null) {
                AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme), realm);
            }
            accessTokenV = new AccessTokenValidation(localAccessToken);
        }
    }
    if (accessTokenV == null) {
        AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
    }
    // Check if token is still valid
    if (OAuthUtils.isExpired(accessTokenV.getTokenIssuedAt(), accessTokenV.getTokenLifetime())) {
        if (localAccessToken != null) {
            removeAccessToken(localAccessToken);
        } else if (maxValidationDataCacheSize > 0) {
            accessTokenValidations.remove(authSchemeData);
        }
        AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
    }
    // Check nbf property
    if (accessTokenV.getTokenNotBefore() > 0 && accessTokenV.getTokenNotBefore() > System.currentTimeMillis() / 1000L) {
        AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
    }
    if (maxValidationDataCacheSize > 0) {
        if (accessTokenValidations.size() >= maxValidationDataCacheSize) {
            // or delete the ones expiring sooner than others, etc
            accessTokenValidations.clear();
        }
        accessTokenValidations.put(authSchemeData, accessTokenV);
    }
    return accessTokenV;
}
Also used : AccessTokenValidator(org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) AccessTokenValidation(org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation) JwtException(org.apache.cxf.rs.security.jose.jwt.JwtException) JoseJwtConsumer(org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)

Example 9 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class AccessTokenService method handleTokenRequest.

/**
 * Processes an access token request
 * @param params the form parameters representing the access token grant
 * @return Access Token or the error
 */
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("application/json")
public Response handleTokenRequest(MultivaluedMap<String, String> params) {
    // Make sure the client is authenticated
    Client client = authenticateClientIfNeeded(params);
    if (!OAuthUtils.isGrantSupportedForClient(client, isCanSupportPublicClients(), params.getFirst(OAuthConstants.GRANT_TYPE))) {
        LOG.log(Level.FINE, "The grant type {} is not supported for the client", params.getFirst(OAuthConstants.GRANT_TYPE));
        return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT);
    }
    try {
        checkAudience(client, params);
    } catch (OAuthServiceException ex) {
        return super.createErrorResponseFromBean(ex.getError());
    }
    // Find the grant handler
    AccessTokenGrantHandler handler = findGrantHandler(params);
    if (handler == null) {
        LOG.fine("No Grant Handler found");
        return createErrorResponse(params, OAuthConstants.UNSUPPORTED_GRANT_TYPE);
    }
    // Create the access token
    final ServerAccessToken serverToken;
    try {
        serverToken = handler.createAccessToken(client, params);
    } catch (WebApplicationException ex) {
        throw ex;
    } catch (RuntimeException ex) {
        LOG.log(Level.FINE, "Error creating the access token", ex);
        // This is done to bypass a Check-Style
        // restriction on a number of return statements
        OAuthServiceException oauthEx = ex instanceof OAuthServiceException ? (OAuthServiceException) ex : new OAuthServiceException(ex);
        return handleException(oauthEx, OAuthConstants.INVALID_GRANT);
    }
    if (serverToken == null) {
        LOG.fine("No access token was created");
        return createErrorResponse(params, OAuthConstants.INVALID_GRANT);
    }
    // Extract the information to be of use for the client
    ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(serverToken, isWriteOptionalParameters());
    processClientAccessToken(clientToken, serverToken);
    // Return it to the client
    return Response.ok(clientToken).header(HttpHeaders.CACHE_CONTROL, "no-store").header("Pragma", "no-cache").build();
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) WebApplicationException(javax.ws.rs.WebApplicationException) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) AccessTokenGrantHandler(org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 10 with ServerAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.

the class TokenGrantHandlerTest method testComplexGrantSupported.

@Test
public void testComplexGrantSupported() {
    ComplexGrantHandler handler = new ComplexGrantHandler(Arrays.asList("a", "b"));
    handler.setDataProvider(new OAuthDataProviderImpl());
    ServerAccessToken t = handler.createAccessToken(createClient("a"), createMap("a"));
    assertTrue(t instanceof BearerAccessToken);
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) BearerAccessToken(org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken) Test(org.junit.Test)

Aggregations

ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)54 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)24 Client (org.apache.cxf.rs.security.oauth2.common.Client)24 Test (org.junit.Test)21 OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)15 RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)15 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)12 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)11 BearerAccessToken (org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)7 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)6 ServerAuthorizationCodeGrant (org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)6 JoseJwtConsumer (org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)5 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)5 ArrayList (java.util.ArrayList)4 ByteArrayInputStream (java.io.ByteArrayInputStream)3 LinkedList (java.util.LinkedList)3 Map (java.util.Map)3 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)3 Ignore (org.junit.Ignore)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2