Examples with TokenIntrospection org.apache.cxf.rs.security.oauth2.common.TokenIntrospection used on opensource projects

Example 1 with TokenIntrospection

use of org.apache.cxf.rs.security.oauth2.common.TokenIntrospection in project cxf by apache.

the class AccessTokenIntrospectionClient method convertIntrospectionToValidation.

private AccessTokenValidation convertIntrospectionToValidation(TokenIntrospection response) {
    AccessTokenValidation atv = new AccessTokenValidation();
    atv.setInitialValidationSuccessful(response.isActive());
    if (response.getClientId() != null) {
        atv.setClientId(response.getClientId());
    }
    if (response.getIat() != null) {
        atv.setTokenIssuedAt(response.getIat());
    } else {
        Instant now = Instant.now();
        atv.setTokenIssuedAt(now.toEpochMilli());
    }
    if (response.getExp() != null) {
        atv.setTokenLifetime(response.getExp() - atv.getTokenIssuedAt());
    }
    if (!StringUtils.isEmpty(response.getAud())) {
        atv.setAudiences(response.getAud());
    }
    if (response.getIss() != null) {
        atv.setTokenIssuer(response.getIss());
    }
    if (response.getScope() != null) {
        String[] scopes = response.getScope().split(" ");
        List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
        for (String s : scopes) {
            if (!StringUtils.isEmpty(s)) {
                perms.add(new OAuthPermission(s.trim()));
            }
        }
        atv.setTokenScopes(perms);
    }
    if (response.getUsername() != null) {
        atv.setTokenSubject(new UserSubject(response.getUsername()));
    }
    atv.getExtraProps().putAll(response.getExtensions());
    return atv;
}

Example 2 with TokenIntrospection

use of org.apache.cxf.rs.security.oauth2.common.TokenIntrospection in project cxf by apache.

the class OAuthJSONProvider method fromMapToTokenIntrospection.

private Object fromMapToTokenIntrospection(InputStream is) throws IOException {
    TokenIntrospection resp = new TokenIntrospection();
    Map<String, Object> params = new JsonMapObjectReaderWriter().fromJson(is);
    resp.setActive((Boolean) params.get("active"));
    String clientId = (String) params.get(OAuthConstants.CLIENT_ID);
    if (clientId != null) {
        resp.setClientId(clientId);
    }
    String username = (String) params.get("username");
    if (username != null) {
        resp.setUsername(username);
    }
    String scope = (String) params.get(OAuthConstants.SCOPE);
    if (scope != null) {
        resp.setScope(scope);
    }
    String tokenType = (String) params.get(OAuthConstants.ACCESS_TOKEN_TYPE);
    if (tokenType != null) {
        resp.setTokenType(tokenType);
    }
    Object aud = params.get("aud");
    if (aud != null) {
        if (aud.getClass() == String.class) {
            resp.setAud(Collections.singletonList((String) aud));
        } else {
            @SuppressWarnings("unchecked") List<String> auds = (List<String>) aud;
            resp.setAud(auds);
        }
    }
    String iss = (String) params.get("iss");
    if (iss != null) {
        resp.setIss(iss);
    }
    Long iat = (Long) params.get("iat");
    if (iat != null) {
        resp.setIat(iat);
    }
    Long exp = (Long) params.get("exp");
    if (exp != null) {
        resp.setExp(exp);
    }
    Map<String, Object> cnf = CastUtils.cast((Map<?, ?>) params.get("cnf"));
    if (cnf != null) {
        String thumbprint = (String) cnf.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256);
        if (thumbprint != null) {
            resp.getExtensions().put(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, thumbprint);
        }
    }
    return resp;
}

Example 3 with TokenIntrospection

use of org.apache.cxf.rs.security.oauth2.common.TokenIntrospection in project cxf by apache.

the class TokenIntrospectionService method getTokenIntrospection.

@POST
@Produces({ MediaType.APPLICATION_JSON })
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public TokenIntrospection getTokenIntrospection(@Encoded MultivaluedMap<String, String> params) {
    checkSecurityContext();
    String tokenId = params.getFirst(OAuthConstants.TOKEN_ID);
    ServerAccessToken at = dataProvider.getAccessToken(tokenId);
    if (at == null || OAuthUtils.isExpired(at.getIssuedAt(), at.getExpiresIn())) {
        return new TokenIntrospection(false);
    }
    TokenIntrospection response = new TokenIntrospection(true);
    response.setClientId(at.getClient().getClientId());
    if (!at.getScopes().isEmpty()) {
        response.setScope(OAuthUtils.convertPermissionsToScope(at.getScopes()));
    }
    UserSubject userSubject = at.getSubject();
    if (userSubject != null) {
        response.setUsername(at.getSubject().getLogin());
        if (userSubject.getId() != null) {
            response.setSub(userSubject.getId());
        }
    }
    if (!StringUtils.isEmpty(at.getAudiences())) {
        response.setAud(at.getAudiences());
    }
    if (at.getIssuer() != null) {
        response.setIss(at.getIssuer());
    }
    response.setIat(at.getIssuedAt());
    if (at.getExpiresIn() > 0) {
        response.setExp(at.getIssuedAt() + at.getExpiresIn());
    }
    response.setTokenType(at.getTokenType());
    if (reportExtraTokenProperties) {
        response.getExtensions().putAll(at.getExtraProperties());
    }
    return response;
}

Example 4 with TokenIntrospection

use of org.apache.cxf.rs.security.oauth2.common.TokenIntrospection in project cxf by apache.

the class OAuthJSONProviderTest method testReadTokenIntrospectionMultipleAuds.

@Test
@SuppressWarnings({ "unchecked", "rawtypes" })
public void testReadTokenIntrospectionMultipleAuds() throws Exception {
    String response = "{\"active\":true,\"client_id\":\"WjcK94pnec7CyA\",\"username\":\"alice\",\"token_type\":\"Bearer\"" + ",\"scope\":\"a\",\"aud\":[\"https://localhost:8082/service\",\"https://localhost:8083/service\"]," + "\"iat\":1453472181,\"exp\":1453475781}";
    OAuthJSONProvider provider = new OAuthJSONProvider();
    TokenIntrospection t = (TokenIntrospection) provider.readFrom((Class) TokenIntrospection.class, TokenIntrospection.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, String>(), new ByteArrayInputStream(response.getBytes()));
    assertTrue(t.isActive());
    assertEquals("WjcK94pnec7CyA", t.getClientId());
    assertEquals("alice", t.getUsername());
    assertEquals("a", t.getScope());
    assertEquals(2, t.getAud().size());
    assertEquals("https://localhost:8082/service", t.getAud().get(0));
    assertEquals("https://localhost:8083/service", t.getAud().get(1));
    assertEquals(1453472181L, t.getIat().longValue());
    assertEquals(1453475781L, t.getExp().longValue());
}

Example 5 with TokenIntrospection

use of org.apache.cxf.rs.security.oauth2.common.TokenIntrospection in project cxf by apache.

the class IntrospectionServiceTest method testRefreshedToken.

@org.junit.Test
public void testRefreshedToken() throws Exception {
    URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Authorization Code
    String code = OAuth2TestUtils.getAuthorizationCode(client);
    assertNotNull(code);
    // Now get the access token
    client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
    assertNotNull(accessToken.getTokenKey());
    assertNotNull(accessToken.getRefreshToken());
    String originalAccessToken = accessToken.getTokenKey();
    // Refresh the access token
    client.type("application/x-www-form-urlencoded").accept("application/json");
    Form form = new Form();
    form.param("grant_type", "refresh_token");
    form.param("refresh_token", accessToken.getRefreshToken());
    form.param("client_id", "consumer-id");
    Response response = client.post(form);
    accessToken = response.readEntity(ClientAccessToken.class);
    assertNotNull(accessToken.getTokenKey());
    assertNotNull(accessToken.getRefreshToken());
    // Now query the token introspection service
    client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
    client.accept("application/json").type("application/x-www-form-urlencoded");
    // Refreshed token should be ok
    form = new Form();
    form.param("token", accessToken.getTokenKey());
    client.path("introspect/");
    response = client.post(form);
    TokenIntrospection tokenIntrospection = response.readEntity(TokenIntrospection.class);
    assertEquals(tokenIntrospection.isActive(), true);
    // Original token should not be ok
    form = new Form();
    form.param("token", originalAccessToken);
    response = client.post(form);
    tokenIntrospection = response.readEntity(TokenIntrospection.class);
    assertEquals(tokenIntrospection.isActive(), false);
}